Privacy Policy

This Privacy Policy describes how J0y Inc. (“J0y,” “Company,” “we,” “us,” or “our”) collects, uses, stores, processes, discloses, and protects information in connection with your access to and use of the J0y software products, hosted services, APIs, downloadable software development kits, mobile applications, websites, source code components, forms systems, integrations, documentation, and related technologies and services (collectively, the “Services”).

J0y operates in different capacities depending upon the nature of the information involved. With respect to account registration information, billing information, marketing communications, and information relating to operation of the J0y business, J0y generally acts as a data controller. With respect to personal data processed through the Services on behalf of customers, J0y generally acts as a processor, service provider, or similar intermediary acting on behalf of the applicable customer. In such cases, the customer is responsible for providing required privacy notices and obtaining required consents from its end users.

By accessing, downloading, installing, registering for, integrating with, subscribing to, or otherwise using the Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, disclosure, storage, and processing of information as described herein. If you do not agree to this Privacy Policy, you may not access or use the Services.

1.         RELATIONSHIP TO TERMS OF USE

This Privacy Policy is incorporated into and governed by the J0y Terms of Use Agreement. Capitalized terms not otherwise defined herein shall have the meanings assigned in the Terms of Use.

2.         DATA PROCESSING ADDENDUM

Customers who use the Services to process personal data may be subject to the J0y Data Processing Addendum ("DPA"), which is incorporated herein by reference. The DPA addresses GDPR Article 28 obligations, international transfer mechanisms, subprocessor requirements, security commitments, and related matters.

3.         INFORMATION WE COLLECT 

We may collect information that you voluntarily provide to us, information automatically collected through your use of the Services, information received from third parties, and information generated through operation of the Services.

The information we collect may include your name, company name, email address, mailing address, billing address, telephone number, account credentials, payment-related information, subscription information, authentication information, communications with us, support requests, uploaded files, forms data, API usage information, SDK integration information, device information, browser information, operating system information, IP address, unique device identifiers, mobile carrier information, usage activity, access times, referring URLs, location information, log data, diagnostic data, analytics data, crash reports, performance metrics, cookies, and similar technical information.

We may also collect User Content and data uploaded, transmitted, processed, stored, submitted, or generated through the Services.

For residents of California and other applicable U.S. states, the categories of personal information collected during the preceding twelve (12) months may include:

(a) identifiers;

(b) customer records information;

(c) commercial information;

(d) internet or network activity information;

(e) geolocation information;

(f) professional or employment-related information;

(g) audio, visual, or electronic information;

(h) inferences drawn from collected information; and

(i) sensitive personal information where voluntarily provided by customers or users.

We may obtain information directly from you, from your organization, from your use of the Services, from integrations and connected applications, from service providers, from publicly available sources, and from third parties authorized to provide information to us.

4.         HOW WE USE INFORMATION

We may use information collected through the Services for purposes including providing, operating, maintaining, supporting, securing, improving, analyzing, and developing the Services, authenticating users, processing transactions, managing subscriptions, providing customer support, communicating with you, responding to requests, monitoring usage, enforcing our agreements and policies, detecting fraud or abuse, maintaining system security, generating analytics, conducting internal research and development, complying with legal obligations, protecting our rights and interests, and otherwise operating our business.

We may also use information to personalize your experience, provide onboarding services, manage integrations, facilitate SDK and API functionality, improve performance, troubleshoot technical issues, perform backups and disaster recovery, and administer accounts.

Unless expressly stated otherwise in writing, J0y does not use User Content submitted through paid subscription plans to train publicly available artificial intelligence or machine-learning models. J0y may use aggregated, anonymized, de-identified, and statistical information derived from operation of the Services for analytics, security, performance monitoring, research, service improvement, and product development purposes.

Where applicable under the GDPR and similar laws, J0y processes personal information based upon one or more of the following legal grounds:

(a) performance of a contract;

(b) compliance with legal obligations;

(c) legitimate business interests;

(d) consent;

(e) protection of vital interests; and

(f) other lawful bases recognized under applicable law.

5.         COMMUNICATIONS

By using the Services or providing contact information to us, you consent to receive communications from J0y relating to the Services, your account, transactions, updates, operational notices, technical notices, administrative messages, customer support, security alerts, legal notices, and promotional or marketing communications to the extent permitted by applicable law. You may opt out of certain marketing communications; however, you may not opt out of service-related, legal, administrative, security, or transactional communications.

6.         COOKIES AND TRACKING TECHNOLOGIES

We may use cookies, web beacons, local storage objects, analytics technologies, SDK telemetry, and similar tracking technologies to collect and store information regarding your interaction with the Services. These technologies may be used to authenticate users, maintain sessions, remember preferences, analyze traffic patterns, improve functionality, monitor performance, detect fraud, secure the Services, and personalize content and user experiences.

Depending upon your jurisdiction, certain non-essential cookies and tracking technologies may be deployed only after obtaining your consent. J0y may utilize a consent management platform that permits users to accept, reject, or customize non-essential cookies. Additional information regarding cookies and tracking technologies is available in the J0y Cookie Notice.

7.         SDK, API, AND TECHNICAL DATA

When you use SDKs, APIs, integrations, or developer tools provided by J0y, we may collect technical and operational information relating to SDK and API usage, including integration identifiers, authentication tokens, request metadata, performance data, error logs, usage statistics, system diagnostics, rate limit activity, device information, and related telemetry necessary to provide, secure, monitor, maintain, and improve the Services.

Certain SDK telemetry features may be configurable, disabled, or limited by developers depending upon the SDK version, configuration settings, and applicable documentation. Additional information regarding SDK telemetry controls is available in the developer documentation.

8.         PAYMENT INFORMATION

Payment processing services may be provided by third-party payment processors. J0y does not store complete credit card numbers or full payment account information on its systems. Payment information submitted in connection with Subscription Plans may be processed and stored by authorized third-party payment providers in accordance with their own terms and privacy policies.

9.         HOW WE SHARE INFORMATION

We may share information with our affiliates, subsidiaries, contractors, service providers, hosting providers, analytics providers, payment processors, integration partners, support providers, professional advisors, auditors, insurers, legal counsel, law enforcement authorities, government agencies, or other third parties as reasonably necessary to operate the Services, perform business functions, comply with legal obligations, enforce our agreements, protect rights and security, investigate violations, prevent fraud or abuse, or in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or other corporate transaction.

We may also disclose information where we reasonably believe disclosure is required by law, subpoena, court order, governmental request, regulation, or legal process. We may use and disclose aggregated, anonymized, or de-identified information for analytics, research, operational, commercial, security, or development purposes.

J0y may engage subprocessors and service providers to assist in providing the Services. A current list of significant subprocessors may be maintained at www.j0y.com/subprocessors or another location designated by J0y. J0y may update such subprocessors from time to time.

J0y does not sell personal information for monetary consideration. J0y does not share personal information for cross-context behavioral advertising except as expressly disclosed in this Privacy Policy or as permitted by applicable law.

10.       USER CONTENT 

You retain ownership of User Content submitted through the Services. However, by submitting User Content, you grant J0y the rights necessary to host, process, transmit, store, reproduce, analyze, display, modify, and otherwise use User Content solely for purposes of operating, providing, maintaining, securing, improving, and supporting the Services and complying with applicable law. You are solely responsible for ensuring that your collection, upload, processing, storage, and use of User Content complies with all applicable laws, regulations, and third-party rights.

When Customer submits User Content containing personal information of third parties, Customer is responsible for providing all required privacy notices, obtaining all necessary consents, and ensuring that Customer possesses all rights required to submit such information through the Services.

11.       DATA RETENTION

We may retain information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, enforce agreements, maintain security, prevent fraud or abuse, conduct audits, or protect our legal interests.

Data retention periods may vary depending on the nature of the information, applicable legal requirements, contractual obligations, operational needs, and security considerations.

Retention periods vary depending upon the category of information. Account information may be retained during the life of the account and for a reasonable period thereafter. Transaction records, audit records, and security logs may be retained for longer periods to comply with legal obligations, security requirements, tax obligations, dispute resolution requirements, and legitimate business purposes.

12.       SECURITY

We implement commercially reasonable administrative, technical, organizational, and physical safeguards designed to protect information against unauthorized access, disclosure, alteration, destruction, misuse, or loss. Such safeguards may include encryption technologies, authentication controls, access restrictions, monitoring systems, secure hosting environments, and other security practices.

Notwithstanding the foregoing, no method of transmission over the Internet, electronic storage system, or security measure is completely secure, and J0y cannot guarantee absolute security of any information. You are responsible for maintaining the confidentiality of your account credentials and for implementing appropriate safeguards within your own systems and environments.

In the event J0y confirms a security incident affecting Customer data, J0y may provide notice to affected customers within a commercially reasonable time following confirmation, subject to applicable law, law-enforcement requirements, and security considerations. Additional notification obligations may be set forth in the applicable DPA or enterprise agreement.

13.       THIRD-PARTY SERVICES

The Services may contain links to or integrations with third-party websites, platforms, services, applications, or technologies. J0y does not control and is not responsible for the privacy practices, content, security, or policies of any third parties. Your interactions with third-party services are governed solely by the applicable third-party terms and privacy policies.

14.       CHILDREN’S PRIVACY

The Services are intended for business users and are not directed to children under thirteen (13) years of age. J0y does not knowingly collect personal information from children under thirteen (13). If J0y becomes aware that it has collected personal information from a child under thirteen (13), J0y will delete such information as required by applicable law.

The Services are intended for users eighteen (18) years of age or older. Individuals under eighteen (18) should not use the Services except as authorized by a parent, guardian, educational institution, or organization legally responsible for such use where permitted by applicable law.

15.       INTERNATIONAL DATA TRANSFERS

Information collected through the Services may be processed in the United States and other jurisdictions where J0y or its service providers operate.

Where required by applicable law, international transfers of personal information shall be conducted pursuant to approved transfer mechanisms, including Standard Contractual Clauses, adequacy decisions, the UK International Data Transfer Addendum, or other lawful transfer mechanisms recognized under applicable law.

Additional information regarding international transfers is available in the applicable DPA.

16.       YOUR RIGHTS AND CHOICES

Subject to applicable law, you may have rights relating to access, correction, deletion, restriction, portability, or objection regarding certain personal information. You may also update certain account information through your account settings or by contacting J0y. J0y reserves the right to verify your identity before responding to requests relating to personal information.

Subject to applicable law, individuals may have rights including:

(a) access;

(b) correction;

(c) deletion;

(d) portability;

(e) restriction of processing;

(f) objection to processing;

(g) withdrawal of consent;

(h) limitation of use of sensitive personal information; and

(i) non-discrimination for exercising privacy rights.

Requests may be submitted to privacy@j0y.com. J0y may verify identity before responding to requests. Where required by applicable law, J0y generally responds within thirty (30) days or such other period permitted by applicable law, including forty-five (45) days where applicable under certain U.S. state privacy laws. Authorized agents may submit requests on behalf of individuals where permitted by law.

17.       U.S. STATE PRIVACY RIGHTS

Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Delaware, New Jersey, New Hampshire, Nebraska, Minnesota, Rhode Island, Maryland, Indiana, Kentucky, Tennessee, and other applicable jurisdictions may possess additional privacy rights under applicable state law. Additional information regarding such rights may be provided upon request or through supplemental state-specific notices.

18.       SENSITIVE PERSONAL INFORMATION

Certain User Content may contain sensitive personal information, including government-issued identification numbers, precise geolocation information, health information, biometric information, racial or ethnic origin, religious beliefs, financial account information, or other categories recognized under applicable law. J0y processes such information solely for purposes authorized by customers, required by law, or necessary to provide the Services.

19.       AUTOMATED PROCESSING AND ARTIFICIAL INTELLIGENCE

J0y may utilize automated systems, machine-learning technologies, artificial intelligence tools, analytics systems, and algorithmic processes to assist in providing, securing, maintaining, and improving the Services. Such systems may assist with fraud detection, security monitoring, customer support, analytics, workflow automation, content generation, and similar functions.

J0y does not currently engage in automated decision-making that produces legal effects or similarly significant effects on individuals without meaningful human involvement unless otherwise disclosed.

20.       CHANGES TO THIS PRIVACY POLICY

J0y may modify this Privacy Policy from time to time. Material changes will be communicated through the Services, by email, or by other reasonable means. Continued use of the Services following the effective date of revised terms constitutes acceptance of the revised Privacy Policy.

21.       DISPUTE RESOLUTION

Any dispute arising out of or relating to this Privacy Policy shall be governed by the dispute resolution, arbitration, class action waiver, governing law, and related provisions contained in the J0y Terms of Use Agreement.

22.       CONTACT INFORMATION

J0y Inc.

424 E. Central Blvd. #716

Orlando, FL 32801

General Legal Notices: support@j0y.com

Privacy Requests: support@j0y.com

Copyright / DMCA Notices: support@j0y.com

APPENDIX A

CALIFORNIA PRIVACY NOTICE

This California Privacy Notice supplements the information contained in the J0y Privacy Policy and applies solely to California residents. This Notice is intended to comply with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA") 

CATEGORIES OF PERSONAL INFORMATION COLLECTED

During the preceding twelve (12) months, J0y may have collected the following categories of personal information:

A. Identifiers, including names, email addresses, postal addresses, IP addresses, account identifiers, device identifiers, and similar information.

B. Customer Records Information, including billing information, subscription information, transaction information, and business contact information.

C. Commercial Information, including products or services purchased, obtained, considered, or used.

D. Internet or Electronic Network Activity Information, including browsing activity, SDK telemetry, usage logs, API activity, device information, crash reports, analytics information, and interactions with the Services.

E. Geolocation Information, including approximate location information derived from IP addresses or devices.

F. Professional or Employment Information, including company affiliations, job titles, and business contact information.

G. Audio, Electronic, Visual, or Similar Information, including support communications, recordings, uploaded files, forms, and related materials.

H. Inferences, including inferences drawn from usage patterns and interactions with the Services.

I. Sensitive Personal Information, to the extent voluntarily provided by customers or users, including account credentials, government-issued identifiers, financial information, precise geolocation information, health-related information, or other sensitive information contained in User Content.

SOURCES OF INFORMATION

J0y collects personal information from:

(a) customers and authorized users;

(b) customer end users where information is submitted through the Services;

(c) SDKs, APIs, integrations, and developer tools;

(d) payment processors and service providers;

(e) business partners and integrations;

(f) publicly available sources; and

(g) automated technologies and analytics tools.

BUSINESS PURPOSES FOR COLLECTION

J0y collects and processes personal information for purposes including:

(a) providing and operating the Services;

(b) account administration;

(c) customer support;

(d) security and fraud prevention;

(e) billing and payment processing;

(f) analytics and performance monitoring;

(g) legal compliance;

(h) improving and developing the Services; and

(i) other legitimate business purposes described in the Privacy Policy.

DISCLOSURE OF PERSONAL INFORMATION

J0y may disclose personal information to:

(a) affiliates and subsidiaries;

(b) cloud hosting providers;

(c) payment processors;

(d) analytics providers;

(e) customer support vendors;

(f) professional advisors;

(g) governmental authorities;

(h) subprocessors and service providers; and

(i) parties involved in corporate transactions.

SALE OR SHARING OF PERSONAL INFORMATION

J0y does not sell personal information for monetary consideration.

J0y does not knowingly share personal information for cross-context behavioral advertising as those terms are defined under California law, except where specifically disclosed and permitted by applicable law. 

If J0y engages in activities constituting a sale or sharing under applicable law in the future, California residents will be provided applicable opt-out rights. 

SENSITIVE PERSONAL INFORMATION

J0y uses sensitive personal information solely for purposes authorized by the CCPA, including providing the Services, maintaining security, preventing fraud, performing services requested by customers, complying with legal obligations, and other permitted purposes. 

CALIFORNIA PRIVACY RIGHTS

California residents may have the following rights:

(a) Right to Know;

(b) Right to Access;

(c) Right to Correct;

(d) Right to Delete;

(e) Right to Data Portability;

(f) Right to Opt Out of Sale or Sharing;

(g) Right to Limit Use of Sensitive Personal Information; and

(h) Right to Non-Discrimination.

EXERCISING RIGHTS 

Requests may be submitted by emailing privacy@j0y.com. J0y may verify the identity of the requesting individual before responding. Authorized agents may submit requests on behalf of California residents as permitted by law.

RETENTION

J0y retains personal information only for as long as reasonably necessary to fulfill the purposes described in the Privacy Policy, comply with legal obligations, resolve disputes, maintain security, enforce agreements, and protect legal rights.

APPENDIX B

GDPR AND UK PRIVACY NOTICE

This Notice supplements the J0y Privacy Policy and applies to individuals located in the European Economic Area ("EEA"), the United Kingdom, and Switzerland.

DATA CONTROLLER

For information for which J0y acts as a controller, the data controller is:

J0y Inc.

424 E. Central Blvd. #716

Orlando, FL 32801

Privacy Requests: privacy@j0y.com

If J0y appoints a Data Protection Officer or Article 27 Representative, current contact information will be published on the J0y website.

CONTROLLER AND PROCESSOR ROLES

J0y may act as either: (a) a controller with respect to account information, billing information, marketing communications, website usage information, and information relating to operation of the J0y business; or (b) a processor acting on behalf of customers with respect to personal data submitted through the Services.

Where J0y acts solely as a processor, requests regarding personal data should generally be directed first to the applicable customer.

LEGAL BASES FOR PROCESSING

J0y processes personal data pursuant to one or more of the following legal bases:

(a) performance of a contract;

(b) compliance with legal obligations;

(c) legitimate interests;

(d) consent;

(e) protection of vital interests; and

(f) other lawful bases recognized under applicable law.

LEGITIMATE INTERESTS

J0y's legitimate interests may include:

(a) providing and improving the Services;

(b) fraud prevention and security;

(c) internal administration;

(d) customer support;

(e) analytics and performance monitoring;

(f) protection of legal rights; and

(g) business development and operational management.

INTERNATIONAL TRANSFERS

Personal data may be transferred to and processed in the United States and other countries.

Where required by applicable law, J0y relies upon approved transfer mechanisms, including:

(a) Standard Contractual Clauses;

(b) UK International Data Transfer Addendum;

(c) adequacy decisions; or

(d) other lawful transfer mechanisms.

Additional information regarding international transfers may be available through the J0y Data Processing Addendum.

DATA SUBJECT RIGHTS

Subject to applicable law, individuals may have the following rights:

(a) right of access;

(b) right to rectification;

(c) right to erasure;

(d) right to restrict processing;

(e) right to object to processing;

(f) right to data portability;

(g) right to withdraw consent; and

(h) rights relating to automated decision-making.

Requests may be submitted to privacy@j0y.com. J0y will generally respond within one month unless a longer period is permitted by law.

AUTOMATED DECISION-MAKING

J0y may use automated systems, machine-learning tools, artificial intelligence systems, and analytics technologies to assist with providing and securing the Services.

J0y does not currently engage in solely automated decision-making that produces legal effects or similarly significant effects on individuals without meaningful human involvement unless otherwise disclosed.

RIGHT TO LODGE A COMPLAINT

Individuals located in the EEA, United Kingdom, or Switzerland may lodge complaints with their applicable supervisory authority if they believe their personal data has been processed in violation of applicable law. 

RETENTION

J0y retains personal data only for as long as necessary to fulfill the purposes described in the Privacy Policy, comply with legal obligations, resolve disputes, maintain security, enforce agreements, and protect legal rights.

DATA PROCESSING ADDENDUM

Where J0y acts as a processor on behalf of customers, processing activities are additionally governed by the applicable Data Processing Addendum and any applicable Standard Contractual Clauses.