Jetwel

Legal

Privacy Policy

Last updated: April 14, 2026

1. Who we are

Jetwel (“Jetwel”, “we”, “us”) operates an AI workforce SaaS platform that lets organizations deploy autonomous agent teams for sales, media and support tasks. This policy explains what personal data we process and how.

For questions about this policy or to exercise any of the rights below, contact us at privacy@jetwel.ai.

2. Data we collect

Account data

When you sign in with Google we receive your name, email address, Google account ID and profile picture. We store these so we can authenticate you and display your identity in the product.

Workspace data

Anything you or your teammates submit inside a workspace — prompts, agent instructions, uploaded documents, generated outputs, audit logs — is stored on our servers so you can retrieve it later. Workspace data is strictly scoped to the organization that created it.

Billing data

Subscription state, plan, invoice history and tax information are handled by Stripe. We never see or store card numbers. Stripe’s privacy notice is available at stripe.com/privacy.

Operational data

We keep request logs, error traces and usage metrics for up to 30 days so we can debug incidents and detect abuse. Logs may include your IP address, user agent, and the endpoint you hit, but never the contents of your prompts or generated outputs.

3. How we use it

  • To authenticate you and show you your workspace.
  • To run the AI agents you configure, which in turn call third-party APIs on your behalf (see section 5).
  • To send transactional email (welcome, verification, billing receipts, security alerts). These cannot be opted out of.
  • To detect fraud, brute-force attempts, and abuse of our rate limits.
  • To produce aggregated, non-identifying usage statistics for product improvement.

We do not sell personal data, and we do not train foundation models on your prompts or agent outputs.

4. Legal bases (GDPR Art. 6)

  • Contract — running the service you signed up for.
  • Legitimate interest — security, fraud prevention, aggregated analytics.
  • Legal obligation — tax records, accounting.
  • Consent — optional analytics cookies (see our cookie policy).

5. Third parties we share data with

  • Google — sign-in, Gmail / Calendar / Sheets tools when you explicitly connect them.
  • Google Gemini — LLM inference for your agents. Your prompts transit through Gemini but are not used for training.
  • Stripe — payments and subscription management.
  • Resend — transactional email delivery.
  • Sentry — error tracking (scrubbed of PII where we can identify it).
  • MongoDB Atlas — primary database hosting (EU region).
  • Enrichment providers you enable — OpenClaw, Brave, Google Places. Data is only sent when you run an enrichment job.

Each provider acts as a sub-processor under a Data Processing Agreement. A current list is available on request.

6. International transfers

Primary storage is in the EU. Some sub-processors (Google, Stripe) process data in the United States under Standard Contractual Clauses.

7. Retention

  • Account data — until you delete your account.
  • Workspace data — until you or an admin deletes it, or 30 days after organization deletion.
  • Billing records — 10 years (legal requirement).
  • Operational logs — 30 days.

8. Your rights

Under GDPR and KVKK you can:

  • Access the data we hold about you.
  • Correct inaccurate data.
  • Request deletion (“right to be forgotten”) — handled from Settings → Account → Delete account.
  • Export a copy of your data in machine-readable form — handled from Settings → Account → Export data.
  • Object to or restrict processing.
  • Lodge a complaint with your local data protection authority.

Requests are handled within 30 days. We may ask you to verify your identity first so we don’t release data to the wrong person.

9. Security

We encrypt data in transit (TLS 1.2+) and at rest, run a least-privilege access policy for employees, enforce 2FA on admin accounts, and audit every production change. Incidents involving personal data are reported to affected users within 72 hours as required by GDPR Art. 33.

10. Children

Jetwel is a B2B product and not intended for anyone under 18. We do not knowingly collect data from minors.

11. Changes to this policy

We will update the “last updated” date and, for material changes, notify account owners by email at least 14 days before the change takes effect.