Privacy Policy

Effective date: April 18, 2026 · Last updated: April 25, 2026

Jottle is a Chrome extension and web dashboard that helps you capture thoughts quickly and review them later. This policy explains what data we collect, how we use it, and what rights you have over it.

We don't sell your data. We don't use it for advertising. We collect only what we need to make the product work.

What we collect

Account information. When you sign up, we collect your email address. This is used to identify your account and send essential account-related messages (password reset, billing receipts). We do not send marketing emails without your consent.

Your jottles. The thoughts, notes, tasks, and ideas you capture using Jottle are stored on our servers. This is the core data the product operates on. Do not use Jottle to capture passwords, financial credentials, or other sensitive secrets — it is a thought-capture tool, not a secure vault.

AI-processed content. When you submit a jottle, its text is sent to Anthropic's Claude API to generate a title, clean up the phrasing, and assign a category. The processed result is what gets stored. We do not retain raw submissions separately from the processed output. Anthropic does not use API-submitted content to train its models.

Subscription and billing data. If you purchase a plan, payment is handled by Stripe. We store your subscription status and plan tier in our database. We never see or store your full card number.

Usage data. We may collect basic, anonymous usage signals (e.g. number of jottles created) to understand how the product is being used. This data is not linked to individually identifiable information.

Chrome extension permissions

The Jottle Chrome extension requests the following permissions:

  • storage — stores your session token locally so you stay logged in between browser restarts. This data never leaves your device except to authenticate with jottle.app servers.
  • webNavigation — listens for navigation events on jottle.app only, to detect when you log out and clear your local session. It does not monitor navigation on any other site.

These permissions are used solely to make Jottle work. We do not read, collect, store, or transmit your browsing history, the content of other tabs, page content, or any data from sites other than jottle.app.

Data we do not collect

To be explicit about the scope of data collection:

  • We do not collect browsing history or URLs from any site other than jottle.app
  • We do not read the content of web pages you visit
  • We do not collect location data
  • We do not collect device identifiers or fingerprinting data
  • We do not run background data collection — the extension only acts when you explicitly open it or navigate to the Jottle dashboard

How we store your data

Your account data and jottles are stored in Supabase, a managed database service hosted on AWS infrastructure in the United States (us-east-1, North Virginia). Data is encrypted at rest and in transit.

Your session credentials are stored locally in your browser's extension storage — they do not leave your device except to authenticate with our servers.

Third-party services and data sharing

Jottle shares data with the following third-party services to operate the product. We share only what is necessary for each service's specific function.

  • Anthropic — When you submit a jottle, its text is sent to Anthropic's Claude API to generate a title, clean up the phrasing, and assign a category. Anthropic does not use API-submitted content to train its models. Data sent via the API is subject to Anthropic's privacy policy and their usage policies.
  • Supabase— Your account information and jottles are stored in Supabase's managed database service. Supabase also handles authentication (login sessions, password management). Data is hosted on AWS infrastructure in the United States (us-east-1, North Virginia).
  • Stripe — If you purchase a subscription, your payment is processed by Stripe. We share only the information necessary to create and manage your subscription (email address, plan selection). Stripe's data use is governed by their privacy policy. We never see or store your full card number.
  • Vercel— The Jottle web app and dashboard are hosted on Vercel. Your requests to jottle.app are served through Vercel's infrastructure.

We do not sell your data to any third party. We do not share your data with advertisers, data brokers, or analytics platforms.

Data retention

We retain your data for as long as your account is active:

  • Account and jottles — stored for the lifetime of your account. If you delete your account via Settings, all associated data is permanently and immediately deleted.
  • Session tokens — stored locally in your browser extension storage. Cleared when you log out or uninstall the extension.
  • Billing records — Stripe retains transaction records as required for financial compliance. These are governed by Stripe's data retention policies.

We do not retain jottle text submitted to Anthropic's API beyond what is stored as the processed result in your account.

User consent

By creating a Jottle account, you consent to the data collection and processing practices described in this policy. Data collection begins only after you have created an account and explicitly submitted a jottle.

The Chrome extension does not collect any data without your active interaction — it acts only when you open the extension popup or navigate to the Jottle dashboard.

Your rights

You have the following rights over your data:

  • Access — you can view and export all your jottles from the dashboard at any time.
  • Deletion — you can delete your account and all associated data directly from the Settings page in your dashboard. Deletion is immediate and permanent. If you need help, you can also email hello@jottle.app.
  • Correction — you can update your account email through the settings page.

GDPR — European users

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional terms apply.

Data controller. Jottle is the data controller for personal data processed under this policy. You can contact us at hello@jottle.app.

Lawful basis for processing. We process your data on the following legal bases:

  • Contract performance — processing your account information and jottles is necessary to provide the service you signed up for.
  • Legitimate interests — basic anonymous usage signals help us understand how the product is used and improve it.
  • Legal obligation — Stripe retains billing records as required by financial regulations.

Your rights under GDPR. In addition to the rights listed above, EEA/UK users have the right to:

  • Data portability — request a copy of your data in a structured, machine-readable format.
  • Restriction of processing — request that we limit how we use your data in certain circumstances.
  • Object to processing — object to processing based on legitimate interests.
  • Lodge a complaint — you have the right to lodge a complaint with your local data protection supervisory authority.

International data transfers. Your data is stored and processed in the United States. By using Jottle, you acknowledge that your data is transferred to and processed in the US, which may have different data protection laws than your country. We rely on standard contractual clauses and Anthropic's and Supabase's respective data processing agreements to lawfully transfer data outside the EEA.

Account deletion can be done directly from Settings. For all other rights requests, email hello@jottle.app — we will respond within 30 days.

Children's privacy

Jottle is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children.

Changes to this policy

If we make material changes to this policy, we will update the effective date at the top of this page. Continued use of Jottle after changes are posted constitutes acceptance of the updated policy.

Contact

Questions about this policy? Email us at hello@jottle.app.