Privacy Policy

1. Introduction

J4C Portal ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI agent enhancement framework and related services.

This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Data We Collect

3.1 Information You Provide

• Account Information: Name, email address, profile picture (from OAuth providers)
• Authentication Data: OAuth tokens from Google or GitHub
• Usage Data: Your interactions with mental models, projects, and analytics

3.2 Automatically Collected Information

• Technical Data: IP address, browser type, device information
• Session Data: Login timestamps, session duration
• Analytics: Pages visited, features used, performance metrics

3.3 Third-Party Data

When you authenticate via Google or GitHub, we receive:

4. Legal Basis for Processing

Under GDPR, we process your data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b)): Processing necessary to provide our services
• Legitimate Interests (Art. 6(1)(f)): Improving our services, security, and analytics
• Consent (Art. 6(1)(a)): Where you have given explicit consent (e.g., marketing)
• Legal Obligation (Art. 6(1)(c)): Compliance with applicable laws

5. How We Use Your Data

• Providing and maintaining the J4C Portal services
• Authenticating your identity and managing your account
• Personalizing your experience and recommendations
• Analyzing usage patterns to improve our services
• Communicating service updates and important notices
• Ensuring platform security and preventing abuse
• Complying with legal obligations

6. Data Sharing and Third Parties

We do not sell your personal data. We may share data with:

• Service Providers: Cloud hosting (infrastructure), OAuth providers (authentication)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In connection with mergers or acquisitions

Third-Party Services

7. Data Retention

We retain your data for the following periods:

8. Your Rights Under GDPR

As a data subject, you have the following rights:

8.1 Right of Access (Art. 15)

You can request a copy of all personal data we hold about you.

8.2 Right to Rectification (Art. 16)

You can request correction of inaccurate or incomplete data.

8.3 Right to Erasure (Art. 17)

You can request deletion of your personal data ("right to be forgotten").

8.4 Right to Restrict Processing (Art. 18)

You can request limitation of how we process your data.

8.5 Right to Data Portability (Art. 20)

You can request your data in a structured, machine-readable format.

8.6 Right to Object (Art. 21)

You can object to processing based on legitimate interests.

8.7 Right to Withdraw Consent (Art. 7)

Where processing is based on consent, you can withdraw it at any time.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated.

9. Cookies and Tracking

We use the following types of cookies:

We do not use third-party tracking or advertising cookies.

10. Data Security

We implement appropriate technical and organizational measures to protect your data:

• HTTPS encryption for all data in transit
• Secure session management with token expiration
• CSRF protection on all forms
• Rate limiting to prevent abuse
• Regular security audits and updates
• Access controls and role-based permissions

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting a notice on our website
• Updating the "Last Updated" date
• Sending an email notification for material changes

12. Contact Us