1. Introduction
JEMxAI LLC ("Company", "we", "us") operates JemEcho. This Privacy Policy describes what we collect, how we use it, which third parties receive it, and the controls you have. JemEcho is an AI-driven social and email automation platform: by design, AI processes content on your behalf, including direct messages, comments, and emails sent to your connected accounts. This policy explains what that means for your data and for the third parties who contact you through your accounts.
2. Information We Collect
We collect three broad categories of information:
- Account data: email, name, profile information, phone number and business profile you add during onboarding.
- Platform data: posts, media, leads, agents, preferences, and analytics you create while using the Service.
- Third-party data received on your behalf: when you connect a social account or inbound email address, we receive messages from the people who contact you — direct messages, comments, reviews, and emails. This content includes the sender's name/handle and the message body.
- Payment data: processed by Stripe; we do not store full card numbers.
- Technical data: IP address, device information, and server logs needed to operate the Service.
3. How We Use Your Information
- Provide, maintain, and improve the Service.
- Route your content to the social platforms and inboxes you have connected, and receive inbound messages from those platforms on your behalf.
- Run AI features — drafting replies, qualifying leads, generating content, and suggesting next steps — based on the automation preferences you configure.
- Process payments and send subscription notifications.
- Send SMS and email notifications you have opted into.
- Detect and prevent abuse, respond to support requests, and comply with the law.
4. Third-Party Processors
To operate the Service we share the minimum data necessary with the following processors. Each has its own privacy policy, and we only use them for the purposes listed.
| Provider | What we send | Purpose |
|---|---|---|
| Supabase (AWS) | Account data, platform data, inbound message bodies | Authentication, database, file storage |
| AWS (via SST) | Application runtime traffic and logs | Hosting, compute, queueing |
| Google (Gemini) | Prompts built from your content, connected-account messages (DMs, comments, emails), lead names/contact details when relevant to the task | AI content generation, reply drafting, lead qualification. When Vertex AI is configured, data is handled under Google's enterprise no-training terms; otherwise, the default consumer Gemini API terms apply. |
| Zernio (social integration) | OAuth tokens for connected social accounts, outbound content we publish, and inbound DMs/comments/reviews Zernio forwards to us | Multi-platform publishing and social inbox |
| Resend | Outbound emails and metadata (delivery, bounces) | Transactional and campaign email delivery |
| Twilio | Phone numbers, SMS content | SMS delivery and inbound SMS routing |
| Stripe | Billing email, plan, payment method (tokenized) | Payment processing |
| Social platforms | OAuth tokens; posts and replies you send | Publishing to the accounts you connect |
We do not sell your personal information and we do not send data to processors other than those listed above.
5. AI Processing
JemEcho is an AI-powered assistant. When you enable automations (auto-reply to DMs, comments, reviews, emails, lead qualification, content generation, etc.), the content you and the people contacting you send is included in prompts to Google Gemini so the assistant can produce a response. You can disable any automation in Settings. You can also disable AI on a per-thread basis from the inbox.
If JemEcho is deployed with Google Vertex AI credentials (which we prefer for production), prompts and completions are covered by Google's enterprise terms, which prohibit using customer data to train foundation models. Without those credentials we fall back to the Gemini API key, where standard consumer-tier retention terms apply.
6. Retention
We keep data only as long as we need it to provide the Service or as required by law:
- Inbound DMs, comments, reviews: retained for 90 days by default and then scrubbed. You can change this to as little as 7 days or as long as 365 days in Privacy settings.
- Inbound webhook payloads (used for admin debugging): scrubbed at 90 days and hard-deleted at 180 days.
- Account, profile, and platform data: kept while your account is active. Deleted within 7 days after you request account deletion (see below).
- Payment records: retained as required by tax and accounting law.
Disconnecting a social account automatically purges the inbox history for that platform (unless you have another connected account on the same platform).
7. Your Controls
You can exercise the following controls yourself from the Privacy settings page:
- Adjust the retention window for inbound inbox messages.
- Disable AI processing on specific conversations without changing global settings.
- Download a JSON export of your data (one export per 24 hours).
- Request account deletion. Deletion is confirmed after a 7-day grace period during which you can cancel, then all account data is hard-deleted.
- Disconnect a social account, which purges that platform's inbox history.
You can also opt out of SMS at any time by replying STOP to any message. For data requests we cannot satisfy through the settings page, email support@jemecho.com.
8. Third Parties Who Contact You
When someone DMs, comments on, or emails one of your connected accounts, their message reaches us through the relevant platform. We process it to run the automations you configured. We retain those messages under the retention rules above and honor unsubscribe / STOP requests from your recipients. If an individual whose message is stored here wishes to have it removed, we respond to verified requests sent to support@jemecho.com.
9. Admin Access
A small set of our staff may access account-scoped data to investigate failures, replay webhooks, or respond to support requests. Every such access is recorded in an internal audit log that captures who accessed what, when, and why. We do not use admin access for any purpose beyond operating the Service.
10. Security
We use industry-standard measures to protect your data, including row-level security on our database, encrypted transport, signed webhook payloads, and short-lived credentials. No system is perfectly secure; we cannot guarantee absolute security.
11. Changes
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, by notifying you inside the product.
12. Contact
JEMxAI LLC — support@jemecho.com.
See also our Terms of Service.