PayJarvis ("we," "our," or "us") operates the PayJarvis AI assistant platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read this policy carefully. By accessing or using PayJarvis, you agree to the collection and use of information in accordance with this policy.
1. Data We Collect
We collect the following categories of personal and usage data to provide and improve our service:
- Personal Information: Name, email address, and phone number provided during account registration.
- Location Data: GPS coordinates used to power local commerce features (e.g., finding nearby restaurants and stores).
- Conversation History: Messages and interactions with the PayJarvis AI assistant.
- Audio Transcriptions: Voice messages processed through speech-to-text (STT) technology. Raw audio is not retained after transcription.
- Amazon Store Credentials: Credentials for your Amazon account, stored in our AES-256 encrypted credentials vault to enable purchase automation on your behalf.
- Purchase History & Transaction Data: Records of purchases and transactions executed through PayJarvis.
- Device Information & IP Address: Browser type, operating system, device identifiers, and IP address collected automatically during service use.
2. How We Use Your Data
- Service Delivery & Personalization: To provide, operate, and personalize the PayJarvis AI assistant experience.
- Transaction Processing: To process purchases and transactions on your behalf across integrated platforms.
- Product Improvement: To analyze usage patterns and improve product quality, reliability, and user experience.
- Notifications: To send service-related notifications via Telegram, WhatsApp, and email (e.g., transaction confirmations, security alerts).
- Security & Fraud Prevention: To detect, prevent, and respond to fraud, unauthorized access, and other security threats.
3. Third-Party Service Providers
We share data with the following third-party providers strictly to operate our service. We do not sell your personal data to any third party.
| Provider | Purpose |
|---|---|
| Stripe | Payment processing |
| Twilio | WhatsApp messaging delivery |
| Google (Gemini, Places API) | AI processing and location services |
| Amazon | Purchase automation (user's own account) |
| Amadeus | Travel search and booking |
| BrowserBase | Browser automation infrastructure |
| Clerk | User authentication and identity management |
| Hostinger | Hosting infrastructure |
Each provider processes data in accordance with their own privacy policy. We encourage you to review those policies.
4. Data Storage & Security
We implement industry-standard security measures to protect your data:
- Hosting: Virtual Private Server (VPS) hosted by Hostinger in the United States.
- Database: PostgreSQL database with access controls and regular backups.
- Caching: Redis for ephemeral caching; cached data is not persisted long-term.
- Credentials Vault: All stored credentials (e.g., Amazon account) are encrypted with AES-256 encryption.
- Data in Transit: All communications are encrypted using HTTPS/TLS.
- Password Security: User passwords are hashed with bcrypt and never stored in plain text.
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Retained while your account is active |
| Conversation history | Retained for service improvement; deletable on request |
| Credentials vault | Deletable at any time by the user |
| Transaction logs | Retained for 7 years (legal and tax requirements) |
| Post-deletion cleanup | All data removed within 30 days of account deletion |
6. Your Rights (LGPD / GDPR / CCPA)
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Right to Access: Request a copy of all personal data we hold about you.
- Right to Correction: Request correction of inaccurate or incomplete data.
- Right to Deletion: Request deletion of your personal data, subject to legal retention requirements.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Withdraw Consent: Withdraw consent for data processing at any time.
- Right to Restrict Processing: Request limitation of how we process your data.
To exercise any of these rights, contact us at privacy@payjarvis.com. We will respond within 15 business days.
7. Cookies
We use essential cookies only, required for authentication through Clerk. These cookies are strictly necessary for the service to function and cannot be disabled. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.
8. Children's Privacy
PayJarvis is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a user under 18, we will take steps to delete that information promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Effective Date" at the top of this page and notify you via email or in-app notification for material changes. Continued use of PayJarvis after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, contact us at:
PayJarvis
Email: privacy@payjarvis.com
Last updated: March 20, 2026