← Back to Home

Privacy Policy

Last Updated: January 6, 2026

1. Data Controller

The data controller responsible for your personal data is:

Heiko Witte
Rohrbachstraße 9
60389 Frankfurt am Main
Germany
Email: hello@getjotio.app

2. What Data We Collect

We collect and process the following types of personal data:

2.1 Data You Provide to Us

• Account Information: Name, email address, and password when you create an account
• Note Content: Text, voice recordings, images, and other content you create within the app
• Communication Data: Information you provide when contacting our support team

2.2 Data Collected Automatically

• Device Information: Device type, operating system version, unique device identifiers
• Usage Data: App features you use, frequency of use, crash reports, performance data
• Location Data: Approximate location based on IP address (only if you grant permission)

2.3 Data from Third Parties

• Authentication Services: If you sign in using Apple ID or Google, we receive your name and email address from these services

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

• Consent (Article 6(1)(a)): For optional features like location services and marketing communications
• Contract Performance (Article 6(1)(b)): To provide the Jotio app services you've requested
• Legitimate Interests (Article 6(1)(f)): To improve our app, prevent fraud, and ensure security
• Legal Obligation (Article 6(1)(c)): To comply with applicable laws and regulations

4. How We Use Your Data

We use your personal data for the following purposes:

• To provide, maintain, and improve the Jotio app functionality
• To create and manage your account
• To sync your notes across your devices
• To provide customer support and respond to your inquiries
• To send you important service updates and security alerts
• To analyze app usage and improve user experience
• To detect, prevent, and address technical issues and security threats
• To send marketing communications (only with your explicit consent)

5. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with:

5.1 Service Providers

We work with trusted third-party service providers who process data on our behalf:

• Cloud Storage: AWS/Google Cloud (for secure data storage and backup)
• Analytics: Privacy-focused analytics services to understand app usage
• Authentication: Apple Sign-In, Google Sign-In (if you choose to use them)
• Customer Support: Support ticket management systems

All third-party processors are GDPR-compliant and bound by data processing agreements.

5.2 Legal Requirements

We may disclose your data if required by law, legal process, or governmental request, or to protect our rights, privacy, safety, or property.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place through:

• EU Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Privacy Shield Framework or equivalent mechanisms

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Account Data: Retained while your account is active and for 30 days after account deletion
• Note Content: Retained according to your auto-cleanup settings or until you delete them
• Usage Data: Retained for up to 12 months for analytics purposes
• Support Communications: Retained for up to 3 years to improve customer service

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

8.1 Right to Access (Article 15)

You can request a copy of the personal data we hold about you.

8.2 Right to Rectification (Article 16)

You can correct any inaccurate or incomplete personal data.

8.3 Right to Erasure (Article 17)

You can request deletion of your personal data ("right to be forgotten").

8.4 Right to Restrict Processing (Article 18)

You can request that we limit how we use your data.

8.5 Right to Data Portability (Article 20)

You can receive your data in a structured, commonly used format and transfer it to another service.

8.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent (Article 7(3))

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• End-to-end encryption for note content during transmission
• Encryption at rest for stored data
• Regular security audits and penetration testing
• Access controls and authentication requirements
• Employee training on data protection and privacy
• Incident response procedures for data breaches

10. Cookies and Tracking Technologies

10.1 Website Cookies

Our website uses only essential cookies necessary for the website to function. We do not use tracking cookies or analytics cookies without your explicit consent.

10.2 Mobile App Analytics

The mobile app collects minimal analytics data to improve functionality. You can opt out of analytics in the app settings.

10.3 No Dark Patterns

We comply with GDPR requirements prohibiting manipulative design techniques. Rejecting optional data collection is as easy as accepting it, and we never use pre-checked boxes or intimidating language.

11. Email Communications

In compliance with 2026 EU regulations on email tracking:

• We do not use tracking pixels in transactional emails
• Marketing emails may include tracking only with your explicit consent
• You can unsubscribe from marketing emails at any time
• Essential service emails (password resets, security alerts) cannot be opted out of

12. Children's Privacy

Jotio is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at hello@getjotio.app.

13. Automated Decision-Making

We may use automated systems for:

• Auto-Cleanup: Automatically archiving or deleting notes based on your preferences
• Spam Detection: Identifying and filtering potential spam or abuse

You have the right to request human review of automated decisions that significantly affect you.

14. AI and Machine Learning

Jotio may use AI features to enhance your experience (e.g., smart categorization, search). In compliance with the EU AI Act (effective August 2, 2026):

• We maintain transparency about AI usage
• AI processing happens on-device where possible to protect your privacy
• You can disable AI features in app settings
• We do not use your data to train AI models without explicit consent

15. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

• Notify you of material changes via email or in-app notification
• Update the "Last Updated" date at the top of this policy
• Seek your consent again if required by law
• Maintain previous versions for your review

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: hello@getjotio.app
Mail: Heiko Witte, Rohrbachstraße 9, 60389 Frankfurt am Main, Germany

17. Supervisory Authority

You have the right to lodge a complaint with the competent data protection supervisory authority:

For Germany:
Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Graurheindorfer Str. 153
53117 Bonn
Germany
Website: www.bfdi.bund.de