Jetwel

Legal

Privacy Policy

Last updated: May 16, 2026

1. Who we are

Jetwel (“Jetwel”, “we”, “us”) operates an AI workforce SaaS platform that lets organizations deploy autonomous operator teams for B2B sales and workspace operations. The current paid package centers on Astro, Nexus and Ada Revenue Team; future teams may be added as separate products. This policy explains what personal data we process and how.

For questions about this policy or to exercise any of the rights below, contact us at privacy@jetwel.com.

2. Data we collect

Account data

When you sign in with Google we receive your name, email address, Google account ID and profile picture. We store these so we can authenticate you and display your identity in the product.

Workspace data

Anything you or your teammates submit inside a workspace — prompts, agent instructions, uploaded documents, generated outputs, audit logs — is stored on our servers so you can retrieve it later. Workspace data is strictly scoped to the organization that created it.

Billing data

Subscription state, plan, invoice history, tax information, refunds and payment-support records may be processed by our active payment provider such as Paddle or Stripe. We never see or store full card numbers. When Paddle is the active provider, Paddle.com may process checkout, tax, invoice, refund and transaction data as Merchant of Record. Paddle buyer support is available at paddle.net. Stripe’s privacy notice is available at stripe.com/privacy.

Operational data

We keep request logs, error traces and usage metrics for up to 30 days so we can debug incidents and detect abuse. Logs may include your IP address, user agent, and the endpoint you hit. We design operational logs to avoid storing prompt and generated-output content, and we restrict or scrub sensitive fields where practical.

3. How we use it

  • To authenticate you and show you your workspace.
  • To run the AI agents you configure, which in turn call third-party APIs on your behalf (see section 5).
  • To send transactional email (welcome, verification, billing receipts, security alerts). These cannot be opted out of.
  • To detect fraud, brute-force attempts, and abuse of our rate limits.
  • To produce aggregated, non-identifying usage statistics for product improvement.

We do not sell personal data, and we do not train foundation models on your prompts or agent outputs.

4. Legal bases (GDPR Art. 6)

  • Contract — running the service you signed up for.
  • Legitimate interest — security, fraud prevention, aggregated analytics.
  • Legal obligation — tax records, accounting.
  • Consent — optional analytics cookies (see our cookie policy).

5. Third parties we share data with

  • Google — sign-in, Gmail / Calendar / Sheets tools when you explicitly connect them.
  • Google Gemini — LLM inference for your agents. Your prompts transit through Gemini but are not used for training.
  • Paddle — Merchant of Record payment processing, checkout, taxes, invoices, buyer support and refunds when Paddle is the active provider.
  • Stripe — payment and subscription processing when Stripe is the active provider.
  • Resend — transactional email delivery.
  • Sentry — error tracking (scrubbed of PII where we can identify it).
  • MongoDB Atlas — primary database hosting (EU region).
  • Enrichment providers you enable — OpenClaw, Brave, Google Places and Hunter. Data is only sent when you run an enrichment job.

These providers process data under their own applicable role. Some act as processors or sub-processors, while payment providers may also act as independent controllers or Merchant of Record depending on the transaction. A current vendor list is available on request.

6. International transfers

Primary storage is in the EU. Some sub-processors and payment providers, including Google, Paddle or Stripe, may process data outside your country under appropriate transfer safeguards.

7. Retention

  • Account data — until you delete your account.
  • Workspace data — until you or an admin deletes it, or 30 days after organization deletion.
  • Billing records — 10 years (legal requirement).
  • Operational logs — 30 days.

8. Your rights

Under GDPR and KVKK you can:

  • Access the data we hold about you.
  • Correct inaccurate data.
  • Request deletion (“right to be forgotten”) by contacting privacy@jetwel.com or through product self-service controls where available.
  • Export a copy of your data in machine-readable form by contacting privacy@jetwel.com.
  • Object to or restrict processing.
  • Lodge a complaint with your local data protection authority.

Requests are handled within 30 days. We may ask you to verify your identity first so we don’t release data to the wrong person.

9. Security

We encrypt data in transit (TLS 1.2+) and at rest, run a least-privilege access policy for employees, enforce 2FA on admin accounts, and audit every production change. If a personal-data incident occurs, we investigate promptly, mitigate the issue, and notify supervisory authorities or affected users where required by GDPR and other applicable laws.

10. Children

Jetwel is a B2B product and not intended for anyone under 18. We do not knowingly collect data from minors.

11. Changes to this policy

We will update the “last updated” date and, for material changes, notify account owners by email at least 14 days before the change takes effect.