01
Introduction
This Privacy Policy explains how JotLink LLC ("JotLink", "we", "us", or "our") collects, uses, stores, and shares your personal information when you use our products, including JotLink Messenger, JotLink Telephony, JotLink CRM, and JotLink eSIM / FMC services, as well as our website at jotlink.net.
By accessing or using any JotLink product or service, you agree to the terms of this Privacy Policy and our Terms of Use, and you consent to the collection, use, disclosure, and retention of your personal information as described below. If you do not agree, please discontinue use of our services.
We are committed to handling your data transparently and in compliance with applicable laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other regional privacy frameworks.
02
Who We Are
JotLink LLC is the data controller for personal information processed through our platform. We provide an integrated AI-powered business communication ecosystem combining messenger, telephony, CRM, and eSIM connectivity.
Our products
- JotLink Messenger — AI-powered omnichannel business messaging
- JotLink Telephony — AI business phone system with inbound and outbound calling
- JotLink CRM — Customer relationship management with AI automation
- JotLink eSIM / FMC — Global eSIM connectivity with Fixed Mobile Convergence
03
Data We Collect
The types of data we collect depend on which JotLink products you use and how you interact with them.
| Category | Examples | Source |
|---|---|---|
| Account data | Name, email address, phone number, company name, password (hashed) | Provided by you at registration |
| Communication data | Messages sent/received, call recordings (where consented), call metadata (duration, timestamp, number), voicemails | Generated by your use of Messenger and Telephony |
| CRM data | Contact records, deal stages, notes, activity logs, imported contact lists | Created or imported by you in JotLink CRM |
| eSIM & network data | eSIM ICCID/EID, data usage volume, roaming country, activation status | Generated when you activate or use a JotLink eSIM |
| Usage & analytics | Features accessed, session duration, click events, error logs | Automatically collected via our platform |
| Device & technical data | IP address, browser type, OS, device identifiers, app version | Automatically collected when you connect to our services |
| Contact list data | Phone numbers from your device address book (with your permission). Used to connect you with other JotLink users and enable contact-finding features | Synced from your device with your explicit consent |
| Social media data | If you sign in via Facebook, Google, or other social accounts: public profile, email address, and friend/contact list per your settings on those platforms | Provided via OAuth when you choose social sign-in |
| Image data | Profile picture (optional). Images you share through the app may be processed for features such as image enhancement or filtering | Uploaded by you or captured in-app |
| Location data | Device GPS/network location when you grant location permissions. Used for location-sharing features with contacts. Precision and frequency depend on permission level granted | Collected from your device when permissions are granted |
| Payment data | Billing address, last 4 digits of card. Full card data is processed by our PCI-DSS compliant payment processor and never stored by JotLink | Provided by you during subscription or top-up |
We do not knowingly collect sensitive personal data (such as health, biometric, or racial/ethnic data) and ask that you do not submit such data through our platform.
04
How We Use Your Data
We use personal data to operate, improve, and personalize our services. Specifically, we use your data to:
- Create and manage your account, authenticate logins, make your profile visible to contacts, and provide access to JotLink products
- Deliver core service functionality: routing calls, delivering messages, syncing CRM records, activating eSIMs, and connecting you with other users via contact-list matching
- Power AI features, including intelligent routing, sentiment analysis, conversation summaries, and automation workflows
- Process payments and manage billing, subscriptions, and usage-based charges
- Send transactional notifications (call alerts, voicemail delivery, billing confirmations)
- Provide customer support and resolve technical issues
- Detect fraud, abuse, and security threats
- Offer in-app image features such as filters and editing tools for images you share through the platform
- Analyze aggregate usage patterns to improve product features and performance
- Personalize your experience, including tailoring feature suggestions and interest-based advertising where applicable (you can opt out via device or app settings)
- Comply with legal obligations and respond to lawful requests from authorities
- Send product updates and marketing communications (with your consent, where required)
We do not use your data to train general-purpose AI models for third parties or sell your personal data to advertisers.
05
Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and the United Kingdom, we process your personal data under the following legal bases:
| Legal basis | When we rely on it |
|---|---|
| Contract performance | Processing necessary to deliver the services you subscribed to (account management, call routing, eSIM activation) |
| Legitimate interests | Security monitoring, fraud prevention, product analytics, and improving the platform |
| Consent | Marketing emails, optional call recording, cookie analytics |
| Legal obligation | Retaining billing records, responding to law enforcement requests, regulatory compliance |
Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
06
Sharing & Disclosure
We do not sell your personal data. We share it only in the following limited circumstances:
- Service providers — We use trusted sub-processors (cloud infrastructure, payment processors, SMS/VoIP carriers, analytics providers) under strict data processing agreements.
- Telecom partners — For eSIM and FMC services, technical data such as ICCID/EID is shared with our network carrier partners to provision and manage your SIM.
- Business transfers — If JotLink undergoes a merger, acquisition, or asset sale, your data may be transferred as part of that transaction. We will notify you in advance where legally required.
- Legal compliance — We may disclose data to authorities if required by law, court order, or to protect the rights and safety of JotLink, our users, or the public.
- With your consent — We may share data for any other purpose with your explicit consent.
All third-party service providers are contractually required to use your data only to provide services to JotLink and to maintain appropriate security standards.
07
International Data Transfers
JotLink operates globally and may transfer your data to countries outside your home jurisdiction, including countries that may not provide the same level of data protection as your home country.
When we transfer data from the EEA or UK to third countries, we rely on appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions issued by the European Commission for certain countries
- The EU-US Data Privacy Framework where applicable
You may request a copy of the safeguards we have in place by contacting us at the address below.
08
Data Retention
We retain personal data for as long as necessary to provide our services and fulfill the purposes described in this policy, or as required by law.
| Data type | Retention period |
|---|---|
| Account data | Duration of account + 90 days after deletion request |
| Call recordings | 90 days by default; configurable per account up to 3 years |
| Message data | Duration of account; longer periods available for enterprise plans |
| CRM records | Duration of account; exported upon request before deletion |
| Billing records | 7 years (legal/tax obligation) |
| Usage logs | 12 months |
| Security/fraud logs | 24 months |
When data is no longer required, we securely delete or anonymize it. You may request early deletion of your data as described in the section on Your Rights below.
09
Your Rights
Depending on your location, you may have the following rights regarding your personal data:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Ask us to correct inaccurate or incomplete data about you.
Right to Erasure
Request deletion of your personal data, subject to legal retention requirements.
Right to Portability
Receive your data in a structured, machine-readable format to transfer elsewhere.
Right to Object
Object to processing based on legitimate interests, including direct marketing.
Right to Restrict
Request that we limit processing of your data while a dispute is resolved.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. California residents may also have additional rights under the CCPA/CPRA, including the right to know, delete, and opt out of the sale of personal information. We do not sell personal information.
10
Your Choices & Controls
Beyond your legal rights, you have direct controls in the app and on your device that let you manage how JotLink accesses and uses your information:
- Account information — You can view and update your name, email, phone number, and other account details at any time in the app's settings.
- Profile picture & images — Your profile picture is optional. You have full control over which images you send within the app. You can remove your profile picture at any time.
- Contact list sync — You can enable or disable syncing with your device's contact list in the app settings. Disabling it will not affect your ability to use core communication features.
- Location data — Location permissions can be managed or revoked at any time through your device's app permission settings. Revoking location access will disable location-sharing features.
- Marketing communications — You can customize or unsubscribe from marketing notifications within the app's notification settings, or through your device's notification controls. Transactional alerts (e.g., call notifications, billing confirmations) are not affected.
- Interest-based advertising — You can opt out of interest-based advertising through your device's advertising settings (e.g., "Limit Ad Tracking" on iOS or "Opt out of Ads Personalization" on Android).
11
Location Services
JotLink requests access to your device's location to enable location-sharing features with your contacts. Location data is only collected when you have granted the relevant permission.
Permission options
- While Using the App — Location is accessed only when JotLink is open and actively in use.
- Only Once — Location is accessed for the current session only. The next session will prompt again.
- Always — Location is accessible even when JotLink runs in the background. Required for live location sharing.
Location sharing modes
- Single location share — Shares your location once with a contact. Requires "Only Once" or "While Using the App" permission.
- Live location sharing — Shares your location continuously with a contact in real time. Requires "Always" permission.
You can change or revoke location permissions at any time through your device settings. Refer to your device's documentation for instructions on managing app permissions. Revoking location access will disable location-sharing features but will not affect other JotLink functionality.
Location data is used solely to deliver location-sharing features and is not shared with advertisers or sold to third parties.
12
Cookies & Tracking
We use cookies and similar tracking technologies on our website and web application to:
- Essential cookies — Keep you logged in, maintain session state, and ensure platform security. These cannot be disabled.
- Analytics cookies — Measure page performance, feature usage, and user flows to help us improve JotLink. We use privacy-respecting analytics with IP anonymization.
- Preference cookies — Remember your settings such as theme choice (light/dark mode) and language preference.
- Marketing cookies — Used only with your explicit consent to show relevant ads on third-party platforms.
You can manage cookie preferences through our cookie consent banner or by adjusting your browser settings. Disabling non-essential cookies will not affect core platform functionality.
13
AI & Automated Processing
JotLink uses artificial intelligence to power features across our products. Here is how AI processing affects your data:
- Conversation AI — Messages and call transcripts may be processed by AI models to generate summaries, suggested replies, sentiment scores, and task extractions. This processing occurs within secure infrastructure and results are stored in your JotLink account only.
- Call routing & scoring — AI analyzes incoming calls to classify intent, assign priority, and route to the right agent or automated workflow.
- CRM automation — AI reads interaction history to suggest next actions, auto-update deal stages, and flag at-risk accounts.
- Fraud & abuse detection — Automated systems monitor usage patterns to detect unauthorized access or misuse.
We do not use your data to train models that are sold or licensed to third parties. You have the right to request human review of any automated decision that significantly affects you by contacting [email protected].
14
Children's Privacy
JotLink's services are intended for business use and are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years old. Additionally, certain consumer-facing features such as location sharing and social sign-in are not designed for or available to users under the age of 10.
If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected] and we will promptly review and delete the relevant data.
15
Security
We take the security of your data seriously and implement industry-standard technical and organizational measures to protect it, including:
- Encryption of data in transit using TLS 1.2 or higher
- Encryption of data at rest using AES-256
- Multi-factor authentication options for all accounts
- Role-based access controls and least-privilege principles for internal systems
- Regular security audits and penetration testing
- Incident response procedures with mandatory breach notification timelines
Despite these measures, no transmission over the internet is 100% secure. We encourage you to use strong, unique passwords and enable two-factor authentication on your JotLink account.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR.
16
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this page
- Send an email notification to registered account holders
- Display a notice within the JotLink platform for 30 days
Your continued use of JotLink services after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree with the revised policy, you should discontinue use and may request account deletion.
Previous versions of this Privacy Policy are available upon request.
17
Contact Us
If you have questions about this Privacy Policy, want to exercise your data rights, or need to report a privacy concern, please contact our privacy team:
JotLink Privacy Team
If you are located in the EEA or UK and believe your data protection rights have been violated, you also have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available at edpb.europa.eu.