Privacy Policy

Big Jupyter (“Big Jupyter,” “we,” “our,” or “us”) operates an AI-powered marketing platform available at bigjupyter.com (the “Service”). This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the choices you have.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account & Profile Data

When you register, we collect your name, email address, company name, and password (hashed). If you update your profile, we store any additional information you provide such as a profile photo or billing address.

1.2 Subscription & Payment Data

Payments are processed by Stripe, Inc. We do not store full card numbers or CVV codes. We receive and retain billing name, last four card digits, billing address, plan tier (Solo, Pro, or Agency), transaction dates, and amounts for accounting and fraud-prevention purposes.

1.3 Connected Third-Party Accounts

The Service lets you connect external platforms. When you do, we receive and store OAuth tokens and, where necessary, account identifiers and scoped data from:

• Google Analytics & Search Console
• Google Ads
• Instagram (Meta)
• Apollo.io
• Ghost CMS
• X (Twitter)
• LinkedIn
• Reddit

We access only the scopes you explicitly authorize. You may revoke any connection at any time from your account settings or directly from the third-party platform.

1.4 Content & Campaign Data

We store the content you create or that is generated on your behalf: blog posts, social media posts, ad copy, outreach email drafts, editorial calendars, brand assets you upload (logos, images, style guides), and campaign configuration data.

1.5 End-User Contact Data (Outreach)

If you upload contact lists for outreach campaigns (for example, prospect email addresses via Apollo.io integration), those records are processed on your behalf as data processor. You are responsible for having a lawful basis to provide that data to us and to contact those individuals.

1.6 Usage & Technical Data

We automatically collect data about how you interact with the Service: pages visited, features used, actions taken, time and duration of sessions, error logs, browser type and version, operating system, device type, and IP address (truncated where required by law).

1.7 Cookies & Tracking Technologies

We use cookies, local storage, and similar technologies as described in Section 6.

2. How We Use Your Information

We use your data to:

• Provide and operate the Service — authenticate accounts, execute scheduled tasks, publish content to connected platforms, and fulfill all features you subscribe to.
• Process AI-assisted generation — your inputs (brand voice, briefs, target keywords, connected account data) are sent to large language model APIs to generate content. We do not use your data to train third-party foundation models unless you explicitly opt in.
• Process payments — manage subscriptions, issue invoices, and prevent fraud.
• Analytics & product improvement — understand feature usage, diagnose errors, and improve the Service. We use aggregated and anonymized data where possible.
• Communications — send transactional emails (receipts, password resets, security alerts), product updates, and, where you have consented, marketing communications. You may opt out of marketing emails at any time.
• Compliance & legal obligations — detect abuse, enforce our Terms of Service, and comply with applicable laws.
• Legitimate interests — maintain the security and integrity of the Service, prevent fraud, and develop new features, where those interests are not overridden by your rights.

Legal bases (GDPR). Depending on the processing activity, we rely on: (a) performance of a contract (Art. 6(1)(b)), (b) our legitimate interests (Art. 6(1)(f)), (c) your consent (Art. 6(1)(a)), or (d) compliance with a legal obligation (Art. 6(1)(c)).

3. How We Share Your Information

We do not sell your personal data.

We share data only in the following circumstances:

3.1 Third-Party Integrations (at Your Direction)

When you connect external accounts, we transmit data to those platforms on your explicit instruction (e.g., publishing a post to Instagram). Each platform’s own privacy policy governs their handling of that data.

3.2 AI API Providers

We use third-party large language model API providers to power content generation. Your inputs and context are transmitted to these providers under data processing agreements that prohibit them from using your data to train their models.

3.3 Payment Processor

Stripe, Inc. processes payments on our behalf. Stripe is PCI-DSS Level 1 certified. See Stripe’s privacy policy at stripe.com/privacy.

3.4 Infrastructure & Service Providers

We engage sub-processors for hosting, email delivery, error monitoring, and analytics. These providers act under written data processing agreements and may only process data as instructed by us.

3.5 Legal Requirements

We may disclose data to courts, regulators, or law enforcement where required by applicable law, or where necessary to protect the rights, property, or safety of Big Jupyter, our users, or the public.

3.6 Business Transfers

If Big Jupyter is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is subject to a materially different privacy policy.

4. Data Retention

We retain data for as long as necessary to provide the Service and fulfill the purposes described in this policy, or as required by law.

• Account data — retained for the duration of your subscription and for 90 days after account closure to allow reactivation, then permanently deleted or anonymized.
• Content & campaign data — retained while your account is active. Upon account deletion, content is deleted within 30 days unless you request earlier deletion.
• Connected account tokens — deleted immediately upon disconnection or account closure.
• End-user contact data — deleted within 30 days of your written deletion request or account closure, whichever comes first.
• Payment records — retained for 7 years to comply with financial regulations.
• Usage & log data — retained for up to 12 months, then aggregated or deleted.

5. Your Rights and Choices

5.1 Rights for EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under applicable data protection law:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data where no legitimate basis for retention exists.
• Right to restrict processing — request that we limit how we use your data in certain circumstances.
• Right to data portability — receive your data in a structured, machine-readable format (JSON).
• Right to object — object to processing based on legitimate interests, including direct marketing.
• Right to withdraw consent — withdraw any consent you have given at any time, without affecting prior lawful processing.

We will respond to valid requests within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

5.2 Rights for California Residents (CCPA / CPRA)

California residents have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

• Right to know — request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell.
• Right to delete — request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to correct — request correction of inaccurate personal information.
• Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising.
• Right to limit use of sensitive personal information — we do not use sensitive personal information for purposes beyond those necessary to provide the Service.
• Right to non-discrimination — we will not discriminate against you for exercising any of the above rights.

We will respond to verifiable consumer requests within 45 days.

5.3 How to Exercise Your Rights

Submit a request by emailing hello@bigjupyter.com with the subject line “Privacy Request.” You may also manage many preferences directly in your account settings. We may need to verify your identity before processing your request.

6. Cookies and Tracking Technologies

We use the following categories of cookies and similar technologies:

• Strictly necessary cookies — required for authentication, session management, and security. These cannot be disabled without breaking the Service.
• Functional cookies — remember your preferences (e.g., language, UI settings) to personalize your experience.
• Analytics cookies — help us understand how users interact with the Service so we can improve it. We use aggregated, pseudonymized data where possible. You may opt out of analytics cookies via our cookie banner or your account settings.
• Marketing cookies — used on our marketing website (bigjupyter.com) to measure the effectiveness of advertising campaigns. These are only set with your consent.

You can control cookies through your browser settings. Note that disabling certain cookies may affect functionality. For the authenticated application, only strictly necessary and functional cookies are set by default.

7. Data Security

We implement technical and organizational measures designed to protect your data against unauthorized access, alteration, disclosure, or destruction, including:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• OAuth token storage using industry-standard encrypted vaults.
• Role-based access controls and principle of least privilege for internal staff.
• Regular security reviews and dependency patching.
• Incident response procedures with regulatory notification timelines.

No system is perfectly secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by applicable law.

8. International Data Transfers

Big Jupyter is operated from [Company Address]. Your data may be transferred to and processed in countries outside your country of residence, including the United States, which may not provide the same level of data protection as your home jurisdiction.

For transfers of personal data from the EEA, UK, or Switzerland to countries not recognized as providing an adequate level of protection, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or the UK International Data Transfer Addendum, as applicable.

You may request a copy of the relevant transfer mechanism by contacting us at hello@bigjupyter.com.

9. Children’s Privacy

The Service is intended solely for users who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at hello@bigjupyter.com and we will delete that data promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) and/or by posting a notice within the Service at least 14 days before the changes take effect.

Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes. If you do not agree, you should stop using the Service and may request deletion of your data.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For EEA residents, Big Jupyter acts as the data controller for account and usage data, and as a data processor for end-user contact data you upload. If you are located in the EEA and have an unresolved privacy concern, you have the right to contact your local data protection authority.