JaggedTools

Privacy Policy

Last updated: March 23, 2026

1. Introduction

This Privacy Policy describes how Jagged Tools ("we", "us", "our") collects, uses, and protects your information when you use our service at jagged.tools.

2. Information We Collect

Account Information

  • Email address (required for registration)
  • Display name (optional)
  • Password (stored as a bcrypt hash — we never store plaintext passwords)

Billing Information

  • Stripe customer ID (links your account to Stripe for payment processing)
  • Transaction history (top-ups, usage charges, refunds)
  • We do not store credit card numbers, CVVs, or full card details — all payment data is handled by Stripe

Usage Information

  • API requests and endpoints used
  • Token counts (input/output) for billing purposes
  • IP address and user agent (for security and rate limiting)

Technical Information

  • Session tokens (for authentication)
  • Login timestamps and counts

3. How We Use Your Information

  • Service delivery: To provide, maintain, and improve the Service.
  • Authentication: To verify your identity and secure your account.
  • Billing: To process payments and maintain accurate balance records.
  • Communication: To send verification emails, password resets, and important service updates.
  • Security: To detect and prevent fraud, abuse, and unauthorized access.

4. Data Sharing

We do not sell your personal information. We share data only with:

  • Stripe: For payment processing. Stripe's privacy policy governs their handling of payment data.
  • Resend: For transactional email delivery (verification, password reset emails).
  • Law enforcement: When required by law or to protect our rights.

5. Data Security

We protect your data through:

  • HTTPS encryption for all communications
  • bcrypt password hashing (cost factor 12)
  • AES-256-GCM encryption for sensitive stored credentials
  • Session tokens with cryptographic hashing
  • Rate limiting on authentication endpoints
  • CSRF protection on all forms

6. Data Retention

  • Account data is retained while your account is active.
  • Session tokens expire after 24 hours and are periodically cleaned up.
  • Transaction records are retained for accounting and legal compliance.
  • You may request account deletion by contacting us.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Export your transaction history.

To exercise these rights, contact us at support@jagged.tools.

8. Cookies

We use a single session cookie (jt_session) for authentication. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Material changes will be communicated via email.

10. Contact

For privacy-related questions, contact us at: