Privacy Policy

1. Introduction

JARVIS-X Security (“we”, “our”, or “us”) operates the AI-powered email security platform available at jarvisxsecurity.com. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service. By using JARVIS-X, you agree to the terms described in this policy.

We are committed to handling your data with transparency and care. Our sole purpose is to protect your email security — we do not sell, share, or monetize your personal data.

2. Information We Collect

We collect only what is necessary to provide the service:

• Gmail OAuth Access: When you connect your Gmail account, we request read-only access to scan incoming emails for threats. We use OAuth 2.0 — we never store your Google password.
• Email Metadata: Sender address, subject line, received timestamp, and email body text are processed for threat analysis. Attachments are not stored.
• Account Information: Your email address, phone number (for alerts), and account preferences.
• Threat Analysis Results: Risk scores, threat classifications, and detection reasons generated by our AI engine.
• Usage Data: Basic usage logs such as login timestamps and feature interactions for service improvement.

3. How We Use Your Information

Your data is used exclusively for the following purposes:

• Scanning incoming emails for phishing, malware, and social engineering threats
• Generating risk scores and threat classifications using our AI engine
• Sending security alerts via WhatsApp and voice calls when threats are detected
• Maintaining your account and dashboard history
• Improving detection accuracy through aggregated, anonymized pattern analysis
• Responding to your support requests

We do not read, store, or share the full content of your emails beyond what is necessary for threat detection. We do not use your emails for advertising or train general-purpose AI models on your personal email data.

4. Data Storage

Your data is stored securely using industry-standard infrastructure:

• Database: All account data, email records, and threat history are stored in Supabase (PostgreSQL), hosted on secure cloud infrastructure with row-level security (RLS) enabled.
• Gmail Tokens: OAuth access tokens are encrypted at rest using AES-256-CBC encryption before being stored in our database. Your Google credentials are never stored in plain text.
• Retention: Email scan records are retained for as long as your account is active. You may request deletion at any time.
• Backups: Database backups are encrypted and stored securely. Backups are retained for a limited period for disaster recovery purposes.

5. Third-Party Services

JARVIS-X integrates with the following third-party services to deliver its features. Each service has its own privacy policy.

6. Data Security

We implement multiple layers of security to protect your data:

• AES-256-CBC encryption for all stored OAuth tokens
• JWT-based authentication with minimum 32-character secret keys
• HTTPS enforced on all API endpoints
• Row-level security (RLS) in Supabase — users can only access their own data
• Rate limiting on all authentication and API endpoints
• CORS restrictions to approved origins only
• Security headers enforced via Helmet.js

While we employ industry-standard security measures, no system is 100% secure. We encourage you to use a strong, unique password and enable two-factor authentication on your Google account.

7. Your Rights

You have full control over your data:

• Access: Request a copy of all data we hold about you.
• Deletion: Request deletion of your account and all associated data. We will permanently delete your records within 30 days.
• Revoke Gmail Access: You can disconnect your Gmail account from JARVIS-X at any time via your dashboard, or directly from Google Account → Security → Third-party apps.
• Opt Out of Alerts: You can disable WhatsApp or voice call alerts from your account settings at any time.
• Data Portability: Request an export of your email scan history and threat reports.

To exercise any of these rights, contact us at contact@jarvisxsecurity.com.

8. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out:

We aim to respond to all privacy-related inquiries within 5 business days.