Privacy Policy

1. Data Controller

S&C Holding GmbH
Halbgasse 1a, 1070 Vienna, Austria
Email: info@jenda.app
VAT ID: ATU70341613
Managing Director: Mag. Markus Höfinger

2. Data We Collect

2.1 Account Data

• Email address
• Name (optional)
• Authentication data via Clerk

2.2 Subscription Data

• Subscription emails you forward to us
• Extracted data: provider name, amount, billing cycle, category, currency
• Text and attachments (PDFs) from forwarded emails

2.3 Usage Data

• Device information
• Browser type
• IP address
• Pages visited
• Feature usage patterns

2.4 Payment Data

• Subscription status
• Payment history (processed by Apple/payment providers)
• We do not store credit card details

2.5 Gmail Data (Optional Feature)

If you choose to connect your Gmail account, we access the following data:

• Email content: We search for and read emails containing subscription-related keywords (invoice, subscription, receipt, renewal, billing)
• Email metadata: Sender address, subject line, date received
• Attachments: PDF invoices attached to subscription emails
• Email status: We mark processed emails as read to prevent duplicate processing

3. How We Use Your Data

3.1 Service Delivery

• Processing and storing your subscription data
• Extracting data using AI models
• Generating subscription overviews and calendars
• Sending transactional emails

3.2 Service Improvement

• Analyzing aggregated usage patterns
• Improving AI extraction accuracy
• Developing new features

3.3 Marketing and Analytics

• Understanding user behavior
• Measuring feature adoption
• Marketing performance analysis

4. Gmail Integration

Jenda offers an optional Gmail integration feature that allows you to automatically import subscription information from your Gmail inbox. This section explains how we handle your Gmail data.

4.1 OAuth Scopes We Request

When you connect your Gmail account, we request the following permissions:

• gmail.readonly: To search and read emails containing subscription-related content
• gmail.modify: To mark processed emails as read (preventing duplicate processing)

4.2 How We Use Gmail Data

• We search your inbox for emails containing keywords: "invoice", "subscription", "receipt", "renewal", "billing"
• We read matching emails to extract subscription information (provider name, amount, billing cycle, dates)
• We process PDF attachments to extract invoice data
• We mark processed emails as read in your Gmail inbox
• We do NOT send emails on your behalf
• We do NOT delete, archive, or modify your emails (except marking as read)
• We do NOT access contacts, calendar, or other Google services

4.3 Gmail Data Storage

• Email content: NOT stored. Emails are processed in memory and immediately discarded
• Attachments: NOT stored. PDFs are processed for data extraction and immediately deleted
• Extracted metadata: Only structured subscription data is stored (provider name, amount, dates, category)
• OAuth tokens: Your refresh token is encrypted with AES-256 and stored securely to maintain your connection

4.4 Revoking Gmail Access

You can disconnect your Gmail account at any time:

• Go to Settings → Gmail Integration → Click "Disconnect"
• This immediately revokes our access to your Gmail
• Your encrypted OAuth tokens are deleted from our database
• Previously imported subscription data remains (you can delete it manually)
• You can also revoke access via Google Account Permissions

4.5 Google API Services User Data Policy

Jenda's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. AI Processing

Your subscription emails and attachments are processed by AI services to extract structured data. We use:

• Google AI (Gemini)
• OpenAI
• Anthropic (Claude)

These services process your data solely to provide extraction results. We have Data Processing Agreements (DPAs) with these providers where applicable.

Important: By using Jenda, you consent to your subscription data being processed by AI services for data extraction purposes.

6. Data Sharing

6.1 We Never Share

• Individual subscription data
• Personal financial information
• Identifiable transaction details

6.2 Anonymized Data for Commercial Use

To improve our AI accuracy, develop new features, and create training datasets, we may process, use, and commercialize anonymized data derived from subscription emails. This includes:

• Extracted subscription data including provider names, amounts, and billing cycles
• Email layout patterns, formatting structures, and document types

What we remove: Your name, address, contact information, account numbers, payment card details, email addresses, phone numbers, and any information that could identify you.

What we retain: Provider information (business names, addresses, pricing) as this constitutes publicly available business data.

By using Jenda, you grant us a perpetual, worldwide, royalty-free license to use, process, sublicense, and sell this anonymized data for commercial purposes including AI training, dataset licensing, and research.

6.3 We May Also Share

• Aggregated, anonymized statistics
• Marketing and analytics data with third-party tools

6.4 Service Providers

We use the following third-party services:

We have Data Processing Agreements (DPAs) in place with most of our service providers. For specific information about our contractual arrangements with individual providers, please contact us at info@jenda.app.

7. Data Security

7.1 Encryption

• All data is encrypted in transit (TLS/SSL)
• All data is encrypted at rest on Supabase servers
• All backups are encrypted

7.2 Server Location

Your data is stored on Supabase servers in Frankfurt, Germany, within the European Union.

7.3 Access Control

• Only authorized personnel can access systems
• We use role-based access controls
• Regular security audits

8. Data Retention

• Active accounts: Data retained while account is active
• Deleted accounts: Data deleted within 30 days
• Email attachments: Deleted immediately after processing
• Aggregated analytics: May be retained indefinitely (anonymized)

9. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

• Access: Request a copy of your data
• Rectification: Correct inaccurate data
• Erasure: Delete your account and data
• Portability: Export your data
• Restriction: Limit how we process your data
• Objection: Object to certain processing
• Withdraw consent: At any time

To exercise these rights, contact us at info@jenda.app or use the account deletion feature in Settings.

10. Cookies

We use cookies for:

• Authentication (required)
• Analytics (optional)
• Preferences (optional)

You can manage cookie preferences in your browser settings or via our cookie banner.

11. Children

Jenda is not intended for users under 16 years of age. We do not knowingly collect data from children under 16.

12. International Transfers

Some of our service providers are located outside the EU (USA). We ensure appropriate safeguards through:

• Standard Contractual Clauses (SCCs)
• Data Processing Agreements (DPAs)
• Privacy Shield certification where applicable

13. Changes to This Policy

We may update this Privacy Policy. Significant changes will be communicated via email or in-app notification.

14. Contact

For privacy-related inquiries:

S&C Holding GmbH
Halbgasse 1a, 1070 Vienna, Austria
Email: info@jenda.app

You may also lodge a complaint with the Austrian Data Protection Authority:
Österreichische Datenschutzbehörde
Barichgasse 40-42, 1030 Vienna
www.dsb.gv.at