Jessie logoJessie

Jessie – Privacy Policy

Last updated: 4 November 2025

Jessie ("we", "us", "our") is a minimal to-do app that lets you capture tasks by voice and automatically from actionable emails. This Privacy Policy explains what data we collect, how we use it, and your rights. If anything here is unclear, contact us and we’ll help.

1) Who we are (Data Controller)

Jessie — operated by Andri Heeb
Email: support@getjessie.app
Postal: Andri Heeb, c/o F2BII E-Commerce#195, Hintergoldingerstrasse 30, 8638 Goldingen, Switzerland

If you are in Switzerland/EEA, we process your data under the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU/UK GDPR.

2) What we collect and why

We collect the minimum data necessary to provide the service.

a) Account & basic usage

  • Account identifiers (email, name or alias), hashed authentication identifiers, andsession tokens to sign you in.
  • App events/logs (e.g., feature usage, crash diagnostics) to keep the service reliable.

Purpose: operate the app, secure accounts, detect abuse, troubleshoot.
Legal bases: contract performance; legitimate interests (security, reliability).

b) Voice → To-do

  • Microphone input you choose to record and the transcript we create to turn it into a task.

Purpose: create the requested to-do; improve speech accuracy and task extraction.
Legal bases: contract performance; consent (microphone permission).

c) Email → To-do (when you connect a mailbox)

  • OAuth tokens and provider identifiers needed to access your mailbox without seeing your password.
  • Message metadata (sender, subject, dates, labels).
  • Message content of emails likely to be actionable (e.g., invoices, deadlines, follow-ups). We use classifiers toignore newsletters/marketing where feasible; this is best-effort and may not be perfect.

Purpose: detect actionable emails and create/refresh to-dos for you.
Legal bases: contract performance; legitimate interests (reduce clutter); consent for connecting the mailbox.

d) To-dos & preferences

  • The tasks you save (title, due date, notes, status) and settings like language, notification timings.

Purpose: provide the core app functionality.
Legal bases: contract performance.

3) Where your data lives (processors)

We use reputable providers under data-processing agreements:

  • Nylas – secure mail connector used to sync Gmail/IMAP and manage OAuth tokens.
  • Supabase – database/storage for your account and to-dos.
  • Vercel (and/or your host) – hosts the marketing site and API edge functions.
  • (Optional) AI/ML provider – for speech-to-text and classification. If enabled, snippets needed for the feature may be sent to that provider for processing.

We do not sell your data. We share data only with processors to run the service, or when required by law.

4) International transfers

Your data may be processed outside Switzerland/EEA. Where that occurs, we rely on adequacy decisions or Standard Contractual Clauses and implement additional safeguards where appropriate.

5) Retention

  • OAuth tokens: kept until you disconnect the mailbox or are inactive for an extended period.
  • Email-derived to-dos: kept until you delete them or your account.
  • Server logs: typically up to 30 days unless needed for security/investigation.

6) Security

We use industry-standard security measures, including TLS in transit, encryption at rest where supported by our providers, access controls, and least-privilege practices. No method of transmission or storage is 100% secure.

7) Your rights

Depending on where you live, you may have the right to access, rectify, delete, restrict, object, port your data, and withdraw consent. You can also complain to a supervisory authority (e.g., the Swiss FDPIC or your EU authority).

Contact us at support@getjessie.app to exercise your rights. We may need to verify your identity.

8) Disconnecting email / deleting data

You can disconnect your mailbox in Jessie at any time. You can also revoke access via Google Account → Security → Third-party access (or your provider’s equivalent). Deleting your account removes your to-dos and associated personal data we control, subject to minimal backups and legal obligations.

9) Children

Jessie is not directed to children under 16. If you believe a child has provided us data, contact us and we’ll delete it.

10) Changes to this Policy

We’ll post updates here and adjust the “Last updated” date. Material changes will be announced in-app or by email where appropriate.