Privacy Policy

Last updated: April 2026

Jellar ("we", "us", "our") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights.

1. What we collect

Account data — When you sign in with GitHub OAuth, we receive your GitHub username, public email address (if set to public), and avatar URL. We do not receive your GitHub password.

Project submissions — When you submit a project, we store your project URL, title, description, mission brief, category, city, country, and your answers to the Vibe Check safety questionnaire.

Feedback sessions — When you complete a review as a tester, we store your structured feedback including ratings, friction points, magic moments, and summary text, linked to your account.

Newsletter email — If you subscribe to Jellar Monthly, we store your email address. New accounts are automatically subscribed; you can unsubscribe from Settings at any time.

IP geolocation — We use your IP address during project submission to detect your approximate country for fraud prevention. We do not store your IP address permanently.

Payment data — Payments are processed by Stripe. We do not store credit card numbers. We store Stripe customer IDs and subscription status only.

2. What we do NOT collect

• Precise GPS location
• Device identifiers or fingerprints
• Browsing history outside Jellar
• Private GitHub repository data
• Any data from minors (you must be 18+ to use Jellar)

3. How we use your data

• To operate the platform — matching testers to projects, displaying feedback to builders, computing karma scores
• To verify submissions — IP-based country detection is used to flag mismatches and block submissions from restricted regions
• To send the Jellar Monthly newsletter (if subscribed)
• To process payments via Stripe
• To investigate abuse, fraud, or policy violations

4. Data sharing

We do not sell your data. We do not share your data with advertisers. We share limited data with the following third parties to operate the platform:

• Supabase — database and authentication hosting
• Stripe — payment processing
• GitHub — OAuth authentication
• ipapi.co — IP geolocation (country-level only, at submission time)

5. Data retention

Your data is retained for as long as your account exists. If you delete your account via Settings, we permanently delete your profile, all feedback sessions you submitted, all projects you listed, and your newsletter subscription. This cannot be undone.

Some anonymised aggregate data (e.g. total review counts) may be retained for platform analytics after deletion.

6. Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data. To exercise these rights, email us at hello@jellar.app or use the Delete Account function in Settings.

7. Cookies

We use session cookies to maintain your login state (via Supabase Auth). We do not use advertising or tracking cookies.

8. Security

All data is transmitted over HTTPS. We use Supabase Row Level Security (RLS) to ensure users can only access their own data. We do not store passwords — authentication is handled entirely by GitHub OAuth.

9. Platform restrictions

Jellar is currently restricted to web-based projects. iOS and Android native app testing is not supported. Project submissions from Russia, Iran, Israel, and China are not currently accepted for security reasons.

10. Changes to this policy

We may update this policy as the platform evolves. Significant changes will be noted on the platform. Continued use of Jellar constitutes acceptance of the updated policy.

11. Contact

Questions? Email hello@jellar.app