Privacy Policy

Last updated: May 2026

Jellar ("we", "us", "our") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights.

Who operates Jellar: Jellar is a product of Social Highway, a trading name under which its owner operates multiple independent products and business lines. Social Highway is not a company name used in public-facing branding - Jellar is the product. When this policy refers to "Jellar", "we", "us", or "our", this means Jellar as operated by Social Highway. For privacy enquiries: hello@jellar.io.

1. What we collect

Account data (GitHub OAuth) - When you sign in with GitHub, we receive your GitHub username, public email address (if set to public on your GitHub account), and avatar URL. We do not receive your GitHub password.

Account data (Google OAuth) - When you sign in with Google, we receive your Google account name, email address, and profile picture. We do not receive your Google password.

Profile data - During onboarding you may provide a username, your role on the platform (builder or tester), interests, experience level, and what you are building. This information is stored on your profile and used to personalise your experience.

Project submissions - When you submit a project, we store your project URL or app store link, title, description, mission brief, category, platform type (website, web app, iOS app, or Android app), city, country, and your answers to the automated safety questionnaire.

Feedback sessions - When you complete a review as a tester, we store your structured feedback including ratings, friction points, magic moments, summary text, and behavioural signals such as time spent on the project. This data is linked to your account and delivered to the builder who paid for the review.

Newsletter email - When you complete onboarding, your email address is automatically added to the Jellar newsletter. By creating an account, you agree to receive the newsletter. We store your email address and pass it to Beehiiv (our newsletter provider) for delivery. You can unsubscribe at any time from Settings, or by clicking the unsubscribe link in any newsletter email. Unsubscribing from the newsletter does not affect your Jellar account.

Payment data - Payments are processed by Stripe. We do not store credit card numbers. We store your Stripe session reference and pack purchase status only. Stripe's privacy policy applies to payment data they hold.

Bug reports - If you submit a bug report, we store the page, description, severity, and optional screenshot you provide, along with automatically captured diagnostic data (browser type, screen size, timezone, and page URL at the time of the report). This data is used solely for platform debugging and is visible to Jellar administrators only.

Usage data - We use Google Analytics (anonymised) to understand how pages are used. This is subject to your consent preference set in the privacy banner. We do not use advertising tracking.

2. What we do NOT collect

• Precise GPS location
• Device identifiers or fingerprints
• Browsing history outside Jellar
• Private GitHub repository data
• Any data from minors (you must be 18 or older to use Jellar)
• Credit card numbers or full payment details (handled entirely by Stripe)

3. How we use your data

• To operate the platform - matching testers to projects, displaying feedback to builders, computing karma scores
• To verify submissions - country detection is used to flag mismatches and block submissions from restricted regions
• To send transactional emails - review notifications, approval confirmations, and karma updates (via Resend)
• To send the Jellar newsletter (via Beehiiv, if subscribed)
• To process payments via Stripe
• To investigate abuse, fraud, or policy violations
• To improve the platform using anonymised analytics (via Google Analytics, if consent given)

4. Data sharing

We do not sell your data. We do not share your data with advertisers. We share limited data with the following third parties to operate the platform:

• Supabase - database and authentication hosting (servers in the United States)
• Netlify - website hosting and serverless function execution
• Stripe - payment processing. Stripe receives your email address and payment details when you make a purchase
• GitHub - OAuth authentication (if you sign in with GitHub)
• Google - OAuth authentication (if you sign in with Google) and anonymised analytics (if consent given)
• Resend - transactional email delivery. Resend receives your email address and the content of emails sent to you
• Beehiiv - newsletter delivery. Beehiiv receives your email address if you subscribe to the Jellar newsletter

5. Data retention

Your data is retained for as long as your account exists. If you delete your account via Settings, we permanently delete your profile data, credit history, notification records, and newsletter subscription. Review content you submitted as a tester is retained on the platform in anonymised form - your username and avatar are removed, but the feedback itself remains available to the builder who paid for it. This is a condition of using Jellar as a tester. See our Terms & Conditions Section 8 for full details.

Some anonymised aggregate data (such as total review counts) may be retained for platform analytics after deletion.

6. Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data. Australian users have rights under the Privacy Act 1988. Users in the European Economic Area have rights under GDPR. To exercise any of these rights, email us at hello@jellar.io or use the Delete Account function in Settings.

7. Cookies and local storage

We use browser localStorage to maintain your login session (via Supabase Auth). We do not use advertising or tracking cookies. Google Analytics sets minimal analytics cookies if you have given consent via the privacy banner. You can withdraw consent at any time using the privacy preferences link in the site footer.

8. Security

All data is transmitted over HTTPS. We use Supabase Row Level Security (RLS) to ensure users can only access their own data. We do not store passwords - authentication is handled entirely by GitHub and Google OAuth. Admin access to user data is restricted to the platform owner and is logged.

9. Changes to this policy

We may update this policy as the platform evolves. Significant changes will be noted on the platform. Continued use of Jellar after a policy update constitutes acceptance of the revised policy.

10. Contact

Questions? Email hello@jellar.io