Privacy Policy

JAR Intelligence collects the minimum information necessary to provide and secure the Service. When you submit an access request, we collect your name, agency affiliation, job title, and email address. This information is used solely to verify eligibility and provision your account.

When you use the Performance Review Engine, the supervisor notes and evaluation categories you enter are processed to generate review drafts. See the Data Anonymization section below for how employee-identifying information is handled before any data leaves your device.

We collect standard server logs including IP addresses, browser type, and pages accessed for security monitoring and service reliability purposes. We do not use this data for advertising or behavioral profiling.

Account information (name, agency, email) is used to manage access, communicate service updates, and respond to support requests. We do not sell, rent, or share your account information with third parties except as required by law or as described in the Third Party Services section below.

Anonymized input content is transmitted to AI processing services for the sole purpose of generating performance review drafts. This content is not associated with identifiable individuals and is not retained by JAR Intelligence after your session ends.

We may use aggregate, de-identified usage statistics to improve the Service. These statistics cannot be traced back to individual users or agencies.

Anonymization is the most important privacy protection in the Performance Review Engine, and it happens entirely on your device before any data is transmitted.

When you enter employee names into the tool, those names are replaced with coded placeholders (e.g., "Employee A", "Employee B") using client-side JavaScript running in your browser. The substitution occurs locally — the original names are never included in any network request sent to JAR Intelligence servers or any third-party AI provider.

A name-to-placeholder mapping is displayed to you in the interface so you can restore names in the final document. This mapping exists only in your browser session and is not stored or transmitted. JAR Intelligence has no ability to associate AI-generated review content with specific individuals at your agency.

While this architecture provides strong privacy protections, it does not substitute for your agency's legal obligations regarding personnel records. You remain responsible for ensuring your use of the Service complies with applicable privacy laws and agency policy.

All data transmitted between your browser and JAR Intelligence services is encrypted in transit using TLS 1.2 or higher. Account credentials are stored using industry-standard hashing practices via our authentication provider.

Access to the Service is restricted to approved users. Account provisioning requires manual review and approval by JAR Intelligence administrators. Temporary credentials are transmitted only to the verified email address associated with the request.

We employ reasonable administrative, technical, and physical safeguards to protect information against unauthorized access, alteration, disclosure, or destruction. However, no security measure is perfect, and we cannot guarantee absolute security.

Account information (name, agency, email) is retained for the duration of your active account. If you request account deletion, your profile information will be removed within 30 days.

Anonymized content processed through the AI generation pipeline is not persistently stored by JAR Intelligence. Generated review drafts exist only in your browser session and in the downloaded PDF you produce — they are not retained on our servers.

Server logs are retained for up to 90 days for security and operational purposes, after which they are deleted or aggregated into statistical summaries that cannot identify individual users.

JAR Intelligence uses the following third-party services to operate the platform:

Anthropic API — AI text generation is powered by Anthropic's Claude API. Anonymized (name-stripped) content is transmitted to Anthropic for processing. Anthropic's data handling practices are governed by their API usage policies. Anthropic does not receive employee names or other identifying information due to the client-side anonymization described above.

Supabase — User authentication and account profiles are managed through Supabase, a cloud database and authentication platform. Your account information (name, agency, email, approval status) is stored in Supabase. Supabase's privacy practices are governed by their privacy policy.

Resend — Transactional emails (access approval notifications, credential delivery) are sent through Resend. Your email address is shared with Resend solely for the purpose of delivering these messages.

Each of these providers has been selected for their security posture and data handling practices. JAR Intelligence does not authorize any of these providers to use your information for their own commercial purposes.

You have the right to access, correct, or request deletion of your account information at any time. To exercise these rights, contact us at privacy@jarintel.ai. We will respond to verified requests within 30 days.

If you are located in a jurisdiction with applicable data protection laws (such as certain U.S. state privacy laws), you may have additional rights including the right to opt out of certain processing activities. Contact us to discuss your specific situation.

You may request that your account be deactivated and your profile data deleted by contacting privacy@jarintel.ai. Note that server logs may be retained for up to 90 days as described in the Data Retention section.

For questions, concerns, or requests related to this Privacy Policy or your data, contact us at:

Privacy inquiries: privacy@jarintel.ai General inquiries: justin@jarintel.ai Website: jarintel.ai

JAR Intelligence is committed to working with you to resolve any privacy concerns. If you believe your privacy rights have been violated, you have the right to lodge a complaint with the appropriate regulatory authority in your jurisdiction.