Privacy Statement

Jolli (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Statement (“Privacy Statement”) describes how we collect, use, and protect information in connection with your use of our website (“Website”), the Jolli platform (“Platform”), the Jolli Memory CLI and IDE extensions, and any other services we offer (collectively, the “Services”).

By using the Services, to the fullest extent permitted by law, you acknowledge that you have read and agreed to the terms of this Privacy Statement. Please understand that we reserve the right to change any of our policies and practices at any time, but you can always find the latest version of this Privacy Statement on this page.

Questions or concerns? Contact us at privacy@jolli.ai

Personal information is any information that identifies, relates to, or can be linked to a natural person (“Personal Information”). We may collect certain Personal Information from you when you engage with our Services, as described below.

Information You Provide

• Account Information: Name, email address, phone number (if provided), and organizational affiliation provided at registration.
• Usage Data: Queries submitted to the Services, AI-generated responses, interaction logs, and feature usage patterns.
• Location Data: Approximate location derived from IP address, collected automatically upon visiting the website. We do not collect precise (GPS-level) geolocation data.
• Integration Content:When you connect third-party enterprise tools (such as GitHub, Atlassian, or Notion), we index and store content from those sources on your organization's behalf. This content may incidentally contain personal data such as names in commit messages, author information, or user mentions. This data is collected when your organization connects an integration and Jolli performs its initial and ongoing indexing.
• Jolli Memory Data:When you use Jolli Memory (our CLI, VS Code extension, or IntelliJ plugin), we process the following on your local machine and, if you enable “Push to Jolli” or cloud sync, transmit them to our Services: (a) AI assistant conversation transcripts from Claude Code, Codex CLI, and Gemini CLI sessions associated with your commits; (b) git commit metadata (commit hash, message, branch, author) and code diffs; (c) generated commit summaries, plans, and notes; and (d) session metadata (session IDs and local file paths) used to correlate AI sessions with commits. Transcripts and diffs may incidentally contain names, email addresses, file paths, or other information that could be Personal Information. By default, Jolli Memory data is stored only on your device — under ~/.jolli/jollimemory/ and in a local git orphan branch (jollimemory/summaries/v3) — and leaves your device only when you explicitly push it or configure cloud sync.
• Other Voluntary Information: Any other Personal Information you voluntarily share with us while using or interacting with the Services, such as through contact forms, support requests, or feedback submissions.

All Personal Information you provide must be true, complete, and accurate. Please notify us of any changes.

Information Collected Automatically

• Technical Data: IP addresses, browser and device type, operating system, language preferences, and session metadata collected automatically for security and operational purposes.
• Device Data: Device identification numbers, browser type, hardware model, and system configuration information.
• Log Data: Date/time stamps, pages and features accessed, error reports, and other diagnostic information recorded in server logs.

Social Login Data

If you register or log in using a third-party identity provider (e.g., Google, GitHub), we may receive profile information such as your name and email address from that provider. We use this information only as described in this Privacy Statement. Please review your identity provider's privacy policy for details on how they handle your data.

We process your information to:

• Provide, operate, and improve the Services.
• Facilitate account creation and authentication via direct registration or Google/GitHub OAuth.
• Index and surface content from connected enterprise integrations on behalf of your organization.
• Generate structured commit summaries via third-party AI models when you use Jolli Memory.
• Sync Jolli Memory summaries that you push to Jolli to your organization's knowledge base, and inject recalled development context into your AI assistant when you or a teammate invokes recall commands.
• Detect and prevent abuse, security threats, or Privacy Statement or Services violations.
• Generate anonymized, aggregated analytics about Services usage.
• Respond to support requests or inquiries.
• Send transactional and service-related communications via email (e.g., account verification, notifications).
• Comply with applicable legal obligations.

Note: We do not use (or allow use of) your Personal Information, inputs or data to train third-party foundational AI models.

Jolli uses various third-party service providers who provide sub-processing services for the Platform and Services, including providers of cloud infrastructure and database hosting, web hosting/CDN, authentication, code execution sandbox, web search, real-time messaging, AI models, and email delivery. Jolli uses managed third-party generative AI services to power search and writing features. These services process your queries under their own security and data handling controls. We select providers that offer enterprise-grade data isolation and do not use customer data for general model training.

When you use Jolli Memory, the contents of your AI assistant conversation transcripts and code diffs are transmitted to Anthropic's API for summarization — either directly, using an Anthropic API key you configure locally, or through the Jolli LLM proxy, using the jolliApiKey provisioned at sign-in. No Jolli Memory content is used to train third-party foundational AI models.

For a list of our third-party service providers and sub-processors that handle your Personal Information for us, please contact us or send us any concerns at support@jolli.ai.

We use functional session cookies necessary for authentication and Platform operation. These cookies store session identifiers, authentication state, and user preferences required for the Services to function. We do not currently deploy third-party analytics cookies, advertising cookies, web beacons, or tracking pixels. You can configure your browser to refuse or remove cookies, though doing so may affect Platform and Services functionality.

We retain personal data only as long as necessary for the purposes outlined in this Privacy Statement, or as required by law. When data is no longer needed, we will delete or anonymize it. If deletion is not immediately possible (e.g., data stored in backup archives), we will securely isolate it until deletion is feasible.

We may rectify, remove, or replenish incomplete or inaccurate information at any time and at our own discretion. You may also submit a request to delete your Personal Information by contacting us at support@jolli.ai.

• Account information is retained for as long as your account remains active.
• Usage data and interaction logs are retained for the operational life of the account.
• Integration content is retained as long as the integration remains connected and the customer account is active.
• Jolli Memory data stored on your device (under ~/.jolli/jollimemory/ and the jollimemory/summaries/v3 git orphan branch) remains on your device until you remove it — for example, by running jolli clean, jolli disable, or deleting the directory and branch. Jolli Memory summaries that you push to Jolli follow the same retention rules as other integration content: retained as long as the integration remains connected and your organization's account is active.
• Sensitive fields such as passwords are stored as one-way SHA-256 hashes; API keys and tokens are encrypted (AES-256-GCM) and are never logged in plain text.

Data Storage Location: All data is stored and processed in the United States. Sub-processors may process data in their own US-based infrastructure.

We implement reasonable technical and organizational measures to protect your personal information, including:

• Encrypted connections (HTTPS/TLS)
• Role-based access controls (RBAC)
• Cloud-native security infrastructure
• AES-256-GCM encryption for any PII present in audit logs
• Multi-factor authentication (MFA) required for all internal employee access to production systems
• Encryption keys managed via AWS Key Management Service (KMS) and AWS Parameter Store; Redis passwords stored in AWS Secrets Manager
• S3 storage with server-side AES-256 encryption; signed URLs with 15-minute expiry; tenant-level data isolation via object key prefixing
• Jolli Memory authenticates via a short-lived local OAuth callback server bound to a random port on localhost; OAuth tokens and API keys are written to a per-user config file (~/.jolli/jollimemory/config.json) and are masked in CLI output

Important: No electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure. While we do our best to protect your data, transmission to and from the Services is at your own risk.

We do not sell your personal data. We may share data with:

• Service Providers: Authorized third-party providers operating on our behalf under data processing agreements.
• Legal Disclosures: We may disclose Personal Information if we have a good faith belief that disclosure is helpful or reasonably necessary to: (a) comply with any applicable law, regulation, legal process, or governmental request; (b) enforce our policies, including investigations of potential violations; (c) investigate, detect, prevent, or take action regarding illegal activities, suspected fraud, or security issues; (d) establish or exercise our rights to defend against legal claims; or (e) prevent harm to the rights, property, or safety of us, our Services, you, or any third party.
• Disputes: In the event of any dispute involving you, we may share Personal Information with our legal counsel, professional advisors, service providers, and relevant courts or tribunals as needed to resolve the dispute, defend against claims, or enforce our rights.
• External Links:Our Website or Platform may contain links to other websites or services. We are not responsible for the privacy practices of those third-party sites. We encourage you to review the privacy policy of every website or service you visit. This Privacy Statement applies only to Jolli's Services.
• Business Transfers: In connection with a merger, acquisition, financing, or sale of company assets, your data may be transferred as part of that transaction.

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us at privacy@jolli.ai and we will promptly delete it.

Some browsers allow you to send Do-Not-Track (“DNT”) signals. Because no uniform standard for DNT has been finalized, we do not currently respond to DNT signals. If an industry standard is adopted in the future, we will update this Privacy Statement accordingly.

Depending on your location, you may have the right to:

• Know what personal data we collect and how it is used.
• Access the personal data we hold about you.
• Correct inaccurate or outdated information.
• Delete your personal data (subject to certain legal exceptions).
• Restrict or object to processing in certain circumstances.
• Data portability — receive a copy of your data in a structured format.
• Withdraw consent at any time, without affecting the lawfulness of prior processing.
• Opt out of profiling or marketing communications via the unsubscribe link in any email we send.

To exercise any of the above rights contact us at: support@jolli.ai

To request deletion of your account and associated data, contact support@jolli.ai. We will deactivate and delete your information from active systems within 30 days, though we may retain certain data in backup archives or as required by law for fraud prevention, legal compliance, or security purposes. To remove Jolli Memory data from your device, run jolli disable and jolli clean, or delete the ~/.jolli/jollimemory/ directory and the jollimemory/summaries/v3 git branch from each of your repositories.

This is an early access version of the Platform and Services. Features and data practices may evolve as the product develops. We will notify users of any material changes to this Privacy Statement.

We may update this Privacy Statement from time to time. The “Last Updated” date at the top will reflect the most recent revision. We will provide notice of material changes either by posting prominently within the Services or by direct notification. Any changes to this Privacy Statement will be effective immediately upon posting and/or notification and shall apply to all information we maintain, use, and disclose. Continued use of the Services after such notice constitutes acceptance of the updated Privacy Statement. For material changes that significantly alter our data collection, use, or sharing practices, we will seek your affirmative re-consent where required by applicable law.

The April 23, 2026 revision adds coverage for the Jolli Memory CLI and IDE extensions: the categories of data they process (AI assistant transcripts, code diffs, commit metadata, generated summaries, and locally-stored credentials), where that data resides (locally by default; transmitted to Anthropic for summarization and to Jolli only when you push or sync), and how to remove it.

This Privacy Statement does not apply to any unsolicited feedback you provide to us through the Services or through any other means, including ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Feedback”). All Feedback shall be deemed non-confidential, and we shall be free to reproduce, use, disclose, and distribute such Feedback to others without limitation or attribution.

We may use information that cannot be connected to any particular person, or that has been de-identified or aggregated such that it can no longer be used to identify any individual, even if it was originally linked to Personal Information. We may use such aggregated information internally for a variety of purposes, including improving our Services, and may share it with third parties or publish it, without restriction.

Jolli, Inc.

• Privacy inquiries: privacy@jolli.ai
• Data subject requests and privacy rights inquiries: support@jolli.ai

We will acknowledge receipt of privacy requests and respond within 30 days, or as otherwise consistent with applicable legal requirements. Identity verification will be performed before fulfilling data access or deletion requests.