Privacy Policy
Last Updated • April 2026
Introduction
This Privacy Policy explains how JasPing ("JasPing", "we", "our", or "us") collects, uses, processes, and protects personal information when you use our website, platform, and AI-powered communication services (collectively, the "Service").
JasPing provides businesses with AI-powered agents capable of interacting with customers across multiple channels such as websites, messaging platforms, voice interfaces, and other digital services.
This policy applies to:
- Visitors of the JasPing website
- Customers who create an account
- End-users interacting with AI agents deployed by our customers
We are committed to protecting personal data and complying with the General Data Protection Regulation (GDPR), the French Loi Informatique et Libertés, and other applicable privacy laws.
Data Controller
The data controller responsible for processing your personal data on the JasPing platform is:
- Company name: Nexogen-solutions
- Legal form: SARL
- Registered address: 506 5eme étage, B living Offices, Rond point Bachkou, Casablanca, Maroc
- ICE: 003910313000035
- Tax Identification (IF): 71841266
- Email: contact@jasping.com
For AI conversation data processed on behalf of customers, JasPing acts as a Data Processor and the customer acts as the Data Controller. Please refer to our Data Processing Agreement.
We aim to respond to all privacy requests within 30 days as required by GDPR Article 12.
Information We Collect
We collect information necessary to provide and improve the JasPing platform.
Account Information
- First name and last name
- Email address
- Phone number (optional, used for multi-factor authentication)
- Company name
- Account credentials (stored securely, never in plain text)
- Billing details (processed via Stripe — we do not store card numbers)
- Marketing communication preferences
Technical Data
- IP address
- Browser type and version
- Operating system and device information
- Usage activity and session data on the platform
- Cookie preferences
Integration Data
When you connect third-party services to JasPing, we receive limited information required to operate those integrations:
- Google Calendar — appointment availability and events
- Google Sheets — lead data synced to your spreadsheets
- Google Drive — files uploaded by end-users
- Gmail — sending emails on your behalf
- WhatsApp (via Meta) — messaging integration
- CRM and knowledge base tools you connect
Legal Basis for Processing
We process your personal data only when we have a valid legal basis under Article 6 of the GDPR:
| Processing Purpose | Legal Basis |
|---|---|
| Providing the JasPing platform and services | Contract (Art. 6(1)(b)) |
| Creating and managing your account | Contract (Art. 6(1)(b)) |
| Processing payments and subscriptions | Contract (Art. 6(1)(b)) |
| Transactional emails (verification, receipts) | Contract (Art. 6(1)(b)) |
| Security monitoring and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Improving platform performance | Legitimate interest (Art. 6(1)(f)) |
| Marketing communications and product updates | Consent (Art. 6(1)(a)) — withdraw at any time |
| Legal compliance (tax, accounting records) | Legal obligation (Art. 6(1)(c)) |
| Processing AI conversation data for customers | Contract / Data Processor role (Art. 28 GDPR) |
Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
Data Processed by AI Agents
JasPing enables customers to create AI agents that process data to respond to inquiries and automate workflows. In most cases, our customers act as the Data Controller and JasPing acts as the Data Processor.
Examples of processed data include:
- Documents and knowledge base files uploaded by customers
- Customer support conversations and chat transcripts
- Customer questions submitted via the AI agent
- Contact information collected by the AI during conversations
JasPing does not sell customer data and does not use customer conversations to train global AI models.
Data is processed only to provide the requested service, improve agent performance for the specific customer, and deliver analytics to the platform user.
How We Use Information
We use collected information to:
- Operate and maintain the platform
- Provide AI agent functionality
- Process payments and subscriptions
- Send transactional communications (verification codes, receipts, security alerts)
- Improve system performance and develop new features
- Monitor security and prevent abuse
- Send product updates and marketing communications (only with your explicit consent)
Aggregated and anonymized usage data may be used to improve the platform. Such data does not identify any individual.
Data Retention
We retain personal data only as long as necessary to fulfil the purposes for which it was collected or as required by law:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account profile (active) | Duration of the account | Contract |
| Account data (after deletion request) | 30-day soft delete, then permanently erased | GDPR Art. 17 |
| AI conversation logs | 12 months from creation | Legitimate interest (service quality) |
| Billing and payment records | 10 years | French tax law (CGI Art. 54) |
| Security and access logs | 12 months | Legitimate interest (security) |
| Marketing consent records | 3 years from last consent or until withdrawn | GDPR Art. 7(1) |
| Cookie consent records | 6 months | ePrivacy Directive |
After the applicable retention period, personal data is securely deleted or anonymized.
International Data Transfers
JasPing's primary infrastructure is hosted within the European Economic Area (EEA) on Google Cloud Platform (region: europe-west). No transfer of core platform data occurs outside the EEA.
Certain sub-processors (OpenAI, Stripe, Meta) are based in the United States. When data is transferred to these providers, we ensure appropriate safeguards:
- Standard Contractual Clauses (SCCs) — approved by the European Commission under Decision 2021/914
- EU-US Data Privacy Framework — where the recipient is certified under the Framework
- Adequacy decisions — where applicable for the recipient country
You may request a copy of the relevant transfer safeguards by contacting us at privacy@jasping.com.
Automated Decision-Making
During account registration, JasPing performs an automated risk assessment to detect potentially fraudulent or abusive account creation. This evaluates signals such as email domain, registration patterns, and device information, and assigns a risk level (low, medium, or high).
This may influence whether additional verification steps (such as phone verification) are required. It does not result in any fully automated decision significantly affecting your legal rights without human review.
Under GDPR Article 22, you have the right to:
- Request human review of any automated decision that significantly affects you
- Express your point of view and contest the decision
- Obtain an explanation of the logic involved
To exercise these rights, contact privacy@jasping.com.
Security Measures
We implement industry-standard security measures to protect user data:
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Secure cloud infrastructure (GCP, ISO 27001 certified)
- Strict role-based access controls
- Multi-factor authentication (MFA) support
- Continuous monitoring for security threats
- Regular security reviews
In the event of a personal data breach likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.
Although we take strong precautions, no internet-based system can guarantee complete security.
Your Data Rights
Under the GDPR, you have the following rights:
- Right of access (Art. 15): Obtain a copy of your personal data and information about how it is processed.
- Right to rectification (Art. 16): Correct inaccurate or incomplete data.
- Right to erasure / "right to be forgotten" (Art. 17): Request deletion of your data where there is no compelling reason for continued processing.
- Right to restriction (Art. 18): Request that we limit processing in certain circumstances.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format via Settings → Download My Data.
- Right to object (Art. 21): Object to processing based on legitimate interests, including direct marketing.
- Right to withdraw consent (Art. 7): Withdraw consent at any time without affecting prior processing.
- Rights related to automated decisions (Art. 22): See Section 10 above.
Submit requests to privacy@jasping.com. We will respond within 30 days (extendable by two months for complex requests, with notice). We will not charge a fee unless a request is manifestly unfounded or excessive.
Contact & Complaints
Privacy Contact
privacy@jasping.com
For privacy questions, data access or deletion requests. We respond within 30 days.
Right to lodge a complaint with a supervisory authority
If you believe we have not complied with your data protection rights, you may lodge a complaint with your national supervisory authority. In France, this is the CNIL:
- Authority: Commission Nationale de l'Informatique et des Libertés (CNIL)
- Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
- Website: www.cnil.fr
- Phone: +33 (0)1 53 73 22 22
You may also lodge a complaint with the supervisory authority of your EU member state of residence or work.
Google API Services Limited Use Policy
Limited Use Disclosure
Jasping's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
This ensures that your Google Workspace data (such as Google Sheets selected via the Google Picker) is strictly used to provide the expected CRM integrations and is never used for unauthorized advertising, data brokering, or any other purposes beyond your direct interactions with our platform.