Privacy Policy

The privacy of your data is a big deal to us. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights with respect to your data.

We have never sold and will never sell our customers‘ data.

This policy is split into sections. For your convenience, links to each of those sections is as follows:

• What We Collect and Why
• When We Access or Disclose Your Information
• Your Rights
• How We Secure Your Data
• What Happens When You Delete Content
• Data Retention
• International Data Transfers
• Changes to This Policy
• Questions or Contact

What We Collect and Why

We follow a simple principle: we only collect the information we need to operate Jelly, provide support, improve our service, and comply with our legal obligations.

Identity and Account Information

When you create an account, we collect your name, email address, and password. You may optionally add a profile picture. We use this information to set up your account, communicate with you, and send product updates. You may also opt in to receive newsletters and surveys.

We do not sell your personal information.

Billing Information

If you purchase a paid plan, you will provide payment details to our payment processor. We do not store full credit card numbers on our servers. We retain billing records for invoicing, history, and support.

Product Data

We store the content you upload, send, receive, or maintain within Jelly—such as messages and attachments—so that Jelly can function. We retain this data while your account is active and delete it after account closure, as described below.

Geolocation and Security Data

We log IP addresses used to sign up or access your account to detect fraud, maintain security, and prevent abuse.

Website Interactions

We collect information about your visits to our websites for analytics, performance measurement, and experimentation. This includes browser details, IP address, pages visited, and referring pages.

Advertising and Cookies

We may run contextual advertising on third-party platforms. When you click an ad, we may load a script or cookie—where legally permitted—that helps us understand whether the ad was effective. We also use cookies to remember your preferences, keep you signed in, and conduct A/B testing.

Voluntary Correspondence

If you contact us, we keep your messages (including your email address) to help with future support interactions. If you agree to a customer interview or survey, we will store your responses and may record the session with your permission.

When We Access or Disclose Your Information

We access and share information only when necessary:

To Provide Jelly

We use trusted subprocessors to operate Jelly, deliver email, provide support, manage analytics, and process payments.

To Investigate Misuse

In rare cases where we suspect abuse, security threats, or violations of our terms, we may access account content. This is a last resort and handled with care.

Aggregated and De-Identified Data

We may use aggregated or de-identified information for analytics, product improvement, or marketing. This information does not identify individuals.

Requests from Governments or Law Enforcement

Lazyatom Limited is a UK company, and customer data is primarily stored in the European Union. We do not provide customer data unless legally required.

• We require valid legal authority under UK or EU law.
• We review and challenge improper or overly broad requests.
• Where allowed, we notify customers before disclosing information.
• We do not provide direct access to our systems or infrastructure.
• We do not voluntarily respond to foreign requests unless they follow appropriate international cooperation channels and result in a valid UK or EU legal order.

Audits and Tax Requirements

If required by law, we may disclose minimal billing information to tax authorities.

Business Transfers

If Lazyatom Limited is ever involved in a merger, acquisition, or sale of assets, we will provide notice before your information is transferred or becomes subject to a different privacy policy.

Your Rights

Depending on your location and applicable law, you may have the right to:

• Access your personal information.
• Correct inaccurate or incomplete information.
• Erase your personal data where we no longer have a lawful basis to retain it.
• Restrict how your information is used.
• Object to certain types of processing, including processing based on our legitimate interests.
• Export or port your data to another service or provider.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data protection authority (for example, the Information Commissioner’s Office in the UK or your national supervisory authority in the EU).

We may need to verify your identity before responding. Some information may be exempt from certain requests where we still need it to provide Jelly or comply with the law.

How We Secure Your Data

We use industry-standard encryption (TLS) for data in transit. Backups are encrypted. We apply strong technical and organisational measures to keep your information safe. Most product data is stored unencrypted at rest so that Jelly can deliver emails and content efficiently.

What Happens When You Delete Content

When you delete content within Jelly:

• Deleted items may remain on active systems for up to 45 days.
• Backups may retain the data for up to 70 days beyond that.

When you cancel your account, your content becomes immediately inaccessible and is generally removed within 60 days.

Data Retention

We keep your information only as long as necessary for the purposes described in this policy, including complying with legal obligations, resolving disputes, and enforcing agreements. Where possible, we specify retention periods for particular types of data.

International Data Transfers

Customer data is primarily stored in the European Union. If we transfer personal data outside the UK or European Economic Area (EEA), we use appropriate safeguards, such as:

• adequacy decisions,
• Standard Contractual Clauses (SCCs),
• the UK International Data Transfer Agreement (IDTA), and
• additional technical and organisational measures where needed.

We only transfer data when necessary to provide Jelly or where legally required.

Changes to This Policy

We may update this policy from time to time to reflect new practices or comply with regulations. When we make significant changes, we will update the date at the top of this page and, where appropriate, notify you.

Questions or Contact

If you have any questions about this policy or your data, contact us at:

Email: hello@letsjelly.com

Post: Lazyatom Limited, 113-115 Fonthill Road, London, N4 3HH, United Kingdom

---

This policy has been adapted from Basecamp’s open-source policies / CC BY 4.0.