Privacy

1. Who we are

This policy describes how Jetty (“we”, “us”) collects, uses, and shares personal information when you use our websites, CLI, APIs, and related services.

Insert your data controller name, registered address, and registration details where required (e.g. EU/UK representative if applicable).

2. Information we collect

Account and profile

Name, email, password hash, team or organization memberships, and settings you configure in the product.

Tunnel and technical metadata

Identifiers needed to operate tunnels (e.g. tunnel names, hostnames, connection metadata), API token references, audit or security logs, and diagnostic data from the CLI or dashboard when you opt in or when needed to troubleshoot.

Billing

When you subscribe, our payment processor (e.g. Stripe) collects billing details, card or bank status, and tax identifiers as needed. We receive limited billing records from that processor—not full payment card numbers.

Communications and support

Messages you send us (email, in-app, or support tickets) and associated metadata.

Cookies and similar technologies

We use cookies and local storage for session management, preferences, analytics where enabled, and security. Adjust your browser settings to limit cookies; some features may not work without them.

3. How we use information

• Provide, secure, and improve the Service (including tunnels, teams, and tokens).
• Authenticate users, prevent fraud and abuse, and comply with law.
• Process payments, invoices, and subscription changes.
• Communicate about the product, incidents, and policy updates.
• Analyze aggregated usage to guide product decisions, where permitted.

4. Legal bases (EEA/UK)

Where GDPR applies, we rely on: performance of a contract (providing the Service); legitimate interests (security, product improvement, fraud prevention) balanced against your rights; consent where required; and legal obligation where applicable.

5. Sharing and subprocessors

We share information with vendors who help us run the Service (hosting, email, analytics, payment processing, error reporting). They process data on our instructions and under contractual safeguards.

We may disclose information if required by law, to protect rights and safety, or as part of a merger or asset sale (with notice where appropriate).

6. Retention

We keep personal information as long as your account is active and for a reasonable period afterward for backups, disputes, and legal requirements. Tunnel and security logs may be retained for shorter or longer periods depending on abuse prevention and compliance needs.

7. Security

We use administrative, technical, and organizational measures designed to protect personal information. No method of transmission or storage is completely secure.

8. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or export personal information, object to certain processing, or withdraw consent. Signed-in users can download a machine-readable export of personal account data from Profile → Download your data (JSON).

To exercise other rights, contact us using the details below. You may also lodge a complaint with your local supervisory authority.

9. International transfers

If we transfer personal data across borders, we use appropriate safeguards (such as Standard Contractual Clauses) where required.

10. Children

The Service is not directed at children under the age where parental consent is required in your region. We do not knowingly collect their personal information.

11. Changes

We will post updates to this policy and revise the “Last updated” date. For material changes, we may provide additional notice (e.g. email or in-product banner).

12. Contact

Questions or requests: use the privacy or support contact you publish for your company (email or postal address).

See also our Terms of service