Skip to main content

Products

BuilderDesignerDiscoveryBusiness(Coming Soon)
DocsPricingGet Started

Privacy Policy

Last updated: February 21, 2026

Overview

MissionHUD is operated by Atmosherique Pty Ltd. This policy explains what data we collect, why, and how we handle it across two distinct surfaces: the jorv.ai website (including the chat widget) and the Jorv desktop products that you install and run locally.

The short version: Desktop products run locally — your code and AI conversations never touch our servers. The website chat widget relays your messages to Anthropic; we don't store them but cannot control Anthropic's retention.

1. The jorv.ai website

This section covers your use of this website, including the chat widget that appears in the bottom-right corner.

1.1 Chat widget

  • Provider: the website chat widget is hardcoded to Anthropic Claude. You cannot select a different provider on this surface.
  • Data path:messages travel from your browser to our backend on Railway, which relays them to Anthropic's API and streams Anthropic's response back to your browser. We are an intermediary on this surface.
  • We don't store conversations. Atmosherique Pty Ltd does not log, persist, or retain the content of your messages or Anthropic's responses. Messages exist in process memory only for the duration of a single request.
  • No Zero Data Retention agreement. We do not have a Zero Data Retention (ZDR) agreement with Anthropic. Per Anthropic's commercial terms, Anthropic may retain prompts and responses for up to 30 days (longer if flagged for trust and safety review) — see Anthropic's Commercial Terms and data-use policy. We have no technical or contractual means to override this.
  • Want full privacy? Use a Jorv desktop product configured with a local LLM (e.g. Ollama). When using a local model, no AI data leaves your machine.

1.2 IP addresses

The chat widget enforces a per-IP rate limit to prevent abuse. Your IP address is extracted from edge headers, immediately hashed (truncated SHA-256), and held in process memory for up to 60 seconds as a rate-limit key. The raw IP is never persisted and never logged.

1.3 Cookies and analytics

The website uses minimal cookies for essential functionality only (e.g., session management and remembering that you've dismissed the chat widget's privacy notice — this is stored in your browser's localStorage, not on our servers). We do not use tracking cookies or advertising cookies.

1.4 Payment webhooks

When you purchase a subscription, Paddle (our Merchant of Record) sends webhook events to our backend. We store webhook event IDs in a PostgreSQL database for up to 30 days for idempotency and replay protection. Webhook event IDs contain no personally identifiable information beyond what is necessary to link the event to your subscription record (see §3).

2. Jorv desktop products

Jorv Builder, Discovery, Designer, and Business (Coming soon) are desktop applications that run locally on your machine.

Your source code, project files, AI prompts, and AI responses never leave your machine via our infrastructure. AI calls are made directly from your machine to the chosen provider — Atmosherique Pty Ltd is not in the network path and does not see your prompts or responses.

2.1 AI provider matrix

  • Jorv Builder and Jorv Discoverylet you choose your AI provider, including local LLMs via Ollama. When using a local model, no AI data leaves your machine. When using a cloud provider, the chosen provider's data-retention terms apply.
  • Jorv Designeruses Anthropic Claude. Anthropic's data-retention terms apply (see §1.1 — we do not have a ZDR agreement on your behalf).
  • Your API keys are stored locally on your machine. We never see or transmit them.

Each desktop product surfaces its provider configuration in-app on first use.

2.2 Data we do NOT collect

  • Your source code, project files, or repository contents
  • Your AI prompts or AI responses (the desktop app calls providers directly)
  • Your API keys
  • File system contents or directory structures
  • Terminal command history or output
  • Screenshots or screen recordings

3. Account, licensing, and billing

For subscription management we collect the minimum data needed to validate your licence and process payments:

  • Email address — for your account and licence delivery.
  • Licence key — to validate your subscription.
  • Machine identifier— a stable per-device identifier generated by the desktop application, used solely to enforce licence seats (so a single-seat licence can't be used on unlimited machines). The machine identifier is derived from local hardware/OS characteristics; it is not a person identifier and cannot be used to track you across services.
  • Subscription status — plan type, billing period, renewal dates.
  • Payment information — handled entirely by Paddle (our Merchant of Record). We never see or store your credit card details.

On launch the desktop app sends your licence key and machine identifier to our server to verify your subscription. No code or project data is included in this call.

4. Third-party services

  • Anthropic — provides the AI for the website chat widget, Designer, and optionally Builder and Discovery. See Anthropic's Privacy Policy.
  • Paddle — payment processing and subscription management (Merchant of Record). See Paddle's Privacy Policy.
  • Other AI providers (e.g. OpenAI, Google, Ollama) — when you configure Builder or Discovery to use a non-Anthropic provider, you connect directly using your own API keys (or run locally, in the case of Ollama). Their privacy policies apply to your use of their services.
  • Railway — hosts our backend (licence-validation API, chat-widget relay, webhook ingest) and PostgreSQL database.
  • Fastly — sits in front of our backend as an edge/CDN layer.

5. Data storage and security

Subscription and webhook data is stored in a PostgreSQL database hosted on Railway. All connections use TLS encryption. We do not store any data beyond what is listed in §1.4 and §3.

6. Data retention

  • Chat-widget messages: not retained by us. (Anthropic may retain for up to 30 days per its terms — see §1.1.)
  • IP-rate-limit hashes: held in process memory for at most 60 seconds.
  • Webhook event IDs: up to 30 days.
  • Subscription data: retained while your account is active. After cancellation we retain records for up to 12 months for accounting and legal compliance, then delete them.

You may request deletion of your account data at any time — see §7.

7. Your rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing

To exercise these rights, contact privacy@jorv.ai.

8. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page. Your continued use of the Services constitutes acceptance of the updated policy.

9. Contact

For privacy-related questions or requests, contact us at privacy@jorv.ai.

MissionHUD is operated by Atmosherique Pty Ltd.