Privacy Policy

1. Introduction

Jochi Labs, Inc. ("Jochi," "we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Jochi platform (the "Service"). Please read this policy carefully. If you do not agree, please do not use the Service.

2. Information We Collect

We collect information you provide directly: your email address (via Google Sign-In or magic link), your ABA role, years of experience, zip code, work setting, and employment type (all optional), your self-reported hourly pay or annual salary, and structured clinic review ratings plus optional free text.

We also collect information automatically: browser type, operating system, device type, and screen resolution; pages visited, features used, time spent, and clicks (via PostHog analytics); and your IP address for rate limiting and approximate geolocation (city/state level only, not stored permanently). We use essential cookies for authentication and optional analytics cookies that can be opted out of.

We do NOT collect Protected Health Information (PHI), passwords, Social Security numbers, financial account numbers, government IDs, precise GPS coordinates, or contacts, calendar, or other data from your Google account beyond email and basic profile.

3. How We Use Your Information

We use your information to provide pay comparisons, clinic ratings, job recommendations, and personalized pay reports; to analyze usage patterns, fix bugs, and develop new features; to send magic links, optional weekly digests, and service announcements; to moderate reviews for PHI, abuse, or fraud; and to create anonymized, aggregate insights for public reports and future employer-facing products.

4. How We Share Your Information

We NEVER share your individual pay data with identifiable attribution, your identity as a reviewer to clinics or employers, your email address with any third party for marketing, or your data with advertisers or data brokers.

We may share aggregate, anonymized data (statistical benchmarks and rating summaries that cannot identify individuals); data with service providers who process it on our behalf (Supabase, Vercel, Resend, Stripe, PostHog) under data processing agreements; information required by law, court order, or government request (with notice to you unless legally prohibited); and information as part of a merger, acquisition, or sale of assets (with advance notice to you).

5. Data Security

All data is encrypted in transit (TLS/HTTPS) and at rest (AES-256 via Supabase). Authentication uses industry-standard OAuth 2.0 and PKCE flow. Database access is restricted via Row Level Security (RLS) policies. API endpoints are rate-limited. We do not store passwords. Regular security reviews and dependency audits are conducted.

While we implement strong security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Your Rights

All users can access, correct, and delete their account data at any time, and opt out of marketing emails and analytics cookies. Anonymized reviews and pay submissions may remain after deletion as they cannot be traced to you.

California residents have additional rights under the CCPA: the right to know what personal information we collect, use, and disclose; the right to delete personal information; the right to opt out of sale (we do not sell personal information); and the right to non-discrimination. To exercise these rights, contact privacy@jochi.com. We will respond within 45 days.

7. Data Retention

Account data is retained while your account is active and deleted within 30 days of account deletion. Pay submissions and clinic reviews are retained indefinitely in anonymized form. Analytics data is retained for 12 months, then aggregated. Server logs are retained for 90 days.

8. Cookies

We use essential cookies (authentication session tokens, required for the Service to function) and analytics cookies (PostHog, can be opted out via cookie banner). We do not use advertising cookies or third-party tracking cookies.

9. Children’s Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

10. International Users

The Service is operated from the United States. If you access the Service from outside the US, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the Service at least 30 days before the changes take effect. Your continued use after the effective date constitutes acceptance.

12. Contact Us

For privacy-related inquiries:

Jochi Labs, Inc. Email: privacy@jochi.com Website: https://jochi.com/privacy

For data deletion requests, email privacy@jochi.com with subject line "Data Deletion Request."