Jotto

Privacy Statement

Welcome to the Privacy Statement for the Jotto online service at jotto.me (the “Services”). We try to help users connect their thoughts with the organization sponsoring the Services (the “Sponsor”).

We are Jotto, Inc., the provider of the Jotto service ("Jotto", “we”, “us” and “our”). We provide the Services for the creation and sharing of messages, images, videos, and other content (collectively, the “Content”) through our software applications (the “Software” or the “App”), and through our website at jotto.me (the “Site”). The videos may be hosted by third parties, by the Sponsor, or by us (e.g., on the Site). Each person or entity who uses our Services is referred to as a “user” or “you” or “your”.

This document is our statement of our privacy practices (“Privacy Statement”). Among other things, it explains how we and some of the companies we work with collect, use, share and protect the information you provide to us (“your Content” or “User Content”). The User Content may (intentionally or unintentionally) include personally-identifiable information, including without limitation name, address, telephone numbers, electronic mail and postal addresses, personal health information, personal financial information, and other sensitive information that identifies or is uniquely associated with an individual (collectively, “Personal Data”). This Privacy Statement also discusses your choices about the collection, storage and use of your Personal Data.

Any Content that is not Personal Data is referred to as “Non-Personal Data.” Non-Personal Data includes information about how users use the Services, what Services users select, how users respond to service offerings, how users share information with others, what users say they like and dislike, all of which we aggregate into larger data sets that do not identify individuals (“Behavioral Data”).

Jotto works with other companies in the industry, directly and indirectly (collectively, “Partners”). This Privacy Statement does not apply to any Sponsors or Partners, or to any other websites, mobile applications, individuals, businesses or organizations. This Privacy Statement does not apply to any Personal Data or other Content collected via any means other than the Services.

By using our Services, you consent to the collection, transfer, analysis, transformation, storage, disclosure and other uses of your Content, including your Personal Data, as described in this Privacy Statement.

1. Information We Collect

As noted above, we collect Content from you while providing the Services. Some of the Content is Personal Data that we use to communicate with you, the Sponsors and our Partners, and which is necessary to provide the Services. Most of the Content we collect includes your voice and your image (e.g., when you submit a video), which makes it easy for other people to personally identify each user. You should assume that all of the Content you create includes or may include your Personal Data, even if you try to hide or disguise your voice or identity.

Other Content we collect from you includes Behavioral Data and other Non-Personal Data that we aggregate, share, and use to improve our Services, the services of our Partners, and others in the industry.

Currently, we collect many different types of information from you, both directly and indirectly.

  • Information you provide us directly.
  • Location Information. If you post User Content to our website or to social media, you may provide your location information, including global positioning system (“GPS”) data or other location information embedded in or accompanying the User Content (e.g., in tags or captions) or embedded in the User Content.
  • Communications between you and us. We may send you emails, SMS or text messages, and other electronic communications for sales and delivery, user verification, notices of changes/updates to features of the Services, technical and security notices, and for other purposes. We may collect and store these communications.

Information we gather from your use of our Services

  • Emails. We collect and may save private emails sent to us by users, and we may share your emails with any third parties or other users. You may elect to disclose certain Personal Data and Non-Personal Data. The information you submit to us is not confidential or private, and Jotto does not protect it. All information you choose to provide us is public, including information that identifies you or others, can be read, collected, or used by other users and by other third parties, and could be used to send you unsolicited messages and for other purposes.
  • Social Media. We have noticed that some users also post their User Content on third party social media, such as Slack, Facebook, SnapChat, Instagram and X (f/k/a Twitter), each of which enforces its own terms of use and privacy policy for its service. As noted in the Terms and our other online documents, we may use and copy the User Content you post pursuant to a license you grant to us (the “Content License”). More to the point, your User Content may contain Personal Data about you and other people in the form of names, email addresses, personal health information, and location information. You should also be aware that a video or other image, or audio, of a person may be Personal Data to the extent the person may be recognized in and identified by the reviewing the Content, and medical or other healthcare information may be gleaned from any medical conditions, disorders or diseases that are discussed or portrayed in the User Content. We may collect and use User Content and the Personal Data contained in the User Content, to share with Sponsors and Partners.
  • Analytics. We use our own analytics and third-party analytics tools to help us measure traffic and usage trends and other Non-Personal Data for the Services. These tools collect information sent by your device or our Services, including the web pages you visit, add-ons, and other information that assists us in improving our Services. We collect and combine this analytics information with analytics information from other users so that it cannot be used to identify any particular individual user.
  • Metadata.Metadata is usually technical data that is associated with other data, including User Content. For example, metadata can describe how, when and by whom an item of User Content was collected and how that User Content is formatted. Jotto may collect and store metadata, including about each user’s submissions to the Services.
  • Links.Jotto may keep track of how you interact with links across our Services, including our third-party Services, by redirecting clicks or through other means. We do this to help improve our Services, to provide more relevant local data, and to be able to share aggregate click statistics such as how many times a particular link was clicked on.
  • Device Identifiers. We may access, collect, monitor, store on your device, or remotely store one or more "device identifiers." Device identifiers are small data files or similar data structures stored on or associated with your computer, phone or other device, which uniquely identifies your device. A device identifier may be data stored in connection with the device hardware, data stored in connection with the device's operating system or other software, or data sent to the device by Jotto. A device identifier may deliver information to us or to a third-party partner about how you browse and use the Services and may help us or others provide reports or personalized Content and ads. Some features of the Services may not function properly if use or availability of device identifiers is impaired or disabled.
  • Log Data. Our servers may automatically record information ("log data”) created by your use of the Services. Log Data may include information such as your Internet Protocol (“IP”) address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device and application IDs, search terms, and cookie information. We receive log data when you interact with our Services, for example, when you visit our website, sign into our Services or interact with our email notifications. Jotto uses log data to review how we provide our Services and to measure, customize, and improve the Services.

2. How We Store Your Information

  • We currently provide the Services from within the United States, and we store all User Content, including Personal Data, that we currently collect and retain on servers located inside the United States.
  • Certain types of User Content you submit to us might reveal your gender, ethnic origin, nationality, age, religion, sexual orientation, or other Personal Data or sensitive information about you or others.
  • By using our Services, or by submitting your Personal Data to us, you consent to the collection, storage, processing and onward transfer of your Personal Data as stated in the current version of this Privacy Statement and the current version of our other online documents, including the Terms of Service.

3. How We Use Your Information

We share and use your Personal Data in the following circumstances:

  • Opt-in with Your Consent. We may ask for your permission to share your Personal Data with other people and organizations outside of Jotto, including to help conduct studies or provide you with other services. As with any opt-in procedure, you are under no duty to agree to a request that you opt-in.
  • Sponsors, Partners and Affiliates of Jotto. We may share your Personal Data with Sponsors, Partners and with our Jotto affiliates (meaning entities controlled by, controlling or under common control with Jotto) as necessary to sell and provide the Services. However, any Personal Data stored in one country or jurisdiction would not be forwarded to another country or jurisdiction, except in compliance with applicable laws and regulations.
  • Cookies: Cookies are unique identifiers that we may transfer to your device to enable our systems to recognize your device and to provide features and remember your personalization choices. We use cookies to make it easier to access and use our Services. The help feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-on's settings or visiting the website of its manufacturer.
  • Opt-out Email or Postal Address. Currently, we do not ask you to register with us or supply your Personal Data to us. However, if for any reason you supply us with your postal or email address, then you may receive periodic mailings from us with information on new products and services or upcoming events. If you do not want to receive such mailings, please let us know by sending an email to us at the “opt-out” address, below. We will remove your name from the list we use internally. Opting-out of these emails does not mean we remove your email from our system entirely, because we still retain your email or postal addresses for other purposes, such as responding to any requests that you send to us by email or postal mail.
  • Service Providers. We may employ third party companies and individuals to facilitate our Services (e.g., payment processing, maintenance, analysis, audit, marketing and development). These third parties may have limited access to your Personal Data only to perform these tasks on our behalf and are obligated to us not to disclose or use your Personal Data for other purposes.
  • Required by Law. We may access, preserve and share your Personal Data in response to a legal request (such as a search warrant, court order or subpoena). We may also access, preserve and share Personal Data when we have a reasonable belief it is necessary to: detect, prevent and address fraud and other illegal activity; to protect ourselves, you and others, including as part of investigations; and to prevent death or imminent bodily harm. Information we receive about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of our terms or policies, or otherwise to prevent harm.
  • National Security and Intelligence Activities. We may release your Personal Data to authorized federal officials for intelligence, counterintelligence and other national security activities when required by law. For example, under current law in the United States, certain federal officials may require that we provide Personal Data and other Content in response to a national security letter, subpoena, demand, or court order. In some cases, we would be required not to tell you that we complied with that letter, subpoena, demand, or court order. Where permitted by applicable law, we reserve the right to comply with, or to fight or quash, any such letter, subpoena, demand, or court order.
  • Change of Control. If we sell or otherwise transfer part or the whole of Jotto or our assets to another organization (e.g., a merger, acquisition, or reorganization), your Personal Data, User Content and any other information collected through the Services maybe among the items sold or transferred. You will continue to own your User Content, but the license you grant to us in the Terms may be transferred by us to others.
  • Non-Personal Data. We may share Non-Personal Data publicly and with publishers, researchers or connected sites. For example, we may share aggregated Non-Personal Data publicly to show trends about the general use of our Services. Non-Personal Data includes aggregated or collective information about multiple users that does not reflect or reference an individually-identifiable user.
  • Other. In addition to some of the specific uses of information we describe in this Privacy Statement above, we may use Personal Data that we receive to:
  • help you efficiently access your information.
  • remember information so you will not have to re-enter it during your visit or the next time you visit the Services.
  • provide personalized Content and information to you and others, which, in the future, could include online ads or other forms of marketing.
  • provide, improve, test, and monitor the effectiveness of our Services.
  • develop and test new products and features.
  • monitor metrics such as total number of visitors, traffic, and demographic patterns.
  • diagnose or fix technology problems.

4. Your Right to Review, Request Changes, and Disclose Personal Data

Subject to applicable laws and regulations, each user may inspect and receive a copy of his or her Personal Data as stored in the Services. In rare circumstances, we may deny a request, and we may provide you with an explanation. Note that this requirement only applies when we can identify and locate your Personal Data or User Content; if we can’t find it, then we can’t review it or make it available to you. If we deny your request, you may request a review by another professional, who will be chosen by Jotto, and we will comply with the outcome of the review.

Subject to applicable laws and regulations, the Personal Data you provide to us remains completely under your control. If you believe the Personal Data we have is incorrect or incomplete, you may in writing request an amendment to your Personal Data. We will approve or deny each request, and notify you of our decision. If approved, we will amend the Personal Data. We will also make a reasonable effort to notify people to whom the Personal Data was released. In the case of a denial, we will provide the reason for the denial and instructions on how to appeal.

Any Personal Data or User Content that you voluntarily disclose to us may become available to the public if you release it to others or to the general public. Once you have shared your Personal Data or your User Content with other people, or otherwise made it public, that Personal Data and your User Content may be re-shared by others.

5. Children

Our Services are not directed to persons under age 13. If you are the parent or guardian of a person under 18, and you become aware that your young person has provided us with Personal Data or User Content without your express consent, please contact us at connect@jotto.ai and we will remove the information or User Content, and we will terminate the young person’s access to the Services, if we can. You may then use the Services on behalf of child, if you wish, subject to the current Terms and the current version of this Privacy Statement.

6. Changes to this Privacy Statement

We may modify our Privacy Statement from time to time. The revised Privacy Statement will become effective when posted on the Services. If you choose not to be subject to a revised version of this Privacy Statement, then you may terminate your use of the Services.

7. Different Locations, Different Laws

The laws and regulations that address your rights and responsibilities (collectively, “Laws”) are different from one to another. Indeed, some of the Laws do or do not apply depending on different factors, including:

  • Location or residence of the user.
  • Location or residence of the individual that is the subject of the Personal Data (“Data Subject”).
  • Location or residence of the person or organization that employs or contracts with the Data Subject.
  • Location of each server or other machine where the Personal Data is received, stored, processed or forwarded to.
  • Location of the relevant office of Jotto, its Sponsors or Partners.

Several of the Laws that concern users and Jotto are discussed in this Section, but these are not all of the Laws that may apply. In addition, if there is any conflict or ambiguity between the statements made in this Privacy Statement and an applicable Law, then the Law will control.

7.1 United States Federal Laws

Several of the federal Laws in the United States may apply to the Personal Data collected by us.

Currently, all Personal Data of users resident in the United States that is collected by us is stored on servers and other machines physically located within the United States. Accordingly, United States law will apply to all users. By using the Services, you consent to the application of the law of the United States in connection with the Services.

7.1.1 Health Insurance Portability and Accountability Act (“HIPAA”)

Currently, HIPAA does not apply to the Services as we are neither a covered entity nor a business associate (as those terms are used in HIPAA).

7.1.2 Children’s Online Privacy Protection Act (“COPPA”)

Currently, COPPA does not apply to the Services. Each user must be 13 years of age or older. As noted in this Privacy Statement, if we learn  thatany user is under the age of 18, or if any parent or guardian of a user under the age of 18 contacts us, we will use reasonable efforts to block access by the user and remove all information provided by the individual from our Services.

7.2 State Laws in the United States

Individual states in the United States have passed and enforce information privacy and security laws.

7.2.1 Your California Privacy Rights

If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Data by us to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to connect@jotto.ai, or send us postal mail at:

Attn: Privacy, Jotto, Inc., 29 Usonia Road, Pleasantville, NY 10570-2624.

Pursuant to California Civil Code Section 1798.83(c)(2), we do not currently share users’ Personal Data with affiliate companies or others outside Jotto for those parties’ direct marketing use, unless a user elects that we do so.

If you are a California resident under the age of 18, and a subscriber of any site where this Privacy Statement is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to connect@jotto.ai. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal, even if requested.

By submitting any Personal Data or other User Content to us, or placing any order with us, you consent to the storage, processing, use and onward transfer of your Personal Data and User Content to us in the United States.

7.2.4        Specific Rights Under State Laws

Under several state privacy and data protection laws (for example, California, Colorado, Connecticut, Nevada, Utah, and Virginia), residents of those states may have one or more of the following rights and may exercise these rights free of charge. Since these state laws are generally modeled on the GDPR, the following list mirrors the GDPR section below:

  • Right to lawfulness, fairness and transparency. Requires that we follow these principles when processing your personal information.
  • Right to Access. Access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address.
  • Right to Rectification. Require us to correct any mistakes in your information which we hold.
  • Right to Be Forgotten: Require the erasure of personal information concerning you in certain situations.
  • Right to Data Portability: Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations.
  • Right to Object to Direct Marketing: Object at any time to processing of personal information concerning you for direct marketing.
  • Right to Object to Automated Individual Decision Making: Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
  • Right to Restriction of Processing:
  • Object in certain other situations to our continued processing of your personal information.
  • Otherwise restrict our processing of your personal information in certain circumstances.

You may also have the right to claim compensation for damages caused by our breach of any data protection laws.

7.2.5        Rights Regarding Sensitive Data

Under state laws, you may have the right to opt-out of our processing Sensitive Personal Data, or the right to prevent our processing your Sensitive Personal Data without your affirmative consent. “Sensitive Personal Data” is defined differently by each state, but generally includes Personal Data relating to one or more of the following categories:

•        Social security, driver's license, state identification card, or passport number.

•        Financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.

  • Precise geolocation.
  • Racial or ethnic origin, religious or philosophical beliefs, or union membership.
  • Genetic data.
  • Biometric and health information.
  • Information regarding a consumer's sex life or sexual orientation.
  • Citizenship or immigration status
  • Personal Data regarding a known Minor User.

7.3        Your Rights under the GDPR and UKDPA

If you are covered by the GDPR or by the United Kingdom Data Protection Act 2018 (“UKDPA”), you may have a number of important rights. In summary, those include :

  • Right to lawfulness, fairness and transparency. Requires that we follow these principles when processing your personal information
  • Right to Access. Access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
  • Right to Rectification. Require us to correct any mistakes in your information which we hold
  • Right to Be Forgotten: Require the erasure of personal information concerning you in certain situations
  • Right to Data Portability: Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • Right to Object to Direct Marketing: Object at any time to processing of personal information concerning you for direct marketing
  • Right to Object to Automated Individual Decision Making: Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • Right to Restriction of Processing:
  • Object in certain other situations to our continued processing of your personal information
  • Otherwise restrict our processing of your personal information in certain circumstances

You may also have the right to claim compensation for damages caused by our breach of any data protection laws.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation, available at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

If you would like to exercise any of those rights, please:

  • Email, call, or write to us
  • Provide us enough information to identify you: user name, registration details, order number
  • Provide us proof of your identity and address (a copy of your driver’s license or passport and a recent utility or credit card bill)
  • Provide us with the information to which your request relates including any account or reference numbers, if you have them

If you make requests which are manifestly unfounded or excessive, we may charge a reasonable fee based on administrative costs, or may refuse to act on the request.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred. The EU maintains a website which you may use to locate your supervisory authority, at https://edpb.europa.eu/about-edpb/about-edpb/members_en .

7.4        Use and Transfer of Your Information Out of the EEA

The Services are operated in the United States and third parties with whom we might share your personal information as explained above are located in the United States. If you are located in the European Economic Area (“EEA”) or elsewhere outside of the United States, please be aware that any information you provide will be transferred to the United States. By using the Services, participating in any of its services or providing your information, you consent to this transfer.

The United States and many other countries do not have the same data protection laws as the United Kingdom and EEA. While the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, if you live in the EEA or the United Kingdom, any transfer of your personal information will be subject to the derogation in Article 49 permitting non-repetitive transfers that concern only a limited number of data subjects, as permitted by Article 49 of the GDPR that is designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your Personal Data.

If you would like further information, see “Contact Us” below.  

8. Use of Email Addresses and Other Contact Information

We collect the email addresses of those who voluntarily provide them to us, including unregistered users and registered users. You may receive subscription, editorial and other messages from the Services or from us. If you do not want to receive email from us in the future, please let us know at  connect@jotto.ai

9. Contact Us

If you have questions or concerns about this Privacy Statement, please contact us online at connect@jotto.ai, or by postal mail addressed to:

Attn: Privacy, Jotto, Inc., 29 Usonia Road, Pleasantville, NY 10570-2624.

Revision Date and History

These Terms were last revised: May 1, 2024.

Prior versions of this Privacy Statement are listed below:

March 7, 2024

July 6, 2018.