Privacy Policy

1. Scope and Applicability

This Policy applies to information processed by JetBridge in connection with:

• the Platform, including the AI-assisted vibe-coding development environment, prebuilt code components, integrations, sandbox environments, and synthetic data sets;
• our marketing websites and any other JetBridge-controlled web properties that link to this Policy;
• the JetBridge marketplace and related professional services through which you may engage members of JetBridge's vetted network, including senior software engineers, fractional Compliance Officers, fractional Security Officers, fractional Chief Technology Officers, and similar independent professionals (collectively, the "Engineer Services" or, where the engagement is for a fractional Compliance Officer, Security Officer, or CTO, "Fractional Officer Services"; and the individuals engaged through the marketplace are collectively referred to as "Marketplace Professionals"); and
• account registration, billing, customer support, and other communications between you and JetBridge.

This Policy does not apply to: (a) third-party websites, applications, integrations, or services that you connect to the Platform or to which we link; (b) information that you process or transmit outside the Platform after exporting or productionizing your code or applications; or (c) any application or product that you build using the Platform after deployment outside JetBridge-controlled infrastructure. Your use of any third-party services is governed by those parties' terms and policies.

2. Information We Collect

We collect the categories of information described below directly from you, automatically as you use the Services, and from third parties.

2.1 Information You Provide

• Account information: name, email address, password (stored hashed), business name, role/title, country and state, billing address, and similar registration details.
• Profile and Privacy preferences: settings configured under the "Privacy" controls on your user profile, including how (and whether) projects you build on the Platform appear on jetbridge.com, project showcase opt-in/opt-out, and similar visibility preferences.
• Payment information: billing contact, taxpayer information where required, and payment-method tokens. Cardholder data is collected and processed by our PCI-compliant payment processors; JetBridge does not store full payment card numbers.
• Project, prompt, and code inputs: text prompts, instructions, code, configuration files, schemas, and other inputs you submit to the Platform (collectively, "Inputs"), and the AI-generated code, scaffolding, components, and related outputs ("Outputs").
• Synthetic data and test artifacts: synthetic patient, billing, and operational data sets (including data sets seeded by JetBridge such as Synthea-derived synthetic patient records) you generate, modify, or use for testing.
• Engineer- and Marketplace-Professional-engagement information: information you submit when scoping a project, requesting introductions to Marketplace Professionals (including engineers, fractional Compliance Officers, fractional Security Officers, and fractional CTOs), defining a Statement of Work, executing engagements, and rating or providing feedback on Marketplace Professionals.
• Communications: messages you send to JetBridge support, sales, and engineer-network coordinators, including email, in-app messages, chat transcripts, and call recordings (where you have been notified and consent is required by applicable law).

2.2 Information Collected Automatically

• Usage and Telemetry Data: Platform interactions, prompts and prompt frequency, feature usage, click and navigation events, build and deployment events, error logs, performance metrics, model latency, token consumption, and similar telemetry generated as you use the Platform.
• Device, network, and log data: IP address, browser and device type, operating system, language, time zone, referring/exit pages, session identifiers, and timestamps.
• Cookies and similar technologies: cookies, web beacons, pixels, and local storage. See Section 8 (Cookies and Tracking Technologies).

2.3 Information from Third Parties

• Identity and enterprise providers: information from single sign-on, identity, or enterprise directory providers if you authenticate using them.
• Payment processors and tax providers: payment status, fraud signals, and tax information from our processors.
• Analytics, advertising, and marketing partners: aggregated and pseudonymous information about how visitors find and use our websites, marketing campaign attribution, and similar data.
• Marketplace network sources: professional history, references, work samples, certifications, licensure information, and vetting evaluations submitted by Marketplace Professionals in our network (engineers, fractional Compliance Officers, fractional Security Officers, and fractional CTOs).
• Public sources: publicly available information from corporate registries, professional networking sites, and the open web for marketing, anti-fraud, and account verification purposes.

2.4 Sensitive and Special-Category Information

JetBridge does not request, and the Platform is not designed to receive, sensitive personal information, government identifiers, financial-account numbers (other than tokens for payment), biometric identifiers, precise geolocation, or special-category data under the GDPR or similar laws. You are responsible for ensuring that you do not submit such information through the Platform unless you have an executed BAA or other appropriate written agreement specifically permitting that processing. If you submit such information without authorization, you indemnify and hold JetBridge harmless from claims arising from that submission, as further set forth in our Terms of Service.

2.5 Children’s Information

The Services are intended for business and professional use and are not directed to children under 18. JetBridge does not knowingly collect personal information from children under 18. If you believe a child has provided personal information to JetBridge, please contact us at privacy@jetbridge.com and we will delete it promptly in accordance with applicable law.

3. How We Use Information

We use the information we collect for the purposes described below, in each case under one or more of the legal bases set forth in Section 11.

• To provide and operate the Services: authenticate accounts, deliver the Platform, generate AI Outputs from your Inputs, run sandbox environments, host synthetic data sets, support integrations, deliver Engineer Services introductions, and operate billing.
• To improve and develop the Services: analyze Usage and Telemetry Data, debug, profile and benchmark the Platform, evaluate model and feature quality, A/B test, and develop new features, integrations, and offerings, including improvements to our Engineer Services and engineer-vetting processes.
• To train, fine-tune, and evaluate AI models, subject to the limitations in Section 4: improve the AI capabilities of the Platform, including through evaluation, benchmarking, fine-tuning, retrieval augmentation, and reinforcement learning techniques.
• To provide support and communicate with you: respond to inquiries, send service announcements, deliver security and privacy notices, provide technical support, and notify you of updates.
• To bill, collect, and prevent fraud: process payments, calculate taxes, manage accounts, prevent fraud, abuse, and unauthorized access, and enforce our agreements.
• To market and promote the Services: send marketing communications (subject to your preferences), measure marketing effectiveness, run events and webinars, and feature opted-in projects on jetbridge.com or related properties.
• To comply with law and protect rights: comply with legal obligations, respond to lawful requests, enforce our terms, protect our and others’ rights, property, and safety, and respond to claims and disputes.
• For corporate transactions: evaluate, negotiate, and conduct mergers, acquisitions, financings, reorganizations, sales of assets, bankruptcies, or similar transactions involving JetBridge.
• For aggregated and de-identified analytics: produce statistical, aggregated, or de-identified information that no longer identifies you or any individual; we may use and share such information for any lawful purpose without restriction.

4. AI Training, Inputs, and Outputs

JetBridge takes a deliberately conservative approach to using customer information for AI training. The following terms govern how Inputs, Outputs, and related data may be used by JetBridge for model training, fine-tuning, evaluation, and product improvement.

4.1 No Training on PHI or Real Patient Data

JetBridge does not train, fine-tune, evaluate, or otherwise use Protected Health Information, real patient data, or any individually identifiable health information you may submit (in violation of these terms) to develop or improve our AI models. In the event that any such information is identified in customer Inputs, JetBridge will treat it in accordance with the BAA (if executed) or, in the absence of a BAA, will isolate, quarantine, or delete the data in accordance with our internal incident-response procedures. The Platform is intended for synthetic data only.

4.2 Synthetic Data Sets

JetBridge may use, retain, and analyze synthetic data sets that we generate or seed, including Synthea-derived synthetic patient records and synthetic billing data sets, for any product, research, training, or evaluation purpose, without restriction. You acknowledge that such synthetic data does not relate to any identifiable individual.

4.3 Usage Data and Billing-System Data Used to Improve the Services

You acknowledge and agree that, to the maximum extent permitted by law, JetBridge may collect, retain, analyze, and use the following information to operate, secure, evaluate, develop, train, fine-tune, and improve the Platform, the Engineer Services, and JetBridge’s other products and services:

• Usage and Telemetry Data, including prompt patterns, feature interactions, build, deployment, and error events, latencies, and token consumption;
• Billing-system data, including amounts charged, plan tier, subscription history, invoice metadata, taxes, and similar transactional information (excluding cardholder data and payment-card numbers);
• Aggregated, anonymized, or de-identified information derived from Inputs, Outputs, or Usage Data, in each case in a form that does not identify you or any individual; and
• Engineer- and Marketplace-Professional-engagement metadata, including project scoping data, ratings, feedback, throughput, and engagement outcomes for engineers, fractional Compliance Officers, fractional Security Officers, and fractional CTOs (excluding the substance of your code, customer or end-user data, or any Marketplace Professional's privileged work product).

4.4 Inputs and Outputs — Default Treatment

JetBridge does not use the substantive content of customer Inputs or Outputs (including your code, prompts, and configuration files) to train foundation AI models for the benefit of other customers, except where you have expressly opted in or where the data has been de-identified and aggregated such that it cannot reasonably be used to identify you, your project, or any individual. JetBridge reserves the right to use Inputs and Outputs to (a) provide the Services to you, (b) debug and resolve incidents you report, (c) detect, investigate, and prevent abuse, fraud, or violations of our Terms of Service, (d) comply with law, and (e) generate aggregated, anonymized, or de-identified analytics consistent with this Policy.

4.5 Third-Party AI Model Providers

The Platform may use third-party AI model providers as subprocessors to deliver inference, embeddings, or similar capabilities. We require these subprocessors to provide written commitments that customer Inputs and Outputs delivered through their APIs will not be used to train their public models. The list of subprocessors is available on request and may be updated from time to time.

5. How We Share Information

JetBridge shares information only as described in this Policy. We do not sell personal information for monetary consideration. We may share information in the following circumstances:

• Service providers and subprocessors: hosting, cloud infrastructure, AI model providers, analytics, telemetry, error monitoring, payment processors, customer support, email and communications, and similar vendors that process information on our behalf under written agreements that restrict their use of the information.
• Engineer Marketplace (engineers) and Fractional Officer directory (CO / Security Officer / CTO): these are two distinct offerings. For the Engineer Marketplace, JetBridge facilitates introductions of senior software engineers and may act as the contracting party or referral intermediary as set out in ToS Section 11.1. For the Fractional Officer directory, JetBridge provides only the Compliance Document Management Tool with a directory listing — the engagement, if any, is solely between you and the Fractional Officer, and JetBridge does not financially intermediate. In either case, to enable the engagement JetBridge shares information necessary to scope it, including your contact information, project description, role you wish to fill, and (with your consent) selected Inputs or Outputs. Where the engagement involves access to information you maintain in your JetBridge account (including, where authorized, ePHI under an executed BAA), that access is governed by your own access controls within your account; the engaged professional is for those purposes a workforce member (or, where applicable, a subcontractor or business associate) of you, and is not a Subcontractor of JetBridge under your BAA. The contractual terms governing engineer engagements are in ToS Section 11.1–11.7; Fractional Officer engagements are governed by BAA Section 7 and ToS Section 11.8.
• Affiliates: with present and future JetBridge affiliates, parents, subsidiaries, and corporate group entities for purposes consistent with this Policy.
• Legal, regulatory, and protective disclosures: to comply with law, legal process, or governmental requests; to enforce our agreements; to investigate and prevent fraud, abuse, or security incidents; or to protect the rights, property, or safety of JetBridge, our customers, or others.
• Corporate transactions: in connection with the negotiation or completion of a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar transaction.
• With your direction or consent: with third parties when you instruct us, including by enabling integrations, opting in to project showcase features, or providing other express consent.
• Aggregated or de-identified information: with any third party for any lawful purpose, in a form that does not identify you or any individual.

6. Project Showcase and Public Visibility

You can configure visibility of your projects under the "Privacy" tab on your user profile. Subject to your selected settings, JetBridge may feature, link, or display certain attributes of your projects (such as project name, screenshots, or summaries) on jetbridge.com, ai.jetbridge.com, or related marketing properties. You may change these preferences at any time through your account settings; provided that JetBridge is not obligated to remove information that has already been distributed publicly, cached by third parties, or used in marketing materials disseminated prior to your change.

7. Data Retention

JetBridge retains personal information for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, enforce our agreements, and protect our rights. Specific retention periods depend on the type of information, the purpose for which it was collected, and applicable legal requirements. Examples include:

• Account information: for the life of your account and for a reasonable period thereafter.
• Inputs, Outputs, and project data: until deletion by you, account closure, or as required for backups, security, audit, and legal-hold purposes.
• Usage and Telemetry Data, billing data, and aggregated analytics: for a period that supports our legitimate business and product-improvement purposes, which may exceed account closure.
• Compliance, legal, tax, and audit records: for the periods required by applicable law.

When information is no longer needed, we will delete or anonymize it in a commercially reasonable manner. Backup copies and archived records may persist for additional periods consistent with our retention schedule.

8. Cookies and Tracking Technologies

We and our service providers use cookies, pixels, web beacons, software development kits, local storage, and similar technologies to operate the Services, remember your preferences, authenticate you, measure performance and engagement, and (where permitted) deliver and measure marketing. You can control cookies through your browser settings and, where required by law, through a cookie-consent or preference banner provided on our websites. Disabling certain cookies may impair functionality of the Services.

9. Security

JetBridge implements administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, use, alteration, disclosure, or destruction. These safeguards include encryption in transit and (where applicable) at rest, role-based access controls, logging and monitoring, secure software development practices, and personnel training. No security program is impenetrable, and JetBridge cannot guarantee the absolute security of any information. You are responsible for safeguarding your account credentials and for the security of any environment to which you export Outputs or where you deploy applications you build with the Platform.

10. International Users and Cross-Border Transfers

JetBridge is headquartered in the United States and operates primarily from facilities and infrastructure located in the United States. By using the Services, you understand that your information will be transferred to, stored, and processed in the United States and other countries that may have data-protection laws different from those of your country of residence. Where required by applicable law, JetBridge relies on appropriate safeguards for cross-border transfers, including the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, the EU-U.S. Data Privacy Framework (and its UK and Swiss extensions, where applicable), or other lawful mechanisms.

11. Legal Bases for Processing (EU/UK Users)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, JetBridge processes personal information based on the following legal bases:

• Performance of a contract: to provide the Services to you and to take steps at your request before entering a contract.
• Legitimate interests: to operate, secure, improve, and develop the Services; to communicate with our customers and prospects; to prevent fraud and abuse; and to conduct our business, in each case where those interests are not overridden by your rights.
• Compliance with legal obligations: to comply with applicable law, regulations, court orders, and enforceable governmental requests.
• Consent: where required, including for marketing communications and certain cookies. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

12. Your Privacy Rights

Depending on where you reside, you may have certain rights with respect to your personal information. JetBridge will honor verifiable requests in accordance with applicable law.

12.1 California, Colorado, Connecticut, Virginia, Utah, and Other U.S. State Rights

Subject to applicable law and with appropriate verification, you may have the right to:

• know or access the categories and specific pieces of personal information we process about you;
• correct inaccurate personal information;
• delete personal information, subject to permitted exceptions;
• obtain a portable copy of personal information you provided to us;
• opt out of "sales" or "sharing" of personal information for cross-context behavioral advertising, and of certain types of profiling and targeted advertising;
• limit the use of sensitive personal information; and
• be free from unlawful discrimination for exercising these rights.

"Sale" / "Share" Disclosure. JetBridge does not sell personal information for monetary consideration and does not knowingly engage in "sharing" for cross-context behavioral advertising as those terms are defined under California law. Where required, you may submit an opt-out request via the methods described in Section 15.

12.2 EU/UK/Swiss Rights

Where applicable, you have the right to access, rectify, erase, restrict or object to the processing of your personal information, request portability, and lodge a complaint with your supervisory authority. To exercise these rights, contact privacy@jetbridge.com.

12.3 Authorized Agents and Verification

You may authorize an agent to submit a request on your behalf, subject to verification of identity and authorization. We may decline requests that we cannot verify, that are unduly burdensome or repetitive, or that we are otherwise permitted by law to deny.

13. Automated Processing and Profiling

JetBridge does not engage in automated decision-making producing legal or similarly significant effects on individuals. Some of our anti-fraud, abuse-detection, and engineer-matching processes use automated tools; we apply human review when required by law and you may contact us to obtain meaningful information about the logic used.

14. Compliance Document Management Tool & Fractional Officers

JetBridge maintains two distinct offerings relevant to this Section. The Engineer Marketplace, through which Customers may engage senior software engineers, is governed by the JetBridge Terms of Service Sections 11.1–11.7 and is unchanged. Separately, JetBridge provides a Compliance Document Management Tool (the "Tool") that supports the Customer's HIPAA program, and Customers may engage independent fractional Compliance Officers, fractional Security Officers, and fractional Chief Technology Officers (each a "Fractional Officer") to assist with that program. The terms governing Fractional Officer engagements are set out in BAA Section 7 and ToS Section 11.8. The privacy-relevant points follow.

14.1 JetBridge as Tool provider only

With respect to Fractional Officer engagements, JetBridge's role is limited to providing the Tool. JetBridge does not employ, broker, financially intermediate, or otherwise act as a marketplace facilitator for Fractional Officer engagements. JetBridge does not collect, route, or share in any portion of fees paid by the Customer to the Fractional Officer. JetBridge may maintain a directory of Fractional Officers inside the Tool for discovery purposes only.

14.2 Customer responsibility

The Customer is solely responsible for evaluating qualifications (including licensure for Compliance and Security Officer engagements where applicable), accepting the engagement's terms, supervising performance, retaining or terminating the engagement, paying the Fractional Officer, and the work product produced. JetBridge does not warrant the qualifications, advice, or work product of any Fractional Officer. Any directory listing JetBridge makes available is not an endorsement, certification, or recommendation.

14.3 PHI access by Fractional Officers

Where a Fractional Officer needs access to the Customer's ePHI on the Platform in connection with an engagement (for example, to review the Customer's HIPAA Compliance Document with the builder), that access occurs inside the Customer's JetBridge organization and Project, governed by the Customer's own access controls. For purposes of HIPAA, the Fractional Officer is a workforce member of the Customer (or a subcontractor or business associate of the Customer, depending on the engagement) during the engagement; the Fractional Officer is not a Subcontractor of JetBridge under the BAA. The Customer is responsible for any business associate agreement, confidentiality agreement, or other contractual arrangement the Customer determines is required between the Customer and the Fractional Officer.

14.4 Information about Fractional Officers

JetBridge collects from Fractional Officers professional history, references, work samples, certifications, and licensure information sufficient to populate directory listings, and may share with Customers the information necessary for Customers to evaluate and engage a Fractional Officer, consistent with the Fractional Officer's listing-time consent.

14.5 Two-sided Tool fees only

Customer pays JetBridge a Compliance Tool Access Fee for use of the Tool, as set out in the Order Form (which may bundle the Compliance Tool Access Fee into the PHI tier subscription). Each Fractional Officer who uses the Tool with respect to a Customer pays JetBridge a $500 per-Customer Tool Usage Fee. JetBridge does not charge the Fractional Officer any percentage fee, hourly fee, recurring fee, placement fee, finder's fee, or referral fee.

14.6 No non-circumvention or non-solicitation for Fractional Officer engagements

Notwithstanding any non-circumvention or non-solicitation covenants that may apply to engagements through the Engineer Marketplace under ToS Section 11.5, the Customer is NOT subject to any non-circumvention, non-solicitation, exclusivity, placement-fee, or similar restrictive covenant with respect to any Fractional Officer engagement. The Customer may engage, retain, replace, or terminate any Fractional Officer at any time without obligation to JetBridge.

14.7 Liability

The Customer assumes liability for any work product, decision, or harm arising out of the Customer's engagement of a Fractional Officer, and indemnifies JetBridge for third-party claims arising therefrom, except to the extent caused by JetBridge's gross negligence or willful misconduct in operating the Tool itself.

15. Contact and Submitting Requests

Questions about this Policy or requests to exercise your rights should be directed to:

16. Changes to This Policy

JetBridge may revise this Policy from time to time. The "Last Updated" date above indicates when this Policy was last revised. Material changes will be communicated through reasonable means, which may include in-app notice, email, or notice on https://ai.jetbridge.com. Your continued use of the Services after any change becomes effective constitutes your acknowledgement of the revised Policy. If you do not agree to a change, you must stop using the Services.

17. Order of Precedence and Conflicts

In the event of a conflict between this Policy and an executed BAA, the BAA controls solely with respect to information that constitutes Protected Health Information. In the event of a conflict between this Policy and a separately executed enterprise data-processing addendum or master subscription agreement, the more specific written agreement controls.