Privacy Policy

Data Privacy Statement for Inbound Event Data

1. Purpose

This Data Privacy Policy outlines JustAI (“we,” “our,” or “us”) data handling practices related to inbound event data received via webhooks or similar automated delivery methods. It clarifies our approach to personally identifiable information (PII), including email addresses, and details our standard processing protocols across all third-party integrations.

2. Scope

This Statement applies to all inbound data integrations where JustAI receives event-related information from external systems, whether via webhooks (from Customer.io), data exports, shared storage locations (such as Amazon S3), or other automated delivery methods.

3. Handling of Personally Identifiable Information (PII)

While we do not request or require PII, we recognize that some data payloads may include PII, such as email addresses, depending on the configuration of the sending system. To address this, we confirm the following:

No Storage: PII, including email addresses, is not stored for analytics, ranking, generation, or machine learning systems.
Limited Processing: Inbound payloads may be read and parsed for the sole purpose of validating structure, identifying fields, and redacting PII where applicable. However, PII is not used in any analytics, ranking, generation, or machine learning systems.
Logging: PII is not intentionally captured for logging, metrics, or storage. While we make a best-effort attempt to minimize incidental inclusion of PII in system logs, full scrubbing is not guaranteed. Customers are responsible for ensuring that data sent to us complies with their internal policies and privacy requirements.

4. Data We Process

We only access and process the following categories of non-PII data:

Event metadata such as send, open, click, or similar lifecycle events.
Anonymous or pseudonymous identifiers (e.g., internal user or message IDs).
Timestamps and engagement metrics relevant to event delivery and performance.

5. Optional Use of Identifiers for Data Joining

In certain customer-approved configurations, we may use email addresses or other identifiers solely for the purpose of joining event data across systems (for example, correlating data from Segment and Iterable). This type of usage is:

Strictly opt-in: Customers must explicitly approve and enable this functionality.
Limited in scope: Identifiers are used only for matching records across the client’s systems (e.g. CDPs, ESPs), not for personalization or machine learning.

6. Optional Privacy-Enhancing Integration Methods

Although our systems are designed to disregard PII, we understand that some customers may have stricter data governance requirements or internal compliance policies. To support these cases, we offer optional integration strategies to minimize or eliminate exposure to PII before data reaches our systems:

Scrubbed Webhook Forwarding: Customers may implement an intermediary system that removes PII from payloads before forwarding data to us.
Amazon S3 Export: We can process data received via secure, shared storage solutions such as Amazon S3, allowing customers to exclude or transform PII prior to delivery.

These options are not required for integration but are available for customers whose internal policies require more stringent control over PII transmission.

7. Commitment to Data Privacy and Compliance

JustAI is committed to data minimization, privacy by design, and responsible data stewardship. Our internal systems and processes are designed to exclude unnecessary PII and comply with applicable data protection frameworks. We are happy to connect via email or set up a call to discuss your compliance questions or integration requirements in more detail.

8. Contact

For questions regarding this statement or for requests related to data privacy, compliance, or integration practices, please contact us.

Last updated: June 11, 2025