Privacy Policy.

We collect the minimum we need to run the site, reply to your brief, and ship the work. We don't sell your data. We don't share it with third parties unless you've explicitly opted in or unless we're legally required to.

If you have any concerns, email hello@j450n.ai and we'll address them directly.

Contact form submissions: name, email, project area, timeline, and any details you choose to share in the message field. We use these to reply to your brief and scope a potential engagement.

Site analytics: page views, referrer, device/browser metadata, and aggregated usage patterns. Used to understand which pages get read and which break. No personally identifying analytics tracking beyond standard server logs unless you've consented to cookies (see /cookies).

Email correspondence: anything you send us via email. We retain emails for the duration of an engagement and 7 years after, per standard business records practice.

Engagement data: during an active build, we'll receive access to whatever systems, data, and credentials you provide. This is governed by the Statement of Work and any NDA we've signed.

To reply to your brief and figure out if we're a fit.

To deliver the work specified in any signed engagement.

To improve the site (which pages convert, which break).

To stay in legal compliance (tax records, dispute defense).

We don't sell your data. Full stop.

We share data with third parties only in these specific cases: (1) infrastructure providers we use to run the site or your engagement (e.g. hosting, email, analytics — listed in /cookies); (2) when you've explicitly opted in to a specific share; (3) when we're legally required to (subpoena, court order, tax authority).

Subprocessors used in any engagement are disclosed in the Statement of Work.

You can ask us at any time what data we hold about you, request a copy, request corrections, or request deletion. Email hello@j450n.ai with the subject "Data request" and we'll respond within 30 days.

Deletion requests during an active engagement may be partially fulfilled — we may need to retain data necessary to deliver the work you've contracted us to do. We'll always tell you what we kept and why.

You may have additional rights depending on your jurisdiction (GDPR, CCPA, etc.). We honor those rights for residents of those jurisdictions whether or not we're legally required to.

Contact form submissions: 24 months from receipt, then deleted unless they led to a signed engagement.

Engagement data: duration of the engagement + 7 years (business records retention).

Analytics: aggregated indefinitely; raw access logs 90 days.

Marketing emails (if you opted in): until you unsubscribe.

We use standard industry security practices: encrypted transit (HTTPS), encrypted storage where applicable, principle-of-least-privilege access controls, and incident response procedures.

No system is perfectly secure. In the event of a breach affecting your data, we'll notify you within 72 hours of discovery and tell you what happened, what was affected, and what we're doing about it.

We may update this policy. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated to active engagements directly. Continued use of the site after a change constitutes acceptance.