Privacy Policy (JITERA PTE. LTD.)

This Privacy Policy (this “Policy”) describes how JITERA PTE. LTD. and its subsidiaries (including Jitera Inc.) (collectively, “Company,” “we,” “us,” or “Jitera”) handle personal information.

Article 1. Scope

1. This Policy explains how we collect, use, disclose, and protect your personal information when you use the services jointly provided by Jitera (including AI-powered development platforms, code generation tools, project management features, and related services).
2. This Policy applies to all users worldwide. We process personal information in accordance with the Japanese Act on the Protection of Personal Information (“Personal Information Protection Act”), Singapore’s Personal Data Protection Act 2012 (“PDPA”), the EU General Data Protection Regulation (“GDPR”), UK GDPR, Swiss Federal Act on Data Protection (“FADP”), applicable U.S. privacy laws (including all applicable state privacy laws), and other applicable data protection laws.
3. By using the Service, you are deemed to have read, understood, and agreed to this Policy.

Article 2. Definitions

Terms used in this Policy that are not defined herein shall have the meanings set forth in the Terms of Service (https://jitera.com/terms).

1. “Personal Information” means any information that can directly or indirectly identify a specific individual, including but not limited to name, email address, mailing address, telephone number, payment information, IP address, device identifiers, and online identifiers such as cookies.
2. “Service” means all products, services, websites, applications, and platforms jointly provided by Jitera (including AI-powered development platforms, code generation tools, project management features, API services, and related offerings).
3. “User” or “you” means any individual or legal entity that accesses or uses the Service.
4. “Processor” means an entity that processes personal data on behalf of a Controller. When you use the Service to process data of your customers or employees, Jitera acts as a Processor on your behalf. Such processing is conducted in accordance with your agreement with us (including the Terms of Service and Data Processing Agreement (DPA) (https://jitera.com/dpa)). You are responsible for ensuring that you have the appropriate legal basis and consent to process such data.
5. “Processing” means any operation performed on personal data, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, transmission, erasure, and destruction.
6. “Third-Party AI Providers” means external artificial intelligence service providers that we integrate with, including but not limited to OpenAI, Google (Gemini), Anthropic (Claude), and OpenRouter.

Article 3. Information We Collect

We collect the following categories of personal information.

1. Information You Provide Directly

Information you provide when creating an account and using the Service:

• Account information (name, email address, password, etc.)
• Payment information (processed through third-party payment processors)
• Profile information
• Project data (code, files, documents, etc.)
• Communication data (support requests, feedback, etc.)

2. Information Collected Automatically

Information automatically collected when you use the Service:

• Device information (IP address, browser type, operating system, etc.)
• Usage information (pages visited, features used, time spent, etc.)
• Log data (access times, error logs, API calls, etc.)
• Cookies and tracking technologies (see Article 10 for details)

3. Information Obtained from Third Parties

Information obtained from third-party services (authentication providers, business partners, payment processors, etc.)

4. Information About Third Parties Received from You

Personal information of customers, employees, or others that you process through the Service. You are responsible for obtaining necessary consent to provide such information.

Article 4. How We Use Information

We use your personal information for the following purposes:

• Providing, operating, and maintaining the Service
• Managing your account and providing support
• Improving the Service and developing new features
• Ensuring security and preventing fraud
• Complying with applicable laws
• Marketing communications with your consent (you may unsubscribe at any time)

AI Model Training

We do not use any user’s data — whether Free Plan or Paid Plan — for AI model training purposes by default. Data may only be used for AI training purposes if you have explicitly opted in.

Free Plan Users

Data from Free Plan users will not be used for AI training purposes by default. Only if you explicitly opt in through your account settings or by contacting support@jitera.com may we use de-identified data to improve AI models.

Paid Plan Users

Data from Paid Plan users will not be used for AI training purposes without prior written consent. Paid Plan users may opt in to optional data usage for service improvement purposes by contacting support@jitera.com or through account settings.

We do not use raw Personally Identifiable Information (PII) such as names, email addresses, or phone numbers for machine learning training purposes. Data used for AI training is aggregated and de-identified in accordance with industry best practices and applicable data protection laws.

Article 5. Legal Basis for Processing

1. For users in the EEA, UK, and Switzerland, we process your personal data in accordance with GDPR and applicable local laws based on the following legal grounds:
   • Contractual necessity: To perform our contract with you (Terms of Service)
   • Legitimate interests: Operating and improving the Service, ensuring security, preventing fraud, conducting business analytics
   • Consent: Processing for which you have provided clear consent, such as marketing communications and optional cookies
   • Legal obligation: To comply with our legal obligations under applicable laws
2. For users in Singapore, we process your personal data under the Personal Data Protection Act 2012 (“PDPA”) based on the purposes described in Article 4, including: contractual necessity (to provide the Service); legitimate interests (to operate and improve the Service, ensure security, and prevent fraud); and consent (for optional communications and non-essential cookies).
3. For users in Japan, we process your personal data under the Act on the Protection of Personal Information (“APPI”) for the purposes set forth in Article 4. We notify users in Japan of the purposes of use of their personal information, and obtain consent where required by APPI.
4. For users in other jurisdictions, we process your personal data in accordance with applicable privacy and data protection laws, based on appropriate legal grounds such as contractual necessity, legitimate interests, consent, or legal obligations.

Article 6. Sharing and Disclosure

We may share your personal information in the following circumstances:

1. Service Providers

We may entrust the handling of personal information to third parties that provide services on our behalf (cloud infrastructure, AI processing, payment processing, analytics, communications, etc.). All service providers are contractually obligated to protect your personal information. The current list of sub-processors is available at https://trust.jitera.app/.

2. Corporate Group

JITERA PTE. LTD., Jitera Inc., and their group companies may jointly use personal information obtained in connection with the provision of the Service for the purposes set forth in Article 4. The entity responsible for management is as stated in Article 15.

(Note) Provision to Third Parties in Foreign Countries under Japanese Personal Information Protection Act: In connection with such joint use, personal data obtained by Jitera Inc. may be provided to third parties in Singapore and the United States.

• For information on the personal information protection systems of these countries, please refer to the information provided by the Personal Information Protection Commission at the following link: https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku
• Recipients have implemented measures equivalent to those required of personal information handling business operators in Japan.
• Jitera Inc., when providing personal information to third parties in foreign countries that have implemented measures equivalent to those required of personal information handling business operators under the Act on the Protection of Personal Information, takes necessary measures to ensure the continued implementation of such measures. For details, please contact the person responsible as stated in Article 15.

3. Business Transfers

If we are involved in a business transaction such as a merger, acquisition, or asset sale, your personal information may be transferred as part of that transaction.

4. Legal Requirements

We may disclose personal information when required by law, or for legal proceedings, contract enforcement, protecting rights, or preventing fraud.

5. Your Consent

We may provide personal information to third parties when you have provided explicit consent.

6. De-identified Data

We may share de-identified data that cannot identify you for research, analytics, marketing, and other purposes.

7. Sale and Sharing of Personal Information

We do not sell your personal information. We also do not “share” it as defined by the CCPA (disclosure to third parties for targeted advertising purposes).

Article 7. International Data Transfers

1. Your personal information may be transferred to and processed in countries other than your country of residence (including Singapore, Japan, the United States, and other countries where we or our service providers operate). These countries may have different data protection laws than your country.
2. When transferring data internationally, we implement appropriate safeguards based on applicable law.
3. For users in the EEA, UK, and Switzerland, we use Standard Contractual Clauses (SCCs) approved by the European Commission or other appropriate safeguards.

Article 8. Data Retention

1. We retain your personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by applicable law.

   Primary retention periods:

   • Account information: Reasonable period after account closure
   • Payment information: Period required by applicable tax and accounting laws
   • Other data: Period necessary for service provision
2. After the retention period expires, we delete or de-identify personal information. You may request deletion by contacting support@jitera.com.

Article 9. Security Measures

1. We implement industry-standard security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These include:

   • Encryption of data in transit and at rest
   • Access controls and authentication mechanisms
   • Regular security assessments and audits
   • Security training for employees
   • Incident response procedures
2. We comply with security requirements under GDPR, PDPA, and other applicable data protection laws. For details on security measures, please contact support@jitera.com.

Article 10. Use of Cookies

1. We use cookies and similar technologies to provide and improve the Service.

   Types of cookies we use:

   • Essential cookies (authentication, security, basic functionality)
   • Functional cookies (storing preferences)
   • Analytics cookies (usage analysis, Google Analytics, etc.)
   • Marketing cookies (ad delivery and effectiveness measurement)
2. You can manage cookies through your browser settings. For EU/UK users, we obtain consent before placing non-essential cookies.

3. For more information, please refer to:

   • Google Analytics data practices: https://policies.google.com/technologies/partner-sites
   • Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout

Article 11. Privacy Rights

In accordance with applicable data protection laws (including the Personal Information Protection Act, PDPA, GDPR, and applicable U.S. privacy laws), if you wish to request disclosure, correction, deletion, or suspension of use of your personal information, please contact us at the contact information below. We will explain the specific procedures separately.

When requesting disclosure of personal information, please select either electronic or written method and submit the required identity verification documents to us. Where permitted by applicable law, a prescribed fee may be charged.

1. Additional Rights

Depending on your location, you may have the following additional rights:

• EEA, UK, Switzerland: Data portability, objection to processing, restriction of processing, withdrawal of consent, complaint to supervisory authority
• Japan, Singapore, Canada: Withdrawal of consent, complaint to supervisory authority

2. Response Time

We will respond to your requests within the time period required by applicable law (typically 30–45 days).

3. Contact Information

Email: support@jitera.com

4. California Residents’ Rights (CCPA/CPRA)

California residents have the following rights under CCPA/CPRA:

• Right to know: The right to know about personal information collected, used, or shared
• Right to delete: The right to request deletion of personal information
• Right to correct: The right to request correction of inaccurate personal information
• Right to opt-out: The right to opt out of the sale or sharing of personal information (we do not sell or share)
• Right to non-discrimination: The right not to receive discriminatory treatment for exercising privacy rights

To exercise your rights, contact support@jitera.com. We will respond within 45 days.

Article 12. Children’s Privacy

1. Our Service is not intended for children under 16 years of age (under 13 years of age in the United States, or such other applicable minimum age required by local laws).
2. We do not knowingly collect personal information from children below these age thresholds. If we discover that we have inadvertently collected personal information from a child, we will promptly delete it.
3. If you become aware of data collection from children, please contact support@jitera.com.

Article 13. Third-Party Services

1. Our Service may contain links to third-party websites, applications, or services (including Third-Party AI Providers).
2. We are not responsible for the privacy practices of third-party services. These services have their own privacy policies, and we recommend that you review them.

Article 14. Changes to This Policy

1. We may change this Policy as necessary. When we do, we will notify users of the revised Privacy Policy and when it will take effect by posting on our website or through other appropriate means.
2. For material changes that affect your rights, we will provide advance notice and obtain your consent when required by law.

Article 15. Contact Information

Data Controller: JITERA PTE. LTD.

18 ROBINSON ROAD, #20-02, 18 ROBINSON, SINGAPORE (048547)

Data Protection Officer: Naoki Sugiyama

Contact: support@jitera.com

If you are not satisfied with our response, you have the right to lodge a complaint with the data protection supervisory authority in your region.

Supplementary Provisions

Article 1. Effective Date

This Policy shall come into effect on April 1, 2026.