Julebu (julebu.ai) Privacy Policy

We collect information in the following categories:

1.1 Information You Provide Directly

1.2 Information Collected Automatically

1.3 Information from Third-Party Sources

We use the information we collect for the following purposes:

2.1 Core Service Delivery

• Providing and maintaining the English learning platform
• Processing your exercises, tracking learning progress, and calculating spaced repetition schedules
• Delivering AI-powered tutoring, grammar explanations, and pronunciation assessment (via Microsoft Azure)
• Managing your account, authentication, and session security
• Processing payments and managing Membership subscriptions

2.2 Service Improvement

• Analyzing usage patterns to improve features and user experience
• Identifying and fixing bugs, errors, and performance issues
• Developing new features and educational content
• Generating aggregate, anonymized statistics about platform usage

2.3 Communication

• Sending service-related notifications (e.g., account security, membership status)
• Responding to your support requests and feedback
• Informing you about material changes to our Terms of Service or Privacy Policy

2.4 Safety and Security

• Detecting and preventing fraud, abuse, and violations of our Terms of Service
• Rate limiting and automated abuse detection
• Content moderation to maintain community safety
• Enforcing our Terms of Service

2.5 Legal Compliance

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from public authorities

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, we process your personal data based on the following legal grounds:

You may withdraw your consent at any time where consent is the legal basis for processing (see Section 8).

We do not sell your personal information. We share your information only in the following circumstances:

4.1 Third-Party Service Providers

We engage the following categories of third-party service providers who process data on our behalf:

All service providers are contractually obligated to process your data only as instructed by us and to maintain appropriate security measures.

4.2 Community Features

When you use community features (study groups, dynamics, reviews), your Content and profile information may be visible to other users based on your visibility settings:

• Public: Visible to all users
• Followers Only: Visible to users who follow you
• Mutual Follows: Visible to users you follow who also follow you
• Private: Visible only to you

4.3 Legal Requirements

We may disclose your information if required to do so by law or if we believe in good faith that such action is necessary to:

• Comply with a legal obligation or valid legal process
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public
• Protect against legal liability

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your personal information.

5.1 Cookies We Use

5.2 Local Storage

We use browser localStorage and sessionStorage for:

• Storing user preferences and settings
• Maintaining application state during your session
• Analytics session identifiers

5.3 Your Cookie Choices

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all or some cookies, or to alert you when cookies are being set. Please note that if you disable essential cookies, some parts of the Service may not function properly.

5.4 Browser Extension

Julebu offers an optional browser extension (compatible with Chrome, Edge, and other Chromium-based browsers) to streamline your learning workflow. When installed, the extension accesses the following data, with the scope and purpose described below:

YouTube Cookie Access (international users only)

YouTube import is available exclusively to Julebu international users (accounts on julebu.ai). The extension reads cookies for the youtube.com domain only when you start a YouTube import from the extension popup or from the official Julebu editor. The cookies are sent over HTTPS to editor-api.julebu.ai solely to authenticate the yt-dlp video extraction job. They are encrypted and temporarily stored in Redis for up to 30 minutes, deleted after the job reads them or when the TTL expires, never used for any other purpose, and never shared with third parties.

The extension performs no background sync, monitoring, or upload. All sensitive data access is gated by an explicit user action. You may stop this functionality at any time by:

• Not initiating an import from the extension popup or the official Julebu editor
• Uninstalling the extension, which immediately revokes its access to all browser data

The extension does not use eval(), does not load remote JavaScript, and does not include any analytics, ads, or tracking scripts.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

When your account is deleted, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing our agreements).

We implement appropriate technical and organizational measures to protect your personal data, including:

• Transport Encryption: All data is transmitted over HTTPS/TLS
• Password Security: Passwords are hashed using industry-standard algorithms
• Access Controls: Role-based access with principle of least privilege
• Rate Limiting: Tiered rate limiting strategies to prevent abuse and protect against denial-of-service attacks
• Security Headers: HTTP security headers including HSTS, X-Content-Type-Options, X-Frame-Options
• Input Validation: Server-side validation using schema-based validation
• Regular Updates: Dependencies and infrastructure are regularly updated

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

8.1 Rights for All Users

Regardless of your location, you have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and associated personal data
• Data Portability: Request your data in a structured, commonly used, machine-readable format
• Withdraw Consent: Withdraw consent at any time where consent is the basis for processing

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8.2 Additional Rights for EEA/UK Residents (GDPR)

If you are located in the European Economic Area or United Kingdom, you additionally have the right to:

• Restrict Processing: Request restriction of processing of your personal data under certain circumstances
• Object to Processing: Object to processing based on legitimate interests
• Lodge a Complaint: File a complaint with your local data protection authority

Data Protection Authority Contacts:

• EU: You can find your local DPA at edpb.europa.eu
• UK: Information Commissioner's Office (ICO) at ico.org.uk

We will respond to GDPR-related requests within 30 days. In complex cases, this period may be extended by an additional 60 days, and we will inform you of any extension within the initial 30-day period.

8.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes for collection, and the categories of third parties with whom we share personal information.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

Categories of Personal Information Collected (past 12 months):

To exercise your CCPA/CPRA rights, contact us at [email protected] or submit a verifiable consumer request. We will verify your identity before processing your request.

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our servers and some of our service providers are located. We ensure that appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) where required by applicable law.

By using the Service, you acknowledge that your information may be transferred internationally as described in this section.

10.1 Age Restrictions

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. Children under 8 years of age are strictly prohibited from using the Service.

10.2 Parental Consent

For users between 13 and 18 years of age, we require parental or guardian consent before account creation. Parents or guardians who provide consent are agreeing to these Terms and this Privacy Policy on behalf of their child.

10.3 Parental Rights

Parents and guardians have the right to:

• Review the personal information we have collected from their child
• Request deletion of their child's personal information
• Refuse further collection or use of their child's personal information

10.4 Our Commitments for Minor Users

For users under 18 years of age:

• We collect only the minimum information necessary to provide the Service
• We do not use minor users' data for commercial marketing purposes
• We apply strict security measures to protect minor users' information
• We do not share minor users' information with third parties without guardian consent, except as necessary to provide the Service

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at [email protected], and we will promptly delete such information.

Some browsers transmit "Do Not Track" (DNT) signals. The Service currently does not respond to DNT signals. We use Plausible Analytics, which is a privacy-friendly analytics tool that does not track users across websites and does not use cookies for analytics purposes.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

• Posting the updated Privacy Policy on the Service with a revised "Last Updated" date
• Sending you an email notification at least 30 days before the changes take effect

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Julebu Labs, LLC

• Email:[email protected]
• Website:https://julebu.ai

For privacy-specific inquiries, please include "Privacy" in the subject line of your email. We will respond to all inquiries within 30 days.