← Home

Privacy Policy

Effective date: (set on publish)

Placeholder. This page is the structural shell. The actual policy content is being finalized by the operator and will be published before the public launch.

What we collect

When you sign in with Google, we receive your email address, name, and profile photo URL. We request the drive.file OAuth scope, which limits our access to only the files our app creates or opens for you — we cannot see any other file in your Google Drive.

How we use it

We use your Google identity to coordinate audit-project workflows (task assignment, status transitions, comments) and to upload evidence files into a folder structure inside your own Google Drive. The files themselves never leave your Drive — they are never copied to our servers.

How we store it

User profile data and project workflow state lives in our Supabase Postgres database with row-level security enforcing per-engagement isolation. OAuth refresh tokens are encrypted at rest using AES-256-GCM with a key managed separately from the database.

Data minimisation — “your data, your Drive”

Joujik Mutualwork is architected to keep per-engagement data inside the engagement’s Google Drive, not on our servers. What we hold server-side is limited to:

What we do not hold (after the M2 metadata migration completes — currently in flight): customer-profile data, per-task comments, per-task notes, the audit log of actions performed in your project. All of these will live in a hidden.joujik/ folder inside the engagement’s Drive. You can browse those JSON files yourself any time. Today (pre-migration), some of this metadata still lives in our database; it will move out incrementally.

Sharing

We do not sell, rent, or share your OAuth tokens, file content, or identifying information with any third party. Aggregated, anonymized usage metrics may be reviewed internally for product improvement.

Your rights

You can revoke our access at any time from your Google Account permissions page. You can request a copy of your stored data or its deletion by emailing us at the address below.

Contact

For privacy questions, contact: (operator: add email).