JennyERPJennyERP
Sign inSign up

Privacy Policy

How we collect, use, and protect your data. We follow GDPR (EU), CCPA (California), and equivalent laws globally.

Last updated: May 20, 2026

1. What we collect

  • Account info: email, name, company, password (hashed)
  • Business data you upload: fabric samples, customer/supplier records, orders, invoices
  • Usage data: pages visited, features used, browser/device, anonymized for analytics
  • Cookies: session cookie for login, locale preference. No third-party tracking by default.
  • Payment data: handled directly by Stripe (we never see card numbers)

2. How we use it

  • Provide the Service (host your samples, run reports, send orders)
  • Process subscription payments via Stripe
  • Send transactional emails (verification codes, receipts, order notifications)
  • Improve the Service (aggregated, anonymized usage analytics)
  • Comply with legal obligations (tax records, fraud prevention)

3. Third parties we share data with

  • Stripe — payment processing (Stripe's privacy policy applies to card data)
  • Aliyun (Frankfurt OSS) — image hosting for fabric photos
  • NetEase Qiye / SendGrid — transactional email delivery
  • jenny-ai middleware — image search and AI features (data sent without PII)
We don't sell your data. We don't share with advertisers or data brokers.

4. Your GDPR / CCPA rights

Regardless of where you live, you can:
  • Access — download all your data via Account Settings or by email
  • Correct — edit any field in the Service or contact us
  • Delete — delete your account and all associated data anytime
  • Export — get a machine-readable copy of your data (JSON or CSV)
  • Object — opt out of analytics or marketing emails
EU users: you can also lodge a complaint with your local data protection authority.

5. Data retention

We keep your data as long as your account is active. After cancellation:
  • 30 days grace period (you can reactivate)
  • 90 days for backups (deleted after)
  • 7 years for invoices and tax records (legal requirement)

6. Security

  • All data encrypted in transit (TLS 1.2+) and at rest (AES-256)
  • Passwords hashed with bcrypt (we never store plaintext)
  • Servers in Frankfurt, EU (eu-central-1)
  • Limited employee access on need-to-know basis
  • Annual security audit + Pen testing
Suspected breach? Email contact@jennycrm.com — we respond within 24 hours.

7. International transfers

Servers are in Frankfurt (EU). If you're outside the EU, your data may be transferred to and stored in the EU. We comply with applicable cross-border transfer regulations (Standard Contractual Clauses for non-EU customers).

8. Cookies

We use essential cookies only(session, locale, theme). No analytics or advertising cookies by default. If we add optional analytics in the future, we'll show a banner and let you opt out.

9. Children

JennyERP is not intended for users under 16. We don't knowingly collect data from minors.

10. Changes

Material changes to this policy will be announced via email at least 30 days in advance. The "Last updated" date at the top reflects the most recent revision.

11. Contact & Data Protection Officer

contact@jennycrm.com
JennyERP Inc. · 4 Via Alessandro Ferrarini, 59100 Prato, Italy
For a copy of our Data Processing Agreement, see DPA page.