← back to JulieLabs

Privacy policy

Last updated: 2026-05-26  ·  Contact: julie@julielabs.io

This umbrella policy covers data practices that apply across all JulieLabs products. Each individual tool has its own privacy policy at its own domain with the specific details for that tool. In any conflict, the product-specific policy takes precedence for users of that product.

Who we are

JulieLabs is an indie SaaS lab. We build and operate the tools listed on the home page. We are the data controller for the data described below.

Contact for any privacy question, data request, or complaint: julie@julielabs.io.

What we collect across our tools

Across our products, the categories of data we may collect are:

• Account data. Your email address and an opaque user identifier when you create an account. Authentication is handled by Supabase Auth (email/password or Google sign-in). If you sign in with Google, we receive your name, email, and profile picture from Google.
• Billing data. If you subscribe to a paid plan, billing is handled by Stripe. We store your Stripe customer ID and the plan and status of your subscription. We never store full card numbers, CVV, or bank credentials.
• Tool-specific data. The inputs and outputs of the tool you're using (for example, a YouTube URL submitted to TweetClip, or local counters used by Reciproq). See each tool's privacy policy for the exhaustive list.
• Operational data. Standard server logs (request URL, status code, timing) for security and abuse prevention. IP addresses are kept only for the rate-limiting window and are not associated with accounts in our analytics.

What we do with it

• Operate the product you signed up for.
• Send you essential account email (welcome, password reset, billing receipts) via Resend.
• Detect and prevent abuse, fraud, and excessive use that would degrade the service for others.
• Comply with legal obligations.

What we never do

• Sell your data, ever, to anyone.
• Share your account or usage data with advertisers or data brokers.
• Train AI models on your private content. Tool inputs are sent to model providers (Anthropic) only as needed to produce the output you requested, and only for that request.
• Use third-party analytics SDKs that fingerprint or track you across sites.

Sub-processors

We use a small set of vendors to operate the products. Each one only sees the slice of data they need:

• Supabase — database, auth, storage. EU-hosted.
• Vercel — web hosting.
• Railway — background worker hosting for jobs that take longer than a web request.
• Stripe — payment processing.
• Resend — transactional email.
• Anthropic — LLM inference for tools that generate text. Inputs are sent per-request and not retained for training.
• Google — sign-in via OAuth (only when you choose to use it).
• Webshare — residential proxy used by tools that fetch public URLs server-side.

Where data lives

Account, billing, and tool data live in Supabase Postgres (EU region) and Supabase Storage (EU region). Logs live with the hosting provider that produced them. We pick EU regions where possible and pick US only when a service is US-only.

How long we keep it

• Account data: until you delete your account, or 24 months of inactivity (whichever comes first).
• Tool outputs (clips, generated text, etc.): per the retention policy of the specific tool. Defaults to 30 days for free plans, 90 days for paid, unless you save explicitly.
• Server logs: 30 days.
• Billing records: as required by tax and accounting law (typically 6–10 years).

Your rights

If you're in the EU, UK, California, or another jurisdiction with statutory data rights, you have the right to access, correct, delete, port, and restrict processing of your personal data. Email julie@julielabs.io with your request. We respond within 30 days, usually much sooner.

Cookies

We use first-party cookies for authentication (so you stay signed in) and for CSRF protection. We do not use advertising or cross-site tracking cookies.

Children

JulieLabs products are not directed at children under 16. Don't use them if you're under that age. If we learn an account belongs to a child, we delete it.

Changes

We update this policy when our practices change. The "last updated" date at the top moves. Material changes (anything that expands what we collect or shares with new sub-processors) get a heads-up email to active users at least 14 days before they take effect.