Privacy

Local where we can. Honest about when we can't.

JigSpec is a small company shipping a desktop app that reads files on your machine. Most of what the app does never leaves your laptop. When something has to — to call a model, to log you in, to charge a card — we want you to know exactly what and why.

Last updated · 2026-05-19
TL;DR What we collect The Researcher app Models & the proxy Account & billing This website Subprocessors Your rights Security Changes & contact
TL;DR · The short version

Your research stays on your machine. Your account doesn't.

The Researcher desktop app watches the folders you point it at, indexes their metadata into a local SQLite database, and runs pipelines against that index. The file contents do not leave your laptop unless a pipeline you ran explicitly sends a snippet to a model.

To do that — and to sign you in, take payment, and remember what you've bought — we run a small server-side surface (auth, billing, and an AI Gateway proxy) on Vercel and Supabase. That's the part where data leaves your machine, and the rest of this page is about what happens there.

We do not sell data. We do not train models on your prompts or files. There is no ad network on this site.

What we collect

Data, in plain English.

On this marketing site:

  • Page views and clicks, via PostHog, with IP truncated
  • Anything you type into the Receptionist input if you submit it

In the Researcher app, when you create an account:

  • Email address and a hashed password (Supabase Auth)
  • The entitlements you've purchased (which Tools / Apps / Suites are unlocked)
  • App version, OS, and crash reports — used to diagnose failures, not to identify you
v1 scope
The Researcher app

Files stay on the machine that wrote them.

The app indexes the folders you choose using OS-native file watchers (FSEvents on macOS, ReadDirectoryChangesW on Windows). File names, paths, and metadata go into a local SQLite database stored under your user directory.

File contents are read on demand when a pipeline needs them, and only the snippets that pipeline actually quotes — citations, the paragraphs around a reference, the diff being audited — are passed to a model. Whole documents are not uploaded.

The local database, your draft outputs, and pipeline run history are yours. Uninstalling the app does not delete them; the uninstaller will point you to the folder so you can keep or wipe it on your own terms.

Local-first
Models & the proxy

Why prompts go through us, not direct.

The desktop app does not ship API keys for Anthropic or OpenAI. Instead, each pipeline call goes to a Vercel-hosted proxy (the AI Gateway), which checks your Supabase session, looks up your entitlements, and forwards the request to the right provider.

What we log on the proxy: timestamp, user ID, pipeline ID, model name, token counts, cost, and whether the call succeeded. We do not store the prompt body or the response body.

Anthropic and OpenAI receive the prompt for the duration of the call. Per their API agreements, neither trains on data sent through the API. We will publish the current provider's data-handling page in the subprocessor list below.

Local-only mode (planned, not yet shipped): a toggle that routes pipelines to a local Ollama instance instead of the proxy. Useful for unpublished research. Tracking as a Phase 3 item.

Proxy + future Ollama
Account & billing

Email, password, payment.

Auth is handled by Supabase. We store your email and a hashed password; we do not see your plaintext password at any point.

Payments are handled by Stripe. JigSpec never sees your card number — Stripe returns a token we use to charge the subscription. Stripe's privacy notice covers what they retain.

The refresh token that keeps you signed in on the desktop app is encrypted at rest using your operating system's secure storage (Keychain on macOS, DPAPI on Windows). If someone copies your app data folder, they cannot extract the token.

Supabase + Stripe
This website

Light analytics, no ad pixels.

Page views, clicks on the catalog, and prompts submitted through the Receptionist are sent to PostHog. IPs are truncated before storage. There is no Facebook pixel, no Google Ads pixel, and no third-party tracker beyond PostHog.

We use one functional cookie — jigspec-theme — to remember whether you picked light or dark mode. It is stored in localStorage on your browser and is not transmitted anywhere.

If you'd rather not be counted in product analytics, browser-level "Do Not Track" and content-blocker rules are honored.

PostHog only
Subprocessors

Everyone we hand data to.

  • Vercel — hosts this site, the AI Gateway proxy, and the auto-update releases feed
  • Supabase — authentication and the entitlements database
  • Anthropic — model provider for most pipelines (Claude family)
  • OpenAI — model provider for pipelines that call GPT
  • Stripe — payment processing
  • PostHog — product analytics on this site and crash diagnostics from the app

If we add or remove a subprocessor, this list is the source of truth and we update the Last updated date on the hero.

6 services
Your rights

Export, delete, ask.

You can request a copy of everything tied to your account, or ask us to delete it. Email privacy@jigspec.com from the address on your account and we will turn it around within 30 days.

Deleting your account removes the Supabase row, revokes outstanding sessions, and detaches your Stripe customer record. It does not touch the local SQLite database on your machine — that is yours to keep or wipe.

If you are in the EU/UK, the GDPR rights of access, rectification, erasure, restriction, portability, and objection apply. If you are in California, the CCPA rights to know, delete, and opt-out of "sale" apply (we don't sell, but the right is yours regardless).

privacy@jigspec.com
Security

What we do, what we don't.

The Researcher app is code-signed (Apple Developer ID on macOS, OV cert on Windows) and notarized so the OS can verify the binary hasn't been tampered with before launch.

Secrets in the app — your auth token, any API keys you bring yourself — go through Electron safeStorage, which delegates to Keychain or DPAPI. They are not in plaintext on disk.

We have not been through SOC 2. We are a two-person team. If your institution requires a vendor security review before installation, email us — we'll fill out the questionnaire honestly, including the parts where the answer is "not yet."

Honest about gaps
Changes & contact

How this page evolves.

When we change something material — a new subprocessor, a new category of data, a new pipeline that uploads something it didn't before — we update this page and bump the date in the hero. If you have an account, we will email you for changes that expand what we collect.

Questions, corrections, or a request to walk through any of this on a call: privacy@jigspec.com.

For the trustees, lawyers, and IT reviewers reading this with red pens: yes, we'll sign your DPA. Send it over.

2026-05-19
Talk to the receptionist