emAIl Sentinel™ — Privacy Policy

Effective date: 2026-04-23 Operator: JJJJJ Enterprises, LLC ("we", "us", "our") Service: emAIl Sentinel, a Google Workspace Add-on for Gmail (the "Service")

This Privacy Policy explains what data the Service accesses, how it is used, and with whom it is shared. By installing or using the Service you agree to the practices described below.

1. Architecture Summary

emAIl Sentinel runs entirely inside your own Google Apps Script environment, under your own Google account credentials. We do not operate any server, database, or backend that receives or stores your data. All persistent data resides in PropertiesService.getUserProperties(), which is private to your Google account and script project.

2. Data We Access

When you enable the Service, the following data from your Gmail account is accessed during each check cycle:

Data	How it is used
Email metadata — sender ("From"), subject line, received date, attachment filenames	Read from Gmail messages in labels you configure. Sent to the Google Gemini API for rule evaluation and alert formatting. Included in alert messages delivered through the channels you configure (SMS, Chat, Calendar, Sheets, Tasks, MCP servers).
Email body — first 2,000 characters of the plain-text body	The full plain-text body is read into memory for processing; only the first 2,000 characters are sent to the Google Gemini API for rule evaluation and alert formatting. Alert messages generated by Gemini may include summaries or excerpts of email body content; these alert messages are then delivered through all alert channels you enable.
Gmail message IDs	Stored in `UserProperties` to distinguish new messages from ones already seen. Not shared with any third party.

The Service does not read or transmit: - attachment file contents (only filenames); - email body text beyond the first 2,000 characters; - email addresses from your contacts list; or - messages outside the labels you explicitly configure.

3. Data You Provide

Data	Where it is stored
Gemini API key	Encrypted-at-rest in `UserProperties` (per-user, per-script). Sent only to `generativelanguage.googleapis.com` (Google) as a URL query parameter over HTTPS.
SMS provider credentials (credentials for whichever SMS provider you choose to configure)	Encrypted-at-rest in `UserProperties`. Sent only to your chosen provider's API endpoint in HTTPS request headers/body.
Generic webhook URL	Stored in `UserProperties`. The Service sends HTTPS POST requests to whatever endpoint you configure.
Google Chat webhook URLs	Stored in `UserProperties`. Used to POST alert messages to your Chat Spaces.
MCP server endpoints, auth tokens, tool names, and args templates	Stored in `UserProperties`. Used to POST JSON-RPC 2.0 `tools/call` requests to endpoints you configure.
Google Calendar / Sheets / Tasks IDs	Stored in `UserProperties`. Used to create events, append rows, or create tasks in your own Google account.
Alert recipients (phone numbers, Chat space names)	Stored as part of your rules in `UserProperties`. Phone numbers are passed to your configured SMS provider. Chat space names are resolved to webhook URLs you configure.
Rules (names, label filters, rule text, alert format, channel toggles)	Stored in `UserProperties`. Rule text and alert format instructions are sent to the Google Gemini API.
Settings (model choice, poll interval, business hours, channel config)	Stored in `UserProperties`. Not shared with any third party.
License tier (Free or Pro)	Stored in `UserProperties` to gate feature access. No personal information is included.
Trigger management	The Service uses the `script.scriptapp` permission to create and manage time-driven triggers that schedule background email checks at the interval you configure. No data is shared with third parties for this purpose.

4. Google API Services User Data Policy

The Service's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

The Service only accesses, uses, stores, and shares Google user data for the purposes described in this Privacy Policy and that are necessary to provide or improve user-facing functionality of the Service.
The Service does not use Google user data for advertising, including retargeting, personalized advertising, or interest-based advertising.
The Service does not sell Google user data.
The Service does not use Google user data for generalized AI model training.
The Service does not allow humans to read Google user data, except (a) with your affirmative agreement, (b) as necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) for internal operations where the data has been aggregated and de-identified.
The Service does not transfer Google user data to third parties except as necessary to provide the Service (Gemini rule evaluation, outgoing alerts), as directed by the user, or as required by law.
You can view and audit all data stored by the Service by inspecting UserProperties in the Apps Script editor.

4.1 Restricted Scope Status and Annual Security Assessment (CASA)

The Service uses the gmail.readonly OAuth scope, which Google classifies as a restricted scope. As a condition of being allowed to request this scope, JJJJJ Enterprises, LLC:

completes the annual Cloud Application Security Assessment (CASA) that Google requires for restricted-scope applications (CASA Tier 2 or higher, as Google prescribes);
submits updated assessment results to Google on the schedule Google requires;
submits to Google's OAuth verification re-review whenever Google requests; and
accepts that Google may, at its sole discretion, suspend, restrict, or revoke the Service's OAuth access or Marketplace listing at any time. A Google-initiated suspension will interrupt the Service; we are not liable for interruptions attributable to Google actions beyond the 90-day notice commitment in the Terms of Service (§ 6.11) for Founding-member lifetime holders.

4.2 Gemini API — Content Handling and Retention

When a rule evaluates, the Service sends email metadata and the first 2,000 characters of the plain-text body to the Google Gemini API. Handling of that content by Google is governed by Google's Gemini API Additional Terms of Service and the Generative AI Prohibited Use Policy, not by this Privacy Policy. As of the effective date above and based on Google's then-current public representations:

the Gemini paid API does not use your prompts or responses to train Google's generative models;
the Gemini free tier may cache prompts and responses for a limited period to improve service quality and Google may use free-tier content to improve Google services, including its AI models, consistent with the Gemini API Additional Terms;
Google may log API requests for abuse prevention, debugging, and to comply with law.

If your emails contain sensitive content and you are on a free Gemini API key, you should enable billing on your Gemini API key to opt into the paid-tier protections, or not use the Service for those emails. Google's terms control; verify current policy at ai.google.dev/gemini-api/terms before relying on the above.

5. Third-Party Data Sharing

The Service shares data with third-party services only when you explicitly enable the integration:

Third party	What is shared	When
Google Gemini API (`generativelanguage.googleapis.com`)	Email metadata, body excerpt, rule text, alert format prompt	Every time a new email is evaluated against a rule
Your chosen SMS provider (any provider you configure using your own credentials or a generic HTTPS webhook URL)	Recipient phone number, alert message text, your provider credentials or webhook URL	When a rule matches AND the rule has SMS numbers AND you have configured an SMS provider
Google Chat (your Chat Spaces)	Alert message text	When a rule matches AND the rule has Chat spaces configured. Messages are posted to Chat Spaces within your own Google Workspace via webhook URLs you provide.
Google Calendar (your calendar)	Alert title, email metadata, alert message text	When a rule matches AND "Calendar event" is enabled on the rule. Events are created in your own Google Calendar.
Google Sheets (your spreadsheet)	Timestamp, rule name, email metadata, alert message text	When a rule matches AND "Sheets log" is enabled on the rule. Rows are appended to a spreadsheet in your own Google Drive.
Google Tasks (your task list)	Alert title, email metadata, alert message text	When a rule matches AND "Tasks" is enabled on the rule. Tasks are created in your own Google Tasks list.
MCP servers (Slack, Microsoft 365 / Teams, Asana, or any custom Model Context Protocol endpoint you configure)	Alert message text, rule name, email subject and sender, your configured auth token, and any per-server tool arguments you define in the args template	When a rule matches AND the rule has one or more MCP servers selected. Data is POSTed to the MCP endpoint URL you configure as a JSON-RPC 2.0 `tools/call` request over HTTPS.

The Google-native channels (Chat, Calendar, Sheets, Tasks) do not send data to any third party — they write to services within your own Google account using your own OAuth credentials.

SMS — controller vs. processor roles. You, not JJJJJ Enterprises, LLC, decide whether SMS alerts are sent, which phone numbers receive them, and which provider delivers them. For purposes of GDPR and comparable laws, you are the data controller of any recipient phone numbers you supply. We transmit your data (recipient numbers and alert text) to the SMS provider you select, acting as a data conduit; the SMS provider processes that data as an independent processor or sub-processor on your behalf, under its own contract with you. See § 5.2 for our subprocessor list.

We do not share any data with analytics services, advertising networks, data brokers, or any party not listed above.

5.1 Links to JJJJJ Enterprises Related Products

Our website may display links to other products operated by JJJJJ Enterprises, LLC, including PilotTrainerHQ (pilottrainerhq.com) and PlaneFacts (planefacts.online). Those products are independent services with their own privacy policies. Visiting those products is governed solely by their respective privacy policies. emAIl Sentinel does not share your personal data with those other JJJJJ products.

5.2 Subprocessors and Data Processing Addendum (DPA)

A "subprocessor" is a third party that processes personal data on behalf of another processor. The Service uses the following subprocessors:

Subprocessor	Processing activity	Location
Google LLC (Apps Script, Gmail, Calendar, Chat, Sheets, Tasks, Gemini API)	Service hosting, email access, alert delivery, AI rule evaluation	United States and other regions where Google operates
Your chosen SMS provider	SMS message delivery (user-configured; not preselected)	Determined by the provider you select
Any MCP server endpoint you configure	Alert dispatch via JSON-RPC 2.0	Determined by the endpoint operator

We will notify registered users at least 30 days in advance before we add or replace a Google-level subprocessor that processes email content (for example, if we introduce a non-Google model provider as an optional rule evaluator in a future release). Notice will be posted at the URL where this Privacy Policy is hosted and, if you have subscribed to a paid plan, emailed to the Google account associated with your subscription. You may terminate the Service, with a pro-rata refund of unused prepaid fees, if you object to a proposed subprocessor change before it takes effect.

Data Processing Addendum. If you are an EU/EEA, UK, or Swiss controller who requires a signed Data Processing Addendum (DPA) incorporating the Standard Contractual Clauses (EU Commission Decision 2021/914), you may request one at legal@jjjjjenterprises.com. We will countersign and return a DPA template within 15 business days of a complete request. Data-subject-rights (DSR) requests routed to us in our processor capacity will be acknowledged within 72 hours and fulfilled within the GDPR Article 12 one-month window (extendable by two further months for complex requests, with written notice to you).

5.3 Payment Data

This subsection describes how payment data will be handled once the Service launches paid plans on the Google Workspace Marketplace. During private pre-launch testing (see Terms of Service § 1.1), no paid subscriptions are being offered and no payment data is collected or processed.

At launch: if you subscribe to the Pro plan or purchase the Founding-member lifetime option, your payment will be processed by Google LLC through the Google Workspace Marketplace. We do not receive, collect, or store your credit card number, bank account, or other payment details. Google provides us with limited subscription metadata (a tier entitlement and subscription status) so the add-on can unlock paid features. Google's handling of your payment data is governed by Google's Privacy Policy and the Google Workspace Marketplace terms.

6. Data Retention

Data	Retention
Rules, settings, credentials	Stored in `UserProperties` until you delete them or uninstall the add-on
Activity log	Last ~60 entries; older entries are automatically overwritten (ring buffer)
Seen-message IDs	Per-label set, capped at 200 IDs per label; older IDs are automatically evicted
Email content	NOT stored by the Service. Processed in-memory during each check cycle and discarded.

When you uninstall the add-on, the UserProperties store associated with the script is no longer accessible from any application.

To explicitly delete all stored data before uninstalling, run the following one-liner in the Apps Script editor:

PropertiesService.getUserProperties().deleteAllProperties();

7. Data Security

Encryption at rest. All UserProperties values are encrypted at rest using AES-256 on Google's infrastructure. This is a default property of Google Apps Script's PropertiesService; the Service does not implement its own encryption layer, and we do not offer customer-managed or bring-your-own encryption keys. For workloads that require FIPS 140-2 validated cryptography, customer-managed keys, or HSM-backed key storage, the Service is not suitable.
Encryption in transit. All outbound network calls from the Service use HTTPS (TLS 1.2 or higher, negotiated by Google's UrlFetchApp runtime).
Credential handling. Your Gemini API key is masked in the Settings UI after you save it — only the last four characters are shown; the input field is left blank so the full key is never redisplayed. SMS provider credentials are visible within the Settings UI so you can review and update them; all credentials are stored encrypted at rest as described above.
Attack surface. The Service has no external backend, no database, and no staff access to your UserProperties store. The only attack surface is your own Google account and the third-party APIs you configure.
Operational telemetry. The add-on's appsscript.json manifest sets "exceptionLogging": "STACKDRIVER", which routes uncaught script exceptions (stack traces, timestamps, and line numbers) to Google Cloud Logging (formerly Stackdriver) within our Google Cloud project so we can diagnose crashes. These logs may include function names, Apps Script error messages, and — in rare cases — a short error-context string automatically attached by Apps Script. They do not include your email content, your rules, your Gemini API key, or SMS credentials. Logs are retained per Google Cloud Logging's default retention policy and are accessed only to investigate errors or abuse.
Cookies and tracking — none. The Service does not set cookies. Our public marketing website (and the HTML legal pages served from it) does not set cookies, does not use third-party analytics, does not embed tracking pixels, and does not load fonts or scripts from third-party CDNs. We make this an explicit, ongoing commitment: if we ever add analytics, it will be a cookieless, privacy-preserving provider (for example, a service that counts visits via referrer headers without storing identifiers in the browser), and we will update this Policy before doing so. Because no cookies are set and no tracking identifiers are used, no cookie-consent banner is required under the EU ePrivacy Directive, GDPR, UK PECR, or CCPA — and none is displayed.
Annual security assessment. The Service undergoes the annual Cloud Application Security Assessment (CASA) required by Google for gmail.readonly scope. See § 4.1.
Certifications. JJJJJ Enterprises, LLC does not currently hold SOC 2 Type II, ISO 27001, HIPAA, or PCI DSS certifications. The Terms of Service (§ 16) describe the security documentation we make available on request.

7.1 Incident Notification

If we become aware of a security incident affecting data the Service processes on your behalf, we will notify affected users without undue delay — and in any event within 72 hours of becoming aware of the incident where required by law (including GDPR Article 33) — via the email address associated with your Google account, and will describe the nature of the incident, the data potentially affected, and the steps you can take.

8. Children and Young Users

The Service is not directed to, and we do not knowingly collect personal data from, individuals under the age of 18 (or the applicable age of majority or digital consent in their jurisdiction, which may be 13 in the United States under COPPA or 16 in some EU Member States under GDPR). The Service provides no age-gating mechanism; parents and guardians who allow a minor access to a Google account on which the Service is installed remain responsible for supervising that use.

If we learn that we have collected personal data from a child in violation of applicable law, we will take steps to delete it promptly. Contact legal@jjjjjenterprises.com if you believe a child's data has been collected.

Where the UK Age-Appropriate Design Code (applicable to online services likely to be accessed by UK children) applies to your use of the Service, you remain responsible for implementing the code's standards at the level of your own account and the data subjects whose email you process. JJJJJ Enterprises, LLC does not design the Service for children's services and does not currently operate it as a "likely to be accessed by children" service under the code.

9. International Users

Your data is processed by Google (Apps Script, Gemini) and, if you enable SMS, by your chosen SMS provider. Data may be processed in any country where Google or your SMS provider operates data centers. Cross-border transfers from the EU/EEA, UK, or Switzerland to the United States rely on the Standard Contractual Clauses and supplementary measures put in place by Google and the SMS provider you select.

9.1 Your Rights Under GDPR (EU/EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have rights under the General Data Protection Regulation (GDPR) or equivalent local law, including:

Right of access — request a copy of personal data we hold about you
Right of rectification — ask us to correct inaccurate data
Right of erasure ("right to be forgotten") — ask us to delete your data
Right to restrict processing — ask us to pause processing
Right to data portability — receive your data in a structured format
Right to object — object to processing based on legitimate interests
Right to withdraw consent — withdraw consent at any time, where applicable

Because all data is stored in UserProperties within your own Google account, you can exercise most of these rights directly by viewing, editing, or deleting your data through the Apps Script editor. To delete all stored data in one step, run this in the Apps Script editor:

PropertiesService.getUserProperties().deleteAllProperties();

Controller / processor roles. For personal data contained in the emails you process through the Service (the sender address of an inbound email, its subject, body excerpt, attachment filenames, any phone numbers you supply as SMS recipients, etc.):

You are the data controller. You determine the purposes and means of processing by selecting which Gmail labels to watch, writing the rules, and choosing the alert channels.
JJJJJ Enterprises, LLC acts as a data processor on your behalf under GDPR Article 4(8), performing the rule evaluation and alert dispatch you directed. We do not independently decide what email content to process or where to send it.
Google (Apps Script, Gmail, Gemini, and Google-native alert channels) and your chosen SMS provider act as subprocessors (or, for SMS providers selected by you, as independent processors under a direct contract between you and them). See § 5.2.

For account-level data (your subscription tier, billing entitlement status received from Google, support correspondence with us) JJJJJ Enterprises, LLC acts as a data controller.

Legal basis for our processing. For our activity as a processor performing the Service at your direction, the lawful basis is performance of a contract (Article 6(1)(b)) — specifically the Terms of Service you accepted on installation. You remain responsible for establishing and documenting your own lawful basis under Article 6 (and, where applicable, Article 9) for processing personal data contained in the emails of the data subjects whose messages you monitor. For our own account-level processing, our basis is performance of a contract (Article 6(1)(b)) for subscription administration and legitimate interest (Article 6(1)(f)) for abuse prevention and service security (balancing test documented on request).

Data protection contact. Direct GDPR inquiries to legal@jjjjjenterprises.com (see Section 11). We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

9.2 Your Rights Under CCPA / CPRA (California Residents)

Notice at Collection (Cal. Civ. Code § 1798.100(b)). At or before the point at which the Service first collects personal information from you — which occurs when you install the add-on and open its Settings card — this Privacy Policy is linked from the add-on Help card and from the Google Workspace Marketplace listing. The categories of personal information we collect, the purposes for which they will be used, the categories of third parties with whom they may be shared, and your CCPA rights are described below and in Section 2 (Data We Access), Section 3 (Data You Provide), and Section 5 (Third-Party Data Sharing).

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the rights described below.

Categories of personal information we process. In the 12 months preceding the date you read this policy, the Service processes:

Category (CCPA §1798.140)	Specific data	Source	Purpose
Identifiers	Gmail email address (yours), sender email addresses in messages you monitor	Your Google account	Rule evaluation, alert delivery
Commercial information	Subscription tier (Free or Pro) and billing status received from Google	Google Workspace Marketplace	Unlocking paid features
Internet or network activity	None	—	—
Geolocation data	None	—	—
Professional/employment information	Potentially present in email content you monitor	Your Gmail	Rule evaluation
Sensitive personal information (CPRA)	Potentially present in email body excerpts (first 2,000 chars) sent to Gemini for evaluation	Your Gmail	Rule evaluation only
Inferences	Gemini-generated rule match decisions and alert summaries	Derived from your email content	Alerting

Sources. All personal information comes from your own Gmail account, from the rules, credentials, and settings you enter directly into the Service, or from Google LLC (subscription status only).

Business purposes. Rule evaluation, alert generation, alert delivery via the channels you configure, basic operation of the Service, and subscription entitlement. We do not use personal information for advertising, profiling, or any purpose beyond the Service functions you enable.

Third parties with whom we share. Only those listed in Section 5 of this Policy, and only at your direction (i.e., only when you enable the relevant alert channel or integration).

Sale or sharing of personal information. We do not sell or share personal information as those terms are defined under CCPA/CPRA, and we have not done so in the 12 months preceding the effective date of this Policy. The Service has no advertising integrations and no cross-context behavioral advertising.

Sensitive personal information (SPI). Email body excerpts sent to Gemini for evaluation may incidentally contain sensitive personal information (for example, health information in a message from your doctor, or account numbers in a statement from your bank). The Service uses SPI only for the single, narrow, disclosed purpose of: (i) evaluating whether the email matches a rule you configured, and (ii) composing the alert message your configured channels receive. We do not use SPI to infer characteristics, build profiles, train or fine-tune any model, cross-reference against other users' data, or for any secondary purpose. SPI is not stored by the Service beyond the transient in-memory processing of each check cycle — once Gemini has returned a match decision and the alert has dispatched, the in-memory copy is discarded. This use is within the narrow set of permissible purposes enumerated at Cal. Civ. Code § 1798.121(a); accordingly, the right to limit use and disclosure of sensitive personal information does not restrict this processing further.

Your rights. - Right to know — request disclosure of the categories and specific pieces of personal information we process about you - Right to delete — request deletion of your personal information - Right to correct — request correction of inaccurate information - Right to opt out of sale/sharing — not applicable; we do not sell or share - Right to limit use of sensitive personal information — not applicable; we use SPI solely for the permissible business purposes described above (performing the Service at your direction) - Right to non-discrimination — we will not discriminate against you for exercising any CCPA right

How to exercise your rights. Email legal@jjjjjenterprises.com with the subject "CCPA Request" and your Gmail address (see Section 11). We will respond within 45 days. Because all data is stored in your own Google account, you can also exercise deletion directly using the Apps Script one-liner above.

Authorized agents. You may designate an authorized agent to submit a request on your behalf. To verify the agent's authority, we require:

a copy of a written permission signed by you (or, in lieu of written permission, a valid power of attorney issued pursuant to California Probate Code §§ 4000–4465);
a signed declaration under penalty of perjury from the agent confirming their authorization to act on your behalf; and
confirmation directly from you (by a method we specify) that you authorized the agent to submit the request.

We may deny an agent's request if the above verification is not satisfied. These requirements do not apply to agents who are attorneys licensed in California acting within the scope of their representation.

Shine the Light (Cal. Civ. Code § 1798.83). California residents may request information about whether we disclose personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes; accordingly, a Shine the Light request will return a "no disclosures" response.

9.3 Residents of Other U.S. States with Comprehensive Privacy Laws

A growing number of U.S. states have enacted comprehensive privacy laws that grant residents rights similar (but not identical) to those granted under California's CCPA/CPRA. These include, as of the effective date of this Policy: Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA — our home-state law), Oregon (OCPA), Montana (MTCDPA), Tennessee (TIPA), Delaware (DPDPA), New Jersey (NJDPA), Iowa (IPDPA), Indiana (INPDPA), New Hampshire (NHPA), Kentucky (KCDPA), Maryland (MODPA), Minnesota (MCDPA), Nebraska (NDPA), Rhode Island (RI-DTPPA), and any additional state laws that enter into force after the effective date.

Rights typically available to residents of these states include the right to:

access / confirm whether we are processing your personal data;
correct inaccurate personal data;
delete personal data we hold about you;
port your personal data in a portable, machine-readable format;
opt out of sale, sharing for cross-context behavioral advertising, targeted advertising, or profiling in furtherance of decisions producing legal or similarly significant effects about you (we do none of these, so the opt-out is automatically satisfied);
appeal our response to a rights request under laws that provide an appeal mechanism (Virginia, Colorado, Connecticut, Texas, Oregon, and others).

To exercise any of these rights, email legal@jjjjjenterprises.com with your Gmail address and the state under whose law you are making the request. We will respond within 45 days (some states allow an additional 45-day extension for complex requests; we will notify you in writing if an extension is needed). If we decline your request, you may appeal that decision by replying to the response email; we will review appeals within 60 days and, where a state law requires, inform you of your right to contact the state attorney general.

As with CCPA, we do not sell or share personal information, engage in targeted advertising, or conduct automated profiling producing legal or significant effects. We do not process sensitive personal data except as described in § 9.2 (SPI) above.

9.4 Digital Services Act (DSA) Contact Point

EU users and EU competent authorities may direct DSA-related inquiries to legal@jjjjjenterprises.com. Under Regulation (EU) 2022/2065, this email address serves as the single point of contact for users and for national authorities; inquiries will be answered in English. JJJJJ Enterprises, LLC is not a "Very Large Online Platform" (VLOP) under the DSA and does not appoint a separate DSA compliance officer at this time.

9.5 Do Not Track and Global Privacy Control

The Service does not track users across websites or services and does not respond to Do Not Track signals because it has no occasion to do so. The Service honors Global Privacy Control signals in the sense that it does not sell or share personal information regardless.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes that reduce your rights or expand the categories of data processed, we will notify you by email to the Google account associated with your use of the Service at least 30 days before the change takes effect. We will obtain affirmative consent where required by applicable law before implementing new uses of your data not described in this Policy. The "Effective date" at the top will reflect the latest revision.

11. Contact

Purpose	Address
Privacy Policy questions and data-rights requests	legal@jjjjjenterprises.com
GDPR inquiries	legal@jjjjjenterprises.com
CCPA requests	legal@jjjjjenterprises.com (subject: "CCPA Request")
User support	support@jjjjjenterprises.com
Billing and subscriptions	billing@jjjjjenterprises.com
General inquiries	admin@jjjjjenterprises.com

For technical support you may also open an issue on GitHub — issues are tracked, searchable, and get the fastest response.

We will respond to data-rights requests within the timeframes specified in Sections 9.1 (GDPR: 30 days) and 9.2 (CCPA: 45 days).