Privacy Policy
What Jimi collects, why, and what control you have over it.
Last updated: June 25, 2026
What we collect
Data tied to your use
A randomly generated userId stored in your browser's local storage. It lets us tie your messages and calendar entries together across reloads. It is not linked to your name, email or IP address.
The messages you send to Jimi, and Jimi's replies. Jimi also keeps a short rolling memory of your most recent messages so it can follow the conversation (e.g. "delete it").
The calendar events you manage through Jimi. If you haven't connected a calendar, they're stored on our server; if you connect one (see below), Jimi writes them straight to your own calendar and keeps no copy.
If you connect a calendar (Google, Outlook/Microsoft or Apple/ CalDAV), the access tokens that let Jimi act on your behalf — stored encrypted (AES-256-GCM), limited to calendar events only. We never see your password, and we revoke these tokens when you disconnect or delete your data.
Standard server logs (IP address, user agent, request path) kept for security and debugging — purged after 30 days.
How it's used
Processing
Your messages are sent to Mistral AI — a French company headquartered in Paris — so Jimi can understand natural language and update your calendar. Mistral runs the model that generates Jimi's replies; requests are processed within the European Union.
Per Mistral's API terms, your prompts and Jimi's replies are not retained by Mistral and are not used to train their models.
When you ask Jimi about your schedule (e.g. "what's on today?"), the relevant events are sent to Mistral so it can phrase the answer — and, as above, Mistral doesn't retain them or train on them. We don't send your calendar to Mistral for any other purpose.
Events themselves are stored on our own server (Spring Boot + MariaDB, in the European Union) only if you haven't connected a calendar. If you connect one, Jimi writes them straight to that provider (Google, Microsoft or your CalDAV host) on your behalf, governed by that provider's own privacy policy — we keep no copy.
Storage
Where the data lives
userId: in your browser only (local storage). Clearing your browser data deletes it.
Messages, conversation memory and (if no calendar is connected) events: on our server, indexed by userId. Connected-calendar events live in your own calendar, not on our server.
Calendar access tokens: on our server, encrypted at rest.
We don't use cookies for tracking. The only persisted client-side value is the userId.
Google user data
If you connect Google Calendar
With the calendar.events scope, Jimi can read and write events on your Google Calendar — and nothing else (no contacts, no email, no other Google data).
We use it only to do what you ask in chat: create, edit, delete or summarise your events. When you ask about your schedule, the relevant events are sent to Mistral to phrase the reply (not retained or used for training).
We keep no copy of your Google Calendar events. We store only your access tokens, encrypted, and revoke them when you disconnect or delete your data.
Jimi's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Sharing
Who we share, transfer or disclose data to
We do not sell your data, and we do not share, transfer or disclose your Google user data — or any other personal data — to third parties, except in the limited cases listed here:
Mistral AI (France, European Union), our language-model provider. When you ask Jimi about your schedule, the relevant calendar events — which may include data from your connected Google Calendar — are sent to Mistral solely to phrase Jimi's reply. Per Mistral's API terms, this data is not retained by Mistral and is not used to train their models.
Our hosting provider (servers located in the European Union), which operates the infrastructure where your messages, conversation memory and encrypted calendar access tokens are stored. They act only as a data processor on our instructions and cannot read your decrypted tokens or Google Calendar content.
Legal authorities, only where we are legally required to disclose data (for example, a valid court order).
We never share Google user data with advertisers or data brokers, never use it for advertising or ad personalisation, and never transfer it for any purpose unrelated to the calendar features you explicitly request. This is consistent with the Google API Services User Data Policy's Limited Use requirements.
Security
How we protect your data, including sensitive data
We treat your calendar access tokens and calendar content as sensitive data and protect them with the following mechanisms:
Encryption in transit — all traffic between the app and our servers, and between our servers and Google or Mistral, is encrypted with HTTPS/TLS.
Encryption at rest — calendar access tokens, the most sensitive data we store, are encrypted with AES-256-GCM. The encryption key is held separately from the database, so stored tokens are unreadable on their own.
Data minimisation — we request only the calendar.events scope, keep no copy of your Google Calendar events, and store no other Google data.
Restricted access — only the running service can decrypt tokens, and solely to carry out the action you asked for; access to production systems is restricted and logged.
Revocation & deletion — tokens are revoked the moment you disconnect a calendar or your data is deleted, and all storage and processing takes place within the European Union.
Retention
How long we keep it
Your data is kept while your userId stays active. If you don't use Jimi for 180 days, we automatically delete everything tied to your userId — messages, events, conversation memory — and revoke the access to any calendar you connected.
The short conversation memory Jimi uses to follow the thread is dropped after 30 days, even while your account stays active.
You can delete everything at any time by emailing the address below — see "Your rights".
Your rights (GDPR)
What you can ask for
Access — get a copy of the data we hold about your userId.
Rectification — ask us to correct inaccurate information.
Deletion — ask us to wipe everything tied to your userId.
Portability — receive your data in a machine-readable JSON format.
Objection — opt out of any future processing.
To exercise any of these, find your userId in the About page footer and email us at contact@jimi.julsql.fr. We respond within 30 days.
Children
Age limit
Jimi is not directed at children under 16. If you believe a child has used Jimi, contact us so we can remove their data.
Changes
Updates to this policy
We'll bump the "Last updated" date at the top of this page whenever the policy changes. Material changes will also be announced inside the app.
Contact
Talk to us
Email contact@jimi.julsql.fr. We read everything that comes in.