Skip to main content
Privacy Promise

A privacy promise written by humans, for humans.

The legal version lives in the DPA. This is the version your employees will actually read.

Seven promisesWhat we will and will not do.

  1. No. 01

    Your raw screens never leave your machine.

    OCR runs locally. Text is redacted locally. Raw pixels are discarded. The cloud sees redacted text - never images.

  2. No. 02

    We do not track individuals.

    The unit of analysis is the workflow. Reports describe what kinds of work are happening, not who is doing them. It is technically and contractually off-limits to reverse-engineer individual performance from Jottings data.

  3. No. 03

    You can pause anytime, with one click.

    The agent lives in your menu bar. The pause button is the biggest thing on it. There is no manager notification when you pause. There is no retaliation clause. The DPA forbids one.

  4. No. 04

    You can opt out entirely, without consequence.

    If you do not want to participate in a Jottings engagement, you do not have to. Your employer signed a DPA that makes that a condition of using us.

  5. No. 05

    The agent uninstalls itself.

    The end date is visible in the menu bar from day one. When the engagement window closes, the agent uninstalls. You do not have to chase anyone.

  6. No. 06

    Your data is purged within 90 days of engagement close.

    A hashed attestation is kept for audit; the underlying observations are destroyed. If a lawyer asks what we had, we can prove it no longer exists.

  7. No. 07

    We will tell you if anything ever goes wrong.

    Incident notification within 24 hours of confirmation. Not to your employer. To you. In plain language.

Menu bar viewWhat the app actually captures.

This exact view ships in the product. Every employee can see it. Any day. Transparency as evidence, not policy theater.

Jottings · observing
ends in 11 days · pause
What was captured today
  • Salesforce (app + domain)2h 14m
  • Outlook desktop1h 48m
  • Excel - month-end workbook1h 12m
  • Slack38m
  • Screenshot OCRlocal only · 812 frames
Redacted 2,417 tokens · 0 raw screenshots uploaded · 0 keystroke content

IT & securityA note to IT and security teams.

We assume you will show this page to employees before rollout and the DPA + AUP to your CISO. Both are written to survive that meeting.

Full sub-processor list lives in the DPA (§5). SOC 2 Type I is targeted at Month 6; Type II to follow. Cyber and E&O certificates are available on request.

ContactQuestions the short version doesn't cover.

Write privacy@jottings.ai. Vulnerability disclosures go to security@jottings.ai.

Your first scan tells you more than your last six months of workshops.

Download for MacDownload for Windows
Code-signed · auto-uninstalls on end date · opt-out any time.