Joint

Privacy Policy

Last updated: 2026-07-08

1. Who we are

JointDesign Inc. ("we", "us") operates the Joint web editor ("Service"). This policy explains what data we collect, why we collect it, and how we use it.

2. Core service data

2.1 Account data (if you sign in)

  • Email address, display name, and avatar URL from your auth provider (Google, etc.)
  • Account creation date and last login date
  • Your telemetry consent preference, including when it was last updated or prompted

2.2 Project data

  • Project files you create or upload (stored in Amazon S3)
  • Asset files (GLB / DXF / thumbnail images)
  • User preferences and shortcut settings

2.3 Operational and security data

We may process request metadata, authentication/session records, server logs, IP address, timestamps, device/browser metadata, and error records when needed to provide, secure, debug, and prevent abuse of the Service.

2.4 Cookies and local storage

We use cookies and browser local storage to operate the Service:

  • Authentication and session cookies that keep you signed in.
  • A first-touch attribution cookie (jd_attr) that records which advertisement or referral brought you to Joint, so we can measure where sign-ups come from. If you sign in, it may be associated with your account once to attribute the sign-up. It is not used to build advertising profiles and is not shared with advertisers.
  • Your telemetry consent preference, and — if you accept full telemetry without an account — a random anonymous ID, both stored in your browser. You can remove these by clearing your browser storage.

3. Usage telemetry

We offer two telemetry tiers. You can switch between them, or turn telemetry off, at any time in the in-app settings.

3.1 Limited telemetry

If you choose limited telemetry, we record editor workflow data in a session that is not linked to your account, browser anonymous ID, or project record. Limited telemetry may include command history, event payloads, command parameters, coordinates, dimensions, error messages, timing data, and model snapshots, but does not store user IDs, anonymous browser IDs, project IDs, or user-agent strings on the telemetry session.

3.2 Full telemetry

If you accept full usage telemetry, we record in-app events to understand how the editor is used, fix bugs, and improve features. This may include:

  • Commands you invoke (e.g. "create wall", "move vertex") with their parameters such as coordinates and dimensions
  • Tool switches, undo / redo, view changes, and errors
  • Timing information (when the command was issued, how long it took)
  • Periodic snapshots of the in-editor model state
  • Project ID, client version, browser user-agent, and either account ID or browser anonymous ID

We do not intentionally record raw mouse movement, keystrokes outside of shortcuts, or filenames as plain text. Some project-context fields, such as editor object names or model state, may be included in diagnostic snapshots when telemetry is enabled.

Anonymous identifier (if you are not signed in)

If you use the editor without an account and accept full telemetry, we assign a random anonymous ID that lets us group events from the same browser but is not linked to an account. Limited telemetry does not use this identifier. See Section 2.4 for how it is stored and removed.

4. Why we collect this data

  • To provide and operate the Service (project storage, sharing)
  • To diagnose and reproduce bugs reported by users
  • To secure accounts, prevent abuse, and troubleshoot service reliability
  • With full telemetry acceptance, to analyze usage patterns and prioritize improvements with account, project, or browser-level context
  • With limited telemetry, to analyze editor workflows without account, browser anonymous ID, project ID, or user-agent linkage

5. Legal basis (GDPR)

Where GDPR applies, we rely on (a) your consent for full telemetry and analytics, and (b) legitimate interest for limited telemetry, security, abuse prevention, and core service operation. You may change your telemetry choice via the in-app settings.

6. Sharing and third parties

We share data only with the following processors:

  • Amazon Web Services (hosting, database, file storage)
  • Google (authentication, if you sign in with Google)

We do not sell personal data. We do not share telemetry with advertisers.

7. Retention

  • Account data: kept while your account is active.
  • Project files: kept while your account is active, or until you delete them.
  • Operational and security logs: kept only as long as necessary to operate, secure, and troubleshoot the Service, and to investigate abuse or comply with law.
  • Telemetry events: kept only as long as necessary for the purposes described above, then deleted or anonymized.
  • If you delete your account, your account is marked deleted and we remove or de-identify your personal identifiers within a reasonable period; aggregated and anonymized telemetry may be retained for analytics.

8. Your rights

You can request to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your account and associated personal identifiers
  • Export your project data
  • Withdraw consent for telemetry collection

To exercise these rights, email us at support@joint.design.

9. Security

We use industry-standard measures to protect your data, including HTTPS in transit and encryption at rest in AWS, and we limit internal access to those who need it to operate the Service.

10. Changes to this policy

We may update this policy from time to time. The latest version will always be available on this page.

11. Contact

JointDesign Inc. support@joint.design