Privacy Policy

JointDesign Inc. ("we", "us") operates the Joint web editor ("Service"). This policy explains what data we collect, why we collect it, and how we use it.

2.1 Account data (if you sign in)

• Email address, display name, and avatar URL from your auth provider (Google, etc.)
• Account creation date and last login date
• Your telemetry consent preference, including when it was last updated or prompted

2.2 Project data

• Project files you create or upload (stored in Amazon S3)
• Asset files (GLB / DXF / thumbnail images)
• User preferences and shortcut settings

2.3 Operational and security data

We may process request metadata, authentication/session records, server logs, IP address, timestamps, device/browser metadata, and error records when needed to provide, secure, debug, and prevent abuse of the Service.

If you choose limited telemetry, we record editor workflow data in a session that is not linked to your account, browser anonymous ID, or project record. Limited telemetry may include command history, event payloads, command parameters, coordinates, dimensions, error messages, timing data, and model snapshots, but does not store user IDs, anonymous browser IDs, project IDs, or user-agent strings on the telemetry session.

2.4 Cookies and local storage

We use cookies and browser local storage to operate the Service:

• Authentication and session cookies that keep you signed in.
• A first-touch attribution cookie (jd_attr) that records which advertisement or referral brought you to Joint, so we can measure where sign-ups come from. If you sign in, it may be associated with your account once to attribute the sign-up. It is not used to build advertising profiles and is not shared with advertisers.
• Your telemetry consent preference, and — if you accept full telemetry without an account — a random anonymous ID, both stored in your browser. You can remove these by clearing your browser storage.

If you accept full usage telemetry, we record in-app events to understand how the editor is used, fix bugs, and improve features. This may include:

• Commands you invoke (e.g. "create wall", "move vertex") with their parameters such as coordinates and dimensions
• Tool switches, undo / redo, view changes, and errors
• Timing information (when the command was issued, how long it took)
• Periodic snapshots of the in-editor model state
• Project ID, client version, browser user-agent, and either account ID or browser anonymous ID

We do not intentionally record raw mouse movement, keystrokes outside of shortcuts, or filenames as plain text. Some project-context fields, such as editor object names or model state, may be included in diagnostic snapshots when telemetry is enabled.

Anonymous identifier (if you are not signed in)

If you use the editor without an account and accept full telemetry, we assign a random anonymous ID stored in your browser. This ID lets us group events from the same browser but is not linked to an account. You can clear it by clearing your browser storage. Limited telemetry does not use this browser anonymous ID.

• To provide and operate the Service (project storage, sharing)
• To diagnose and reproduce bugs reported by users
• To secure accounts, prevent abuse, and troubleshoot service reliability
• With full telemetry acceptance, to analyze usage patterns and prioritize improvements with account, project, or browser-level context
• With limited telemetry, to analyze editor workflows without account, browser anonymous ID, project ID, or user-agent linkage

Where GDPR applies, we rely on (a) your consent for full telemetry and analytics, and (b) legitimate interest for limited telemetry, security, abuse prevention, and core service operation. You may change your telemetry choice via the in-app settings.

We share data only with the following processors:

• Amazon Web Services (hosting, database, file storage) — account and database data in US West (Oregon, us-west-2); project files and logs in Asia Pacific (Sydney, ap-southeast-2)
• Google (authentication, if you sign in with Google)

We do not sell personal data. We do not share telemetry with advertisers.

Because our infrastructure provider stores data outside the Republic of Korea, your personal data is transferred abroad. The recipient is Amazon Web Services; account and database data (such as your email and name) are stored in the United States (US West, Oregon), while project files and operational logs are stored in Australia (Sydney). The purpose is hosting and operating the Service, and the data is retained for the periods in Section 7. Core functionality depends on this transfer — if you do not agree, you can stop using the Service and request deletion.

• Account data: kept while your account is active.
• Project files: kept while your account is active, or until you delete them.
• Operational and security logs: kept only as long as necessary to operate, secure, and troubleshoot the Service, and to investigate abuse or comply with law.
• Telemetry events: kept for 12 months, then deleted or aggregated.
• If you delete your account, your account is marked deleted and your personal identifiers are removed; aggregated and anonymized telemetry may be retained for analytics.

You can request to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your account and associated personal identifiers
• Export your project data
• Withdraw consent for telemetry collection

To exercise these rights, email us at support@joint.design.

Data is transmitted over HTTPS and stored encrypted at rest in AWS. We restrict internal access to the smallest set of people necessary to operate the Service.

The Service is not directed to children under 14. We do not knowingly collect personal data from children under 14 without verifiable consent from a legal guardian.

We may update this policy. Material changes will be announced in-app at least 14 days before they take effect.

JointDesign Inc.
315, Goyang-daero, Ilsanseo-gu, Goyang-si, Gyeonggi-do, Republic of Korea
support@joint.design

Privacy officer: the JointDesign Inc. privacy team, reachable at support@joint.design.