Version 1.0
Last updated: [日期]
POJU was built differently. Most products talk about "respecting your privacy." We built a product that doesn't need your data to work. Here's the full picture.
How we actually keep our word.
✦ Your conversations are encrypted on your device.
Not "secured on our servers." Encrypted with AES-256-GCM right in your browser, using a key we never see. Even if our servers were breached, there is nothing to steal.
Verify it yourself: open DevTools -> Application -> IndexedDB. You'll see encrypted gibberish, not your words.
✦ We have no account system.
No email at signup. No password. No phone number. No Google/Apple login. Your device fingerprint is your only ID - a one-way hash we use to restore your paid session, nothing else.
Verify it yourself: nothing to sign up for. Try the free tools right now.
✦ Your email is forbidden from living on our servers.
If you export your reading as PDF, we ask for your email. We send the PDF. Then we delete your address within 24 hours - physically erased from the database. Even we can't reach you after that.
Your control: one-click unsubscribe. Auto-delete everywhere.
✦ Anthropic's Zero Data Retention is enabled.
Your conversations go through Claude, but Anthropic doesn't save them, doesn't train on them, and doesn't let humans review them. We pay extra specifically for this guarantee.
Verify it yourself: Anthropic's Zero Data Retention policy is public.
We're not a company that sells data because we don't collect data. We're a company that sells one thing: a $9.99 conversation that helps you move through what's stuck. That's the whole business model.
If you ever doubt us: every claim on this page can be verified in a minute with your browser's DevTools or public documentation.
Minimal, by design: · Device fingerprint (one-way hash) Used to restore your paid session if you refresh. · Payment records (no personal info) Amount, timestamp, Stripe session ID. Kept for 7 years for tax compliance. · Email (only when you explicitly provide it) Used to deliver PDF readings and one check-in email. Deleted within 24 hours after sending. · Aggregated usage stats (anonymous) Total sessions, not per-user behavior.
What stays off our servers: ✗ Your conversations (lives encrypted on your device only) ✗ Your name, address, phone number (never asked) ✗ Your precise location (only country from GeoIP) ✗ Your behavioral tracking across websites ✗ Cookies for advertising ✗ IP addresses (Cloudflare/Vercel may log briefly)
· Device fingerprint: fraud prevention and session restoration only · Payment records: tax compliance (required by law) · Email: send PDF + optional check-in, then deleted · Aggregate stats: improve product We NEVER: - Sell your data - Use your data for advertising - Share your data with marketing partners - Use your conversations to train AI models
Conversations on your device: AES-256-GCM encryption Encryption key: generated on your device, never sent to us Transmission: HTTPS only (TLS 1.2+) Payment: handled by Stripe (PCI DSS Level 1 certified) Even if our servers were breached, there are no conversations to steal.
· Your local data: clear your browser OR click "End & Wipe" · Email: physically deleted within 24 hours after delivery · Device fingerprint: auto-deleted after 365 days of inactivity · Payment records: kept 7 years (tax requirement), then deleted You can request immediate deletion of all server-side data associated with your device by emailing privacy@pojulife.com.
Services we use and their privacy policies: · Anthropic (Claude API) AI processing. Zero Data Retention enabled — they don't save your conversations. Privacy: https://www.anthropic.com/privacy · OpenAI Used ONLY for embedding (converting knowledge base to vectors). Your conversations never go to OpenAI. Privacy: https://openai.com/privacy/ · ElevenLabs Text-to-speech for reading aloud. Optional, user-initiated. Privacy: https://elevenlabs.io/privacy · Stripe Payment processing. They handle your payment method. Privacy: https://stripe.com/privacy · Resend Email delivery. Auto-deletes messages after 30 days. Privacy: https://resend.com/legal/privacy-policy · Vercel Hosting. Standard web server logs (IP, user agent, URL). Privacy: https://vercel.com/legal/privacy-policy · Supabase Database (for payment records + knowledge base). Privacy: https://supabase.com/privacy · FingerprintJS (OSS version) Device identification. Runs entirely on your device. Privacy: no data sent to FingerprintJS servers (OSS version).
Your conversations are sent to Anthropic for processing by Claude. We've specifically enabled: ✓ Zero Data Retention (ZDR) Anthropic does not keep your API requests or responses. ✓ No training on your data Your conversations are not used to improve Claude. ✓ No human review Unless you explicitly flag content for abuse, no Anthropic employee will see your conversations. This guarantee is contractual — we pay extra for ZDR.
POJU is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has used POJU, contact privacy@pojulife.com and we'll delete any associated data immediately.
As a California resident, you have the right to: · Know what personal information we collect, use, disclose · Delete personal information we hold about you · Opt out of the "sale" of personal information (We don't sell data, so this is automatic) · Non-discrimination for exercising your rights To exercise any of these rights, email privacy@pojulife.com with "CCPA Request" in the subject line.
If you're in the EU, you also have:
· Right to access your personal data
· Right to rectification (correct inaccurate data)
· Right to erasure ("right to be forgotten")
· Right to data portability
· Right to withdraw consent
· Right to object to processing
Legal basis for processing:
· Contract (providing the service you paid for)
· Legitimate interest (fraud prevention)
Data Protection Officer: privacy@pojulife.comFor privacy questions: privacy@pojulife.com For general questions: support@pojulife.com For legal matters: legal@pojulife.com Physical address (if required by your jurisdiction): [待律师确定后填入]
When we update this policy, we'll: · Notify users via in-app banner on next visit · Continued use after update = acceptance · Major changes (new data collection, etc.) require re-agreement
Questions? Email privacy@pojulife.com. We read every message.