Privacy Policy

Last Updated: April 2026  |  Effective Date: April 2026

This Privacy Policy describes how JK.Creative LLC ("JK Creative," "we," "us," or "our") handles information in connection with OwnRep ("Software"). By installing and using OwnRep, you agree to the practices described in this policy.

For questions or privacy requests, contact support@jkcreative.store.

1. The Core Principle: Your Data Stays on Your Machine

OwnRep is a locally installed desktop application. All business data — reviews, emails, support tickets, OAuth tokens, configuration settings, and logs — is stored in a SQLite database on your own computer. JK Creative does not operate a cloud server that receives, stores, or processes your business data.

The only data transmitted to JK Creative is your license key, sent at application launch to verify your subscription status. Nothing else is sent to us.

2. What Data the Software Collects and Stores Locally

The following data is stored in a local SQLite database on your machine:

Data Type	What It Is	Why It's Stored
OAuth access tokens and refresh tokens	Credentials for your Google (Gmail + GBP) or Microsoft (Outlook) account	Required to send emails and monitor reviews on your behalf
Business email address	The email account you connect during setup	Identifies which account to use for sending
Review data	Review text, reviewer names, star ratings, platform source (Google, Yelp), timestamps	Core function — monitoring and responding to reviews
Email send records	Recipients, send timestamps, response status	Tracks which customers received review requests
Support ticket content	Ticket text provided by you for macro generation	Used to generate support response templates (one-time analysis)
Support macros	AI-generated response templates created from your tickets	Stored for reuse in future support interactions
Application configuration	Preferences and notification settings (plaintext) plus any Bring-Your-Own-Key API credentials you enter (e.g., your Yelp Fusion API key — stored encrypted at rest using your operating system's keychain)	App operation
Application logs	Diagnostic events, errors, API call timestamps	Debugging and troubleshooting
License key	Your subscription license key from Square	Validated on launch

None of this data is transmitted to JK Creative except the license key as described in Section 4.

3. Data You Provide That Is Processed Locally

When you use OwnRep's features, you or the Software may process:

• Customer email addresses — for sending review request emails. These are entered by you or imported by you. They are stored locally and used solely for the send action you initiate.
• Review content — pulled from Google Business Profile and (optionally, if you've connected your own Yelp Fusion API key) Yelp APIs, then stored locally for monitoring and response drafting.
• Support ticket text — provided by you in bulk for the one-time Support Macro Library analysis. This content is sent to Google Gemini Flash for AI processing (see Section 5).

4. The Only Data Sent to JK Creative: License Validation

Each time OwnRep launches, it sends your license key to JK Creative's license validation server. This request:

• Contains only the license key string
• Does not include your email, name, business name, review data, customer data, or any other personal or business information
• Is used solely to confirm that your Square subscription is active
• Is made over HTTPS

We log the validation request (timestamp + license key status) for billing and fraud prevention purposes. We do not log IP addresses in association with license keys beyond what is inherent in standard web server logging, and we do not use this data for any purpose other than license management.

5. Third-Party Services and Data They Receive

OwnRep integrates with several third-party services. When you use a feature that relies on a third-party API, data is transmitted to that service as described below.

5.1 Google APIs (Gmail API, Google Business Profile API)

• What's sent: Email content you compose and send; API requests to retrieve review listings and post responses
• What Google receives: Your OAuth tokens (managed by Google), email content, review response text
• Who controls it: You authorize the Google connection via OAuth. You can revoke access at any time from your Google Account settings (myaccount.google.com > Security > Third-party apps)
• Google's privacy policy: policies.google.com/privacy

5.2 Google Gemini Flash (AI draft generation)

• What's sent: Review text (including reviewer name and review body) and/or support ticket text you submit for analysis
• Purpose: Generating draft responses to reviews and support macros
• PII caution: Review text may contain names, opinions, or other information written by your customers. OwnRep sends this text to Gemini as-is to generate a draft. We do not strip or anonymize it before sending.
• What Gemini does NOT receive: Your customer email lists, OAuth tokens, license key, or any data not directly relevant to the draft being generated
• Google's AI data handling: ai.google.dev/gemini-api/terms
• Note: Google Gemini Flash is used on the free tier. Google's terms govern how they handle API input data. Review Google's current data use policies for Gemini API to understand their data retention and training practices.

5.3 Microsoft Graph API (Outlook email sending)

• What's sent: Email content you compose and send, via your authorized Microsoft account
• Who controls it: You authorize the Microsoft connection via OAuth (Microsoft Entra). Revoke at any time from your Microsoft account settings (account.microsoft.com > Privacy)
• Microsoft's privacy policy: privacy.microsoft.com

5.4 Yelp Fusion API (Bring Your Own Key — optional)

• Activation: Yelp monitoring is optional and is off until you paste your own Yelp Fusion API key into Settings → Yelp. OwnRep does not bundle, distribute, or share a Yelp API key. If you have not added a key, no traffic flows between OwnRep and Yelp.
• Key storage: The Yelp Fusion key you paste is encrypted at rest on your machine using your operating system's keychain (macOS Keychain Services / Windows DPAPI) via Electron's safeStorage. The decrypted key never leaves your device and is never transmitted to JK Creative.
• What's sent (only when a key is connected): Your business identifier and the API key in the request header, sent directly to Yelp's API to retrieve public review listings.
• What's received: Publicly visible review data from Yelp.
• Limitation: OwnRep uses read-only Yelp API access. No data is written to Yelp through OwnRep.
• Yelp's privacy policy: yelp.com/tos/privacy

5.5 Square

• What's sent: Payment information you provide at checkout, managed entirely by Square
• What JK Creative receives from Square: Subscription status, license key activation events, payment confirmation — no full card numbers
• Square's privacy policy: squareup.com/legal/privacy

5.6 Google API Services User Data Policy — Limited Use Disclosure

OwnRep's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Scope requested: https://www.googleapis.com/auth/gmail.send. This scope permits OwnRep to send email as the authenticated user. It does not permit OwnRep to read, modify, or delete any email in the user's mailbox. OwnRep does not request any other Gmail scope.

How OwnRep uses Google user data:

• Gmail send: OwnRep uses gmail.send for exactly one purpose — to send review-request emails, composed by the authenticated business owner, to customers on lists the owner imports into OwnRep. Emails are sent from the owner's own Gmail account so recipients recognize the sender and messages deliver with the domain's own reputation.
• Google Business Profile: OwnRep reads and responds to reviews on the business profiles the authenticated user owns.

How OwnRep does NOT use Google user data:

• OwnRep does not read, store, or analyze the contents of any email in the user's mailbox.
• OwnRep does not use Google user data to train machine-learning models, including third-party AI models.
• OwnRep does not transfer Google user data to any third party, except as required to deliver the email or review response through Google's own servers.
• OwnRep does not use Google user data for advertising purposes, including personalized, retargeted, or interest-based advertising.
• OwnRep does not sell Google user data.
• Human beings at JK Creative do not read Google user data, except (a) with the user's explicit consent for specific messages, (b) to comply with applicable law, (c) for security investigations, or (d) where the data has been aggregated and anonymized for internal operations.

Where Google user data is stored: OwnRep is a desktop application. OAuth access tokens and refresh tokens are stored locally on the user's own device in the application's configuration directory. These tokens are never transmitted to JK Creative's servers. The contents of outgoing emails are sent directly from the user's device to Google's Gmail API and are not retained by JK Creative after sending.

How to revoke access: Users can revoke OwnRep's access to their Google account at any time at https://myaccount.google.com/permissions. Signing out of OwnRep also deletes the locally stored OAuth tokens.

6. Auto-Update Mechanism

On launch, OwnRep checks JK Creative's CDN for available software updates. This request:

• Contains only the current software version number and your operating system (Windows or macOS)
• Does not include personal or business data
• Is used only to determine whether an update is available

7. Data We Do Not Collect

JK Creative does not collect, and OwnRep does not transmit to JK Creative:

• Your customers' email addresses or contact information
• Review content or review response drafts
• Email content you send through the Software
• Support ticket content
• OAuth tokens or credentials
• Business name, address, or profile information
• Usage analytics or behavioral telemetry
• IP addresses tied to your identity (beyond standard server log entries for license validation)

8. Data Retention and Deletion

Because all data is stored locally on your machine, you have full control over retention and deletion.

• To delete your data: Uninstall OwnRep and delete the application data folder. On Windows, this is typically %APPDATA%\OwnRep. On macOS, it is typically ~/Library/Application Support/OwnRep.
• To revoke OAuth access: Remove OwnRep's access from your Google or Microsoft account settings. This does not delete local tokens immediately — uninstalling the app removes them from your machine.
• JK Creative's retention of your license key: We retain your license key in our Square account records per Square's standard practices and our own billing records. To request deletion, contact support@jkcreative.store.

9. Security

JK Creative does not store your business data and therefore cannot be breached for it. Sensitive credentials stored locally by OwnRep — OAuth refresh tokens, OAuth access tokens, and any Bring-Your-Own-Key API credentials you provide (e.g., Yelp Fusion API key) — are encrypted at rest using your operating system's keychain (macOS Keychain Services / Windows DPAPI) via Electron's safeStorage. The decryption keys are managed by your OS and are tied to your user account; OwnRep never possesses or transmits them.

The remaining locally stored data (review history, customer email lists, support macros, application settings) is stored in plaintext in OwnRep's local SQLite database, since your operating system already isolates it under your user account. Securing the device itself is your responsibility as the device owner. We recommend:

• Using full-disk encryption on the device where OwnRep is installed
• Using a strong login password on your device
• Revoking OAuth access if your device is lost or stolen
• Removing any BYOK API key from Settings → Yelp before transferring or selling the device

The license validation connection uses HTTPS. We do not store your OAuth tokens or your Yelp Fusion API key on our servers at any time.

10. California Residents — CCPA/CPRA

Because OwnRep stores all data locally on your machine and JK Creative does not receive or maintain your personal or business data, most CCPA/CPRA obligations (right to access, delete, or opt out of sale) apply to data held on your device, which you already fully control.

The only personal information JK Creative holds is your license key and billing information processed through Square. For requests related to those:

• Right to know / access: Contact support@jkcreative.store
• Right to delete: Contact support@jkcreative.store
• Right to opt out of sale: JK Creative does not sell personal information.

11. GDPR Considerations

JK Creative is a US-based company and OwnRep is marketed and sold in the United States. We do not operate EU-directed marketing or maintain EU data transfer mechanisms (e.g., Standard Contractual Clauses) at this time.

If you are located in the European Union or European Economic Area, please be aware:

• Your business data is stored locally on your machine and not transferred to JK Creative
• Data passed to Google Gemini, Google APIs, Microsoft, and Yelp is governed by those companies' own GDPR compliance posture
• License key data processed by JK Creative is minimal and used only for billing verification

We recommend reviewing the GDPR policies of Google, Microsoft, and Yelp before deploying OwnRep in an EU context.

12. Children

OwnRep is a business tool not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has somehow provided information to JK Creative in connection with OwnRep, contact support@jkcreative.store.

13. Changes to This Policy

JK Creative may update this Privacy Policy at any time. We will post the updated policy at jkcreative.store and update the "Last Updated" date. For material changes, we will provide notice via the email address on file with Square. Continued use of OwnRep after the effective date of a material change constitutes acceptance.

14. Contact

JK.Creative LLC
support@jkcreative.store
jkcreative.store

This Privacy Policy was prepared for informational purposes. JK Creative recommends review by qualified legal counsel, particularly regarding Gemini API data handling practices and any jurisdiction-specific requirements applicable to your business.