Privacy Policy

Last updated: April 17, 2026

This Privacy Policy describes how Jinrai ("we", "us", or "our") collects, uses, and protects your information when you use the Jinrai Web Application Firewall service ("Service"). We are committed to protecting your privacy and handling your data transparently.

1. Information We Collect

1.1 Account Information

When you register, we collect:

Email address
Name (optional)
Organization name (optional)
Password (stored as a salted hash; we never store plaintext passwords)

1.2 Server and Event Data

The Jinrai Agent installed on your server collects and transmits:

Web server access log entries (e.g., Nginx logs) relevant to security analysis
Detected threat events (attack type, source IP, request URI, timestamp)
Agent health metrics (CPU/memory usage, uptime, rule version)
Server metadata (hostname, OS type, agent version)

The Agent does not collect request bodies, response content, application data, database contents, or files stored on your server.

1.3 Payment Information

Payment details (credit card number, billing address) are collected and processed directly by Stripe. We do not store your full payment card details. We receive only a truncated card number, expiration date, and billing status from Stripe.

1.4 Usage Data

We collect standard usage data when you access our dashboard and website, including IP address, browser type, pages visited, and referring URLs.

2. How We Use Your Information

We use collected information to:

Provide and operate the Service, including threat detection and IP blocking
Distribute and update detection rules to your Agent(s)
Display security events and analytics on your dashboard
Process payments and manage your subscription
Send service-related notifications (security alerts, maintenance, billing)
Improve the Service, including refining detection patterns based on aggregated, anonymized event data
Respond to support requests

3. Third-Party Services

We share your information with the following third parties only as necessary to operate the Service:

Provider	Purpose	Data Shared
Stripe	Payment processing	Email, billing details
Infrastructure providers	Hosting, log storage	Event data (encrypted)

We do not sell your personal information to third parties. We may disclose information if required by law or to protect our legal rights.

4. Cookies

We use cookies and similar technologies on our dashboard and website for:

Essential cookies — Authentication session, CSRF protection
Preference cookies — Language and display settings
Analytics cookies — Understanding usage patterns to improve the Service

You can control cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the dashboard.

5. Data Retention

Event Data is retained according to your subscription plan:

Plan	Event Retention
Free	7 days
Pro	90 days
Enterprise	1 year

Account information is retained for the duration of your account and for up to 30 days after deletion. Payment records may be retained longer as required for legal and accounting purposes.

6. Data Security

We implement industry-standard security measures to protect your data:

mTLS (mutual TLS) — All communication between the Agent and central server is encrypted and mutually authenticated
Encryption at rest — Stored data is encrypted using AES-256
Encryption in transit — All web traffic uses TLS 1.2 or higher
Access controls — Strict role-based access to infrastructure and data
API token security — Tokens are hashed and never stored in plaintext

While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure.

7. Your Rights

You have the right to:

Access — Request a copy of the personal data we hold about you
Correction — Request correction of inaccurate personal data
Deletion — Request deletion of your account and associated data
Export — Download your Event Data via the dashboard or API
Objection — Object to processing of your data for specific purposes

To exercise these rights, contact us at contact@jinrai.dev. We will respond within 30 days.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will promptly delete it.

9. International Data Transfers

Our servers are located in Japan. If you access the Service from outside Japan, your data may be transferred to and processed in Japan. By using the Service, you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our dashboard at least 14 days before they take effect. The "Last updated" date at the top of this page indicates the most recent revision.

11. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

contact@jinrai.dev