Back to home

Privacy Policy

Last updated: March 2, 2026

1. Introduction

EnCoCoEU S.L. (“we,” “our,” or “us”), located at Plaza del Actor Enrique Rambal 17, 46022 - Valencia, Spain, operates the Jabo AI personal assistant service (“Service”). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service through Telegram, WhatsApp, or any other supported channel.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

EnCoCoEU S.L.
Plaza del Actor Enrique Rambal 17, 46022 - Valencia, Spain
Website: https://www.encoco.eu

3. Data We Collect

3.1 Account Information

When you start using Jabo, we collect basic account information provided by your messaging platform, which may include:

  • Your Telegram user ID and display name
  • Your WhatsApp phone number
  • Your preferred language and timezone settings

3.2 Message Content

To provide the Service, we process the messages you send to Jabo, including:

  • Text messages and commands
  • Voice messages (temporarily processed for transcription, then deleted)
  • Files you share (photos, PDFs, CSVs, and other documents up to 20MB)

3.3 Usage Data

We collect anonymized usage analytics to improve the Service, including:

  • Feature usage frequency (which capabilities you use most)
  • Response times and error rates
  • Session duration and interaction patterns

3.4 Google Account Data

If you connect your Google account via OAuth2, we may access:

  • Gmail messages (read, compose, and manage on your behalf)
  • Google Calendar events (view, create, and update)
  • Google Drive files (access and manage)
  • Google Contacts (search and manage)

Access tokens are encrypted with AES-256-GCM before storage. You can revoke access at any time.

3.5 Memory and Preferences

Jabo maintains a persistent memory system that stores conversation context and your preferences to provide personalized assistance. This data is encrypted at rest and associated with your user account.

4. How We Use Your Data

We process your data for the following purposes:

  • Service Delivery: Processing your messages, executing requested tasks, and delivering responses
  • AI Processing: Sending your messages to AI models (Google Gemini) for natural language understanding and response generation
  • Code Execution: Running code you request in isolated, sandboxed environments
  • Personalization: Using memory and preferences to provide context-aware assistance
  • Service Improvement: Analyzing anonymized usage patterns to improve features and performance

5. Data Storage and Security

5.1 Encryption

  • At Rest: All stored data is encrypted using AES-256-GCM encryption
  • In Transit: All data transmission uses TLS 1.3 encryption
  • OAuth Tokens: Google OAuth tokens are individually encrypted with AES-256-GCM before storage

5.2 Infrastructure

Your data is stored on secure infrastructure provided by:

  • Google Cloud Platform (GCP): Primary compute and data storage, including Firestore (database), Cloud Storage (files), and Cloud Run (application hosting), located in the EU (europe-west1 region)
  • DigitalOcean: Kubernetes cluster for isolated code execution environments, located in Amsterdam (ams3 region)

5.3 Data Retention

  • Voice messages are deleted immediately after transcription
  • Uploaded files are deleted after processing
  • Conversation memory is retained as long as your account is active
  • Analytics data is retained in anonymized form
  • Account data is deleted upon request (see GDPR Rights below)

5.4 Security Practices

We follow OWASP security guidelines and implement:

  • No logging of personal identifiable information (PII)
  • No logging of credentials or authentication tokens
  • Input validation and sanitization on all user inputs
  • Isolated execution environments for code running
  • Regular security reviews and updates

6. Third-Party Services

To provide the Service, we share data with the following third-party processors:

  • Telegram: Message delivery and bot functionality (Privacy Policy)
  • WhatsApp / Meta: Message delivery via WhatsApp Cloud API (Privacy Policy)
  • Google (Vertex AI): AI model processing using Gemini (Privacy Notice)
  • Google Cloud Platform: Infrastructure and data storage (Privacy Notice)
  • DigitalOcean: Kubernetes infrastructure for code execution (Privacy Policy)

7. GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Request correction of inaccurate personal data
  • Right to Erasure: Request deletion of all your personal data (“right to be forgotten”)
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Restriction: Request restriction of processing of your personal data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, send a message to Jabo requesting data deletion or contact us at the address listed below. We will respond to your request within 30 days.

8. Cookies

The Jabo website (jabo.one) is a static informational site that uses minimal or no cookies. The Jabo Service itself operates through messaging platforms (Telegram, WhatsApp) and does not use cookies.

If we use any analytics on the website in the future, we will update this policy and request your consent where required.

9. Children's Privacy

Our Service is not directed to children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice through the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Information

For any questions about this Privacy Policy or to exercise your GDPR rights, contact us at:

EnCoCoEU S.L.
Plaza del Actor Enrique Rambal 17, 46022 - Valencia, Spain
Website: https://www.encoco.eu

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. In Spain, this is the Agencia Espanola de Proteccion de Datos (AEPD).