Privacy policy

Your data, handled like we handle code.

Jelleo, Inc. ("Jelleo", "we", "us") builds continuous security audit tooling for Solana and other smart-contract platforms. This policy explains what we collect through jelleo.com and our services, how we use it, and the choices you have. We do not sell personal data.

Effective June 30, 2026 Cookieless analytics No sale of personal data

Information we collect

We collect only what we need to run the website, respond to you, and deliver audits to customers.

Information you give us

  • Contact & integration requests. When you submit a form or email us, we receive the information you provide — typically your name, email address, organization, and message.
  • Customer onboarding. If you engage Jelleo for an audit, we collect the account, billing, and technical details needed to deliver the service, and the repositories or programs you authorize us to review.
  • Correspondence. Records of emails and messages you send us.

Information collected automatically

  • Privacy-first analytics. We use Plausible Analytics, which is cookieless and does not collect personal data or track you across sites. It produces only aggregate metrics (page views, referrers, country-level location).
  • Server logs. Our hosting produces standard logs (IP address, browser/user-agent, timestamps, requested URLs) used for security, debugging, and abuse prevention.
  • Local storage. The site uses your browser's local storage for functional preferences (such as UI state). This stays on your device and is not personal-tracking data.

Customer audit data

For customers, we process the source code, on-chain programs, and related materials you provide so we can audit them and produce findings. This material is handled under your engagement agreement and the security controls below, and is not used to train third-party models.

How we use information

  • To operate, maintain, and improve the website and our services.
  • To respond to your inquiries and integration requests.
  • To deliver, support, and bill for audits you engage us to perform.
  • To secure our systems, prevent abuse, and debug problems.
  • To comply with legal obligations and enforce our Terms of Service.

We do not use your information for advertising, and we do not sell it.

Who we share with

We do not sell personal data. We share information only with service providers that help us run Jelleo, and only as needed.

ProviderPurposeData
Plausible AnalyticsCookieless website analyticsAggregate, non-identifying usage
Anthropic (Claude API)AI analysis within the audit pipelineCode/material under audit, per engagement; not used to train models
Hosting / email providersServing the site, delivering emailServer logs, correspondence
GitHubCoordinated disclosure & source hostingPublic disclosure artifacts

We may also disclose information if required by law, to protect our rights or users, or in connection with a merger or acquisition. Any successor will remain bound by this policy.

How long we keep it, how we protect it.

Retention

We keep personal information only as long as needed for the purposes above or as required by law. Inquiry records are retained while a relationship is active and for a reasonable period after; customer audit materials are retained per the engagement agreement and then deleted or returned.

Security

We apply the same rigor to our own systems that we apply in our audits: access controls, encryption in transit, Ed25519-signed artifacts, and least-privilege handling of customer code. No system is perfectly secure, but you can report any concern to us directly (see Security & Disclosure).

Your choices & rights

Depending on where you live (including under the GDPR and the CCPA/CPRA), you may have the right to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. Because our analytics are cookieless and aggregate, there is no advertising profile to opt out of.

To exercise any right, email us at the address below. We will respond within the timeframe required by applicable law. We will not discriminate against you for exercising your rights.

International users

International transfers. Jelleo is based in the United States. If you access the service from outside the U.S., your information may be processed in the U.S. and other countries where our providers operate.

Changes & how to reach us

We may update this policy as our practices evolve. Material changes will be reflected by the effective date above and, where appropriate, announced on the site.

For security reports specifically, see our Security & Disclosure page.