Effective date: June 6, 2026 · Last updated: June 6, 2026
This Privacy Policy describes how JD AI Systems, LLC(“Company,” “we,” “our,” or “us”) collects, uses, protects, and discloses information when you use the ACCESS platform (“Service”). Our primary headquarters is in Tampa, Florida; our secondary headquarters is in Atlanta, Georgia (opening 2026). This policy is designed to comply with the laws of both states, including the Florida Digital Bill of Rights (FDBR) (§ 501.701–501.721, Fla. Stat.), the Florida Information Protection Act (FIPA) (§ 501.171, Fla. Stat.), the Florida Deceptive and Unfair Trade Practices Act (FDUTPA) (§ 501.201, Fla. Stat.), the Georgia Notification of Data System Breach Act (O.C.G.A. § 10-1-910 et seq.), the Georgia Fair Business Practices Act (GFBPA) (O.C.G.A. § 10-1-390 et seq.), and applicable federal law.
1. Who This Policy Applies To
This policy applies to all users of ACCESS. Florida residents have additional rights under the Florida Digital Bill of Rights, described in Section 6 below. Georgia residents are protected under the Georgia Notification of Data System Breach Act and the Georgia Fair Business Practices Act, as described in Sections 7 and 11 below.
2. Information We Collect
Account Information
- Name, email address, and username (via Clerk authentication)
- ACCESS handle (e.g., username.access)
- Profile details you choose to provide
Workspace Data
- Projects, registry objects, assets, vault metadata, and systems you create
- CRM contacts you enter or import (you own this data)
- Knowledge base content and blueprints
- JYSON AI conversations and session history
- Workflow configurations and execution logs
Billing and Payment Information
- Payments are processed by Stripe, Inc., a PCI-DSS-compliant payment processor. We do not store full card numbers or full bank account numbers. We store only Stripe Customer IDs and subscription metadata.
- ACH Bank Transfer Authorization: If you choose ACH payment, your bank account information is provided directly to Stripe under their ACH authorization agreement. Stripe stores your bank account and routing details; we store only the Stripe payment method reference. ACH transactions are governed by NACHA rules. You may revoke ACH authorization at any time through the billing portal or by contacting us. Unauthorized ACH debits may be disputed with your bank within 60 days of the statement date in which the unauthorized transaction appeared.
- Billing address and invoice history (via Stripe Billing)
Usage and Technical Information
- Platform activity: pages visited, features used, commands executed
- JYSON message counts per billing period
- IP address, browser type, device type, and operating system
- Error logs and performance diagnostics for platform reliability
Communications
- Email preferences and consent records
- Support correspondence
3. How We Use Your Information
We process your information only for the following purposes:
- Service delivery: Provide ACCESS features, JYSON intelligence, and workspace tools
- Billing: Process subscriptions, invoices, ACH authorizations, and refunds through Stripe
- Security: Detect fraud, unauthorized access, and platform abuse
- Transactional communication: Send receipts, security alerts, and service notices required by law or contract
- Marketing (opt-in only): Send product updates and promotional offers you have explicitly consented to receive. We do not send unsolicited marketing. Florida residents may opt out at any time.
- Platform improvement: Analyze aggregated, de-identified usage patterns to improve features and reliability
- Legal compliance: Meet applicable legal, tax, and regulatory obligations under Florida and federal law
We do not use your personal data for targeted advertising, profiling for decisions producing legal effects, or the sale of personal data to third parties.
4. JYSON and AI Processing
JYSON processes your workspace data (projects, assets, CRM records, vault metadata, and conversation history) to generate personalized intelligence, summaries, and recommendations. This processing occurs within our platform infrastructure. We do not share your workspace data with third-party AI providers without your explicit consent, except as technically necessary to provide the Service under appropriate data protection agreements.
JYSON is an AI system. Its outputs may contain errors. You are responsible for reviewing any AI-generated output before relying on it for business decisions.
5. Information Sharing and Disclosure
We do not sell your personal information. We do not share your data with advertisers or data brokers. We may share information with:
- Stripe, Inc. — payment processing (PCI-DSS compliant, US-based)
- Clerk, Inc. — authentication and identity management (SOC 2 certified)
- Supabase, Inc. — database infrastructure (data stored in the United States)
- Vercel, Inc. — platform hosting and edge computing
- Legal and government authorities: When required by Florida law, federal law, court order, or to protect the safety, rights, or property of users or the Company
- Business transfers: In the event of a merger, acquisition, or asset sale, personal data may be transferred. We will notify you via email before such transfer and your rights under this policy continue to apply.
All third-party service providers are bound by contractual data processing agreements and are prohibited from using your data for their own purposes.
6. Florida Digital Bill of Rights — Your Rights
Under the Florida Digital Bill of Rights (§ 501.701–501.721, Fla. Stat.), Florida residents have the following rights regarding their personal data:
- Right to Access: You may request confirmation of whether we process your personal data and obtain a copy of it.
- Right to Correction: You may request correction of inaccurate personal data we hold about you.
- Right to Deletion: You may request deletion of your personal data, subject to legal retention requirements.
- Right to Data Portability: You may request your data in a commonly used, machine-readable format.
- Right to Opt Out of Sale: We do not sell personal data. This right is satisfied by our policy design.
- Right to Opt Out of Targeted Advertising: We do not conduct targeted advertising using your data.
- Right to Opt Out of Profiling: We do not engage in profiling that produces legal or similarly significant effects.
- Right to Non-Discrimination: Exercising your privacy rights will not result in denial of service or different pricing.
To exercise any of these rights, submit a request to support@jdwhite.world or use Settings → Account within your ACCESS workspace. We will respond within 45 days as required by the FDBR, and may extend by an additional 45 days with notice when reasonably necessary.
Authorized agents may submit rights requests on your behalf with written authorization. We will verify identity before processing any request.
7. Data Breach Notification
In the event of a security breach affecting your personal data, we will notify affected users in accordance with both Florida and Georgia law.
Florida — FIPA (§ 501.171, Fla. Stat.)
- Investigate and assess the breach promptly upon discovery
- Notify affected Florida residents within 30 days of discovering the breach (or as soon as reasonably possible given the scope of investigation)
- Notify the Florida Department of Legal Affairs if the breach affects 500 or more Florida residents, within 30 days of discovery
Georgia — Notification of Data System Breach Act (O.C.G.A. § 10-1-912)
- Notify affected Georgia residents in the most expedient time possible and without unreasonable delay following discovery of the breach
- Notify the Georgia Consumer Protection Division of the Office of the Attorney General if the breach affects 10,000 or more Georgia residents
All breach notifications, regardless of state, will include: a description of the incident, the categories of personal information involved, the approximate date of the breach, steps we are taking to address the breach, and recommended steps you can take to protect yourself. Notice will be delivered by email to the address on your account.
8. Data Retention
- Active accounts: Data retained for the life of your account
- Cancelled/deleted accounts: Workspace data preserved in read-only mode for 90 days, then permanently deleted
- Billing records: Retained for 7 years as required by Florida and federal tax law
- JYSON history: Deleted with account; exportable on request before deletion
- Security logs: Retained for up to 12 months
9. Security
We implement commercially reasonable security measures including: encryption in transit (TLS 1.2+), encryption at rest, strict access controls, regular security assessments, and SOC 2-aligned practices across our service providers.
No security measure is 100% effective. If you discover a potential vulnerability, please report it responsibly to support@jdwhite.world.
10. Email Communications
- Transactional emails (billing receipts, security alerts, service notices): Required for account operation. Cannot be disabled.
- Marketing and intelligence emails: Require your explicit consent (opt-in). Florida and Georgia residents may withdraw consent at any time through Settings → Notifications or the unsubscribe link in any marketing email. Opt-out requests are processed within 10 business days.
We comply with the Florida Electronic Commerce Protection Act, the Georgia Computer Systems Protection Act (O.C.G.A. § 16-9-90 et seq.), and applicable federal CAN-SPAM and TCPA requirements. We do not send unsolicited commercial email.
11. Deceptive and Unfair Trade Practices
We operate in compliance with the Florida Deceptive and Unfair Trade Practices Act (FDUTPA) (§ 501.201, Fla. Stat.) and the Georgia Fair Business Practices Act (GFBPA) (O.C.G.A. § 10-1-390 et seq.). Our pricing, billing, and service representations are accurate and non-deceptive. We do not engage in unfair, deceptive, or unconscionable practices under either statute.
If you believe we have engaged in any deceptive or unfair practice:
- Florida residents: Contact us at support@jdwhite.world or file a complaint with the Florida Department of Agriculture and Consumer Services.
- Georgia residents: Contact us at support@jdwhite.worldor file a complaint with the Georgia Governor’s Office of Consumer Protection.
12. Children’s Privacy
ACCESS is not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent as required by COPPA. If you believe a child has created an account, contact us immediately and we will delete the account and associated data.
13. Changes to This Policy
We may update this policy at any time. For material changes, we will notify you via email to the address on your account at least 14 days before the change takes effect. Your continued use of ACCESS after the effective date constitutes acceptance. You may always view the current policy at access.jdwhite.world/privacy.
14. Contact and Privacy Requests
For privacy requests, questions, or data subject rights requests under Florida law:
JD AI Systems, LLC
Primary headquarters: Tampa, Florida
Secondary headquarters: Atlanta, Georgia (opening 2026)
Governing law: State of Florida, Hillsborough County