Jullow collects only the minimum data needed to run accounts and basic features through OPRA (Jullow ID). We use only essential cookies. We do not use analytics, advertising, or tracking, and we do not sell personal data. All messaging is end-to-end encrypted by design : not just a policy promise, but a technical standard. Users can view, edit, export their data, or delete their account (30-day recovery) directly through OPRA. These rights apply to all Jullow users globally.
This Privacy Policy applies to all websites, applications, and services that are part of the Jullow ecosystem : including any current or future product operated under the Jullow brand. Jullow is currently an independent project operated by a single creator. If the project's legal structure changes, we will update this policy accordingly.
This policy works together with our Terms of Service and Cookie Policy. Where a specific Jullow app has additional privacy terms, those apply on top of this policy and never replace it.
OPRA is the central account hub for the Jullow ecosystem. Your single Jullow ID connects you to all Jullow apps and services.
We do not collect sensitive special category data (such as health information, race, religion, or sexual orientation) as part of your Jullow ID or OPRA account.
Under GDPR, every piece of data we collect must have a clear legal basis.
| Data | Legal basis | Why |
|---|---|---|
| Display name | Contractual necessity | Required to create and operate your account |
| Username | Contractual necessity | Required for account uniqueness and public identification |
| Email address | Contractual necessity | Required for verification and security notices |
| Phone number | Contractual necessity | Required for verification and account uniqueness |
| Password (hashed) | Contractual necessity | Required for account authentication |
| Date of birth | Legal obligation | Required to verify you are 16 or older |
| Country | Contractual necessity | Required for account setup and security |
| Preferences | Contractual necessity | Required to remember your settings across the Services |
| Device model | Legitimate interests | Enables you to identify and manage active sessions in OPRA |
| Device type | Legitimate interests | Used to detect suspicious account activity |
| OS and version | Legitimate interests | Used to detect suspicious account activity |
| App version | Legitimate interests | Used for security monitoring and troubleshooting |
| Browser type and version | Legitimate interests | Used for security monitoring on Jullow websites |
| Login timestamps | Legitimate interests | Used for session management and security |
| Service metadata | Legitimate interests | Used for troubleshooting and security |
We do not use your data for advertising, marketing profiling, or any purpose beyond what is described in this policy. We do not sell personal data to third parties under any circumstances.
End-to-end encryption (E2EE) is a foundational technical standard across all messaging features in the Jullow ecosystem. Messages are encrypted on the sender's device and can only be decrypted by the recipient's device. Jullow's servers cannot read or access private message content at any point. This is a technical standard, not just a policy promise.
Where Jullow apps include social or community features, users can report other users, comments, posts, avatars, or display names for abuse, spam, impersonation, or policy violations. Reports may use limited metadata such as timestamps and account IDs to support moderation. Private message content is never accessed as part of this process.
Users may block other users to prevent further interactions.
Jullow uses only essential cookies on its websites. We do not use analytics, advertising, or tracking cookies anywhere in the Jullow ecosystem. For full details see our Cookie Policy.
We may use third-party service providers such as hosting and email delivery to operate the Services. These providers act as data processors on Jullow's behalf and may only process your data to provide their service to us. We select providers that are GDPR compliant and privacy-first, and limit the data shared to what is strictly necessary.
Where any provider processes data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place : such as Standard Contractual Clauses approved by the European Commission : before using their services.
Once the 30-day recovery window has passed and personal data has been permanently deleted, Jullow bears no responsibility for any loss of data or account access resulting from the deletion.
The following rights apply to all Jullow users globally. Through OPRA you can view, edit, export, and delete your account data. If you cannot perform an action in the app, contact us and we will assist you within 30 days.
You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.
You must be 16 years or older to create a Jullow ID. A full date of birth (DD/MM/YYYY) is required at signup. If we discover data belonging to a person under 16, we will delete it as soon as reasonably possible.
We take reasonable technical and organisational measures to protect personal data, including hashed passwords, end-to-end encryption for all messaging, encryption in transit, and secure backups. However, no system is completely secure. Jullow is not liable for events beyond reasonable control, including third-party security breaches.
If we become aware of a personal data breach likely to result in a risk to users' rights and freedoms, we will act in accordance with applicable law and notify affected users and relevant authorities where required and practicable.
We may update this policy as the Services evolve. We will post the revised policy with a new effective date on this page. Where appropriate, we will notify you via OPRA or the email address associated with your account.