Skip to main content
← Back to Home

Privacy Policy

Effective Date: January 1, 2026

Last Updated: January 2026

1. Introduction

Josato Group LLC, doing business as Josa.ai (“Company,” “we,” “us,” “our”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with our AI-powered SaaS tools, web applications, consulting services, digital courses, and community platforms (collectively, the “Services”).

This Privacy Policy applies to all individuals who access or use our Services, including visitors to our website, registered users, customers, and participants in our digital courses and communities (“you” or “your”).

Effective Date of This Policy: January 1, 2026

We comply with all applicable U.S. state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), Oregon Consumer Privacy Act (OCPA), Indiana Consumer Data Protection Act (INCDPA), Kentucky Consumer Data Protection Act (KCDPA), and Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA).

2. Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us at:

Josato Group LLC d/b/a Josa.ai
114 East Parker Street
Lakeland, Florida 33801
United States

Phone: 863-591-5300
Email: [privacy@josa.ai]

Data Protection Officer/Privacy Lead: [Your Name/Title]

3. Categories of Personal Information We Collect

We collect personal information from you in the following ways:

3.1 Information You Provide Directly

Account Registration Information:

  • First and last name
  • Email address
  • Phone number
  • Password (hashed and encrypted)
  • Job title and company name
  • Professional qualifications or certifications
  • Profile photo or avatar
  • Biographical information (optional)

Payment and Billing Information:

  • Credit or debit card number (processed via secure third-party payment processors; we do not store full credit card numbers)
  • Billing address
  • Payment history and transaction records
  • Invoice information
  • Subscription plan details

Communication and Support:

  • Messages you send through our contact forms or support channels
  • Email correspondence
  • Chat or messaging platform communications
  • Feedback, testimonials, or reviews you provide
  • Support tickets and inquiries

Course and Community Participation:

  • Course enrollment and completion status
  • Assignment submissions and assessment results
  • Discussion forum posts and comments
  • Community engagement history
  • Certificates and credentials earned
  • Learning progress and performance metrics

Consulting Services:

  • Project details and consultation topics
  • Deliverables and work product
  • Communications with consultants
  • Meeting notes and recordings (with your consent)

3.2 Information Collected Automatically

Usage and Behavioral Data:

  • Pages visited and links clicked
  • Time spent on each page
  • Features used within the Services
  • Search queries
  • Date and time of access
  • Frequency and duration of use
  • Interactions with content (views, downloads, shares)
  • A/B testing participation
  • Feature usage patterns and preferences

Device and Technical Information:

  • IP address and IP-derived location data (city/state level)
  • Device type (desktop, mobile, tablet)
  • Operating system and version
  • Browser type and version
  • Device identifiers (including mobile advertising IDs)
  • Mobile device operating system
  • Screen resolution
  • Internet service provider (ISP)

Cookies, Tracking Technologies, and Similar Identifiers:

  • Session cookies (temporary, deleted when browser closes)
  • Persistent cookies (remain until expiration or deletion)
  • Web beacons/pixels and similar tracking technologies
  • Google Analytics identifiers
  • Marketing and advertising cookies (with consent)
  • Local storage data
  • Similar tracking technologies

Location Information:

  • Approximate location based on IP address (city/state level)
  • Precise geolocation (only with explicit opt-in consent)

3.3 Information from Third Parties

Third-Party Integrations:

  • Data from integrated platforms (Zapier, webhook connections, API integrations)
  • Social media profile information (if you choose to log in via OAuth)
  • Calendar information (if you grant access to calendar services)

Service Providers:

  • Data from payment processors
  • Data from email service providers
  • Analytics providers
  • Customer support platforms

Publicly Available Sources:

  • Public social media profiles (for marketing purposes, with consent)
  • Professional networking sites (LinkedIn)
  • Public databases

3.4 Sensitive Personal Information

We collect the following categories of sensitive personal information, which receive enhanced protection:

  • Government-issued identification numbers (collected only when legally required for billing)
  • Financial account information (credit card data via secure third-party processors)
  • Precise geolocation (collected only with explicit opt-in consent and purpose notification)
  • Health information (only if voluntarily disclosed in consulting or community contexts)
  • Biometric data (none collected, except as may occur in video conference recordings with consent)
  • Any data regarding children under 16 (handled with additional protections; see Section 12)

4. Legal Basis and Purposes for Collection and Use

4.1 Purposes for Collecting and Using Personal Information

We use personal information for the following purposes:

Service Delivery:

  • Creating and maintaining your account
  • Delivering, personalizing, and improving our Services
  • Processing transactions and sending related information
  • Providing technical support and customer service
  • Fulfilling your requests and responding to inquiries
  • Conducting surveys and requesting feedback

Communication:

  • Sending transactional emails (order confirmations, receipt, account notifications)
  • Sending marketing communications (with your consent)
  • Notifying you of changes to our Services or policies
  • Responding to your inquiries and support requests
  • Sending announcements about new features, courses, or community events

Analytics and Improvement:

  • Analyzing usage patterns to improve our Services
  • Conducting A/B testing and optimization
  • Understanding user preferences and behavior
  • Aggregating and de-identifying data for analytics
  • Improving website functionality and user experience

Personalization:

  • Customizing your experience based on your preferences
  • Recommending relevant courses, content, or features
  • Displaying targeted content based on your interests
  • Tailoring communications to your profile and activity

Marketing and Advertising:

  • Sending promotional emails and newsletters (with opt-in consent)
  • Displaying targeted advertisements across our Services and third-party platforms
  • Measuring advertising effectiveness and campaign performance
  • Creating lookalike audiences for advertising purposes
  • Conducting market research and audience segmentation

Security, Fraud Prevention, and Compliance:

  • Detecting and preventing fraud or unauthorized access
  • Protecting against malware and security threats
  • Securing our Services and systems
  • Enforcing our Terms of Service and other agreements
  • Complying with legal obligations, court orders, and governmental requests
  • Conducting internal investigations and audits
  • Defending against legal claims

AI and Machine Learning:

  • Training our AI-powered tools and features (only on anonymized or aggregated data without personal identifiers)
  • Improving AI algorithm accuracy and performance
  • Analyzing patterns in de-identified data
  • Developing new AI features and functionality

4.2 Legal Basis

We collect and use personal information based on:

  • Contract Performance: Processing information necessary to perform our Services
  • Consent: Your explicit opt-in consent for marketing, cookies, and sensitive data uses
  • Legitimate Interests: Improving our Services, fraud prevention, and business operations
  • Legal Obligation: Compliance with applicable laws and regulations
  • Vital Interests: Protecting health and safety in emergency situations

5. Data Retention

We retain personal information only as long as necessary for the purposes outlined in this Privacy Policy or as required by law.

5.1 Retention Periods by Category

CategoryRetention PeriodRationale
Account InformationDuration of account + 2 years after deletion or closureLegal compliance, dispute resolution, audit purposes
Payment/Billing Information7 yearsTax compliance, financial record-keeping requirements
Transactional Emails2 yearsCustomer service, dispute resolution
Usage and Behavioral Data13 months (updated rolling basis)Analytics, service improvement, platform optimization
Cookies (Session)Until browser closesSession management only
Cookies (Persistent)Up to 2 years (or as set in cookie preferences)User preferences, analytics, marketing attribution
Support Tickets3 yearsCustomer service history, dispute resolution
Course Completion RecordsDuration of enrollment + 7 yearsVerification of certification, legal compliance
Marketing/CommunicationsUntil unsubscribed + 2 yearsMarketing campaign optimization, list hygiene
IP Address Logs90 daysSecurity monitoring, abuse prevention
Device Information13 monthsAnalytics, fraud detection

5.2 Exceptions and Extensions

We may retain information for longer periods when:

  • Legally required (e.g., tax records, employment records)
  • Necessary for ongoing legal proceedings or disputes
  • Required for fraud or security investigations
  • You have not requested deletion and we are processing for aggregate analytics

5.3 Data Deletion Upon Request

Upon your request and within applicable response timeframes, we will delete your personal information except where we have a legal basis to retain it. See Section 10 (Your Privacy Rights) for details on how to request deletion.

6. Data Sharing and Disclosure

6.1 Categories of Recipients

We share personal information with the following categories of recipients:

Service Providers (Processors):

  • Payment processors (Stripe, PayPal, or similar)
  • Email service providers (Mailchimp, SendGrid, or similar)
  • Analytics providers (Google Analytics, Mixpanel)
  • Customer relationship management (CRM) systems
  • Customer support platforms (Zendesk, Intercom, or similar)
  • Cloud hosting providers (AWS, Google Cloud)
  • Marketing and advertising platforms
  • Video conferencing platforms (Zoom, Google Meet)

These providers are contractually obligated to process data only as instructed and maintain confidentiality.

Third-Party Integrations:

  • Zapier or similar automation platforms (when you connect your account)
  • Payment processors and financial institutions
  • Any third-party services you explicitly authorize

Business Partners:

  • Co-marketing partners (only with opt-in consent)
  • Affiliate marketing partners (commission-based)
  • Resellers and distribution partners (limited information for transaction purposes)

Advertising and Marketing:

  • Social media platforms (Facebook, Instagram, LinkedIn) for targeted advertising
  • Advertising networks and data brokers (for audience segmentation and lookalike audiences)
  • Analytics platforms for advertising performance measurement

Legal and Governmental Authorities:

  • Law enforcement or government agencies (when required by law or legal process)
  • Courts or judicial proceedings
  • Regulatory agencies (for compliance purposes)

Business Transactions:

  • In connection with a merger, acquisition, bankruptcy, or sale of assets
  • Successor entities (with continuity of privacy protections)

6.2 Data Sharing and Sales

Sale or Sharing of Personal Information:

As of the effective date of this Privacy Policy, we do not currently sell personal information for monetary compensation. However, we do engage in “sharing” of certain personal information with advertising and marketing partners as follows:

  • Targeted Advertising: We share behavioral data, device identifiers, and demographic information with social media platforms and advertising networks to display targeted ads. This may be considered “sharing” under California law.
  • Analytics: We share aggregated and de-identified usage data with analytics providers.
  • Co-Marketing: With opt-in consent, we may share email addresses with co-marketing partners for joint promotional campaigns.

Your Right to Opt-Out of Sale/Sharing:

You have the right to opt-out of the sharing of your personal information for targeted advertising purposes. To exercise this right, please visit our Do Not Sell or Share My Personal Information page or click the “Limit Use of My Sensitive Information” link in our website footer.

6.3 Disclosure to International Recipients

If we transfer data outside the United States, we ensure that the recipient implements appropriate safeguards equivalent to those in the U.S. Businesses accessing our Services from outside the U.S. should be aware that their data may be processed and stored in the United States.

7. Your Privacy Rights and Consumer Requests

7.1 Privacy Rights Overview

Depending on your location, you have the following rights regarding your personal information:

RightDescriptionApplicable LawsResponse Time
Right to Know/AccessRequest what personal information we collect and how we use itCCPA, CPRA, VCDPA, CPA, CTDPA, UCPA, OCPA, INCDPA, KCDPA, RIDTPPA45 days (extendable to 90 days)
Right to CorrectRequest correction of inaccurate personal informationCCPA, CPRA, VCDPA, CPA, CTDPA, UCPA, OCPA, INCDPA, KCDPA, RIDTPPA45 days (extendable to 90 days)
Right to DeleteRequest deletion of personal information we holdCCPA, CPRA, VCDPA, CPA, CTDPA, UCPA, OCPA, INCDPA, KCDPA, RIDTPPA45 days (extendable to 90 days)
Right to Opt-Out of Sale/SharingOpt-out of personal information being sold or shared for targeted advertisingCCPA, CPRA, VCDPA, CPA, CTDPA, UCPA, OCPA, INCDPA, KCDPA, RIDTPPAEffective immediately
Right to Opt-Out of Targeted AdvertisingOpt-out of targeted advertising and profilingCCPA, CPRA, VCDPA, CPA, CTDPA, UCPA, OCPA, INCDPA, KCDPA, RIDTPPAEffective immediately
Right to Opt-Out of Automated Decision-MakingOpt-out of automated decision-making with significant legal/financial impactCCPA, CPRA, VCDPA, CPA, CTDPA, UCPA, OCPA, INCDPA, KCDPA, RIDTPPA15 business days (ADMT-specific requests)
Right to AppealAppeal our decision on a rights requestCCPA, CPRA, VCDPA, CPA, CTDPA, UCPA, OCPA, INCDPA, KCDPA, RIDTPPA45 days
Right to Limit Use of Sensitive InformationLimit our collection and use of sensitive personal information to necessary business purposesCCPA, CPRA, VCDPA, CPA, CTDPA, UCPA, OCPA, INCDPA, KCDPA, RIDTPPAEffective immediately
Global Privacy Control (GPC)Signal via browser that you do not want your data sold/sharedAll applicable state lawsHonored within 15 business days

7.2 How to Submit a Privacy Rights Request

Option 1: Online Form
Visit our Privacy Rights Request Portal: [INSERT URL]

Option 2: Email
Send your request to: privacy@josa.ai

Option 3: Mail
Josato Group LLC d/b/a Josa.ai
Privacy Requests
114 East Parker Street
Lakeland, Florida 33801
United States

Option 4: Phone
Call 863-591-5300 and ask to speak with our Privacy team

7.3 Request Verification Process

To process your request, we may ask you to verify your identity by providing:

  • Email address associated with your account
  • Account username
  • Last four digits of payment method (for requests involving payment information)
  • Email confirmation
  • Multi-factor authentication (for requests involving sensitive or financial data)

We will verify requests proportionately to the sensitivity of the data requested. For opt-out requests, we may require minimal verification. For access or deletion requests involving sensitive information, we may request photo ID or multi-factor authentication.

7.4 Non-Discrimination

We will not discriminate against you for exercising your privacy rights. We will not deny services, charge higher prices, provide inferior service, or suggest lesser service quality based on your exercise of privacy rights, except to the extent permitted by law (e.g., where the difference in service or price relates to the value of personal information provided by the consumer).

7.5 Authorized Agents

You may designate an authorized agent to submit rights requests on your behalf. Your agent must be legally authorized (attorney, power of attorney, or guardian) or designated in writing with your signature. We will ask your agent to provide proof of authorization.

7.6 Data Portability

Upon request, we will provide your personal information in a portable, readily usable format (typically CSV or JSON) that you can transfer to another service provider. We will respond within 45 days.

8. Cookies, Tracking Technologies, and Do Not Track Signals

8.1 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Remember your preferences and settings
  • Authenticate your identity during login sessions
  • Analyze usage patterns and improve our Services
  • Display targeted content and advertisements
  • Measure marketing campaign effectiveness

Types of Cookies Used:

Cookie TypePurposeDurationOpt-Out
Session CookiesAuthentication, temporary preferencesUntil browser closesNo
Analytics CookiesPerformance measurement, usage analytics (Google Analytics)Up to 2 yearsGoogle Analytics opt-out extension
Marketing CookiesTargeted advertising, retargeting (Facebook, LinkedIn pixels)Up to 2 yearsCookie preference center
Preference CookiesRemember your language, theme, and settingsUp to 2 yearsBrowser settings or preference center
Functional CookiesEnable core functionality (remember items in shopping cart)Up to 2 yearsFunctionality limitations if disabled

8.2 Obtaining Consent for Tracking Technologies

Consent Banner:
When you first visit our website, you will see a cookie consent banner asking you to accept or reject non-essential cookies. You can:

  • Accept All: Enables all tracking technologies
  • Reject All: Disables non-essential cookies (analytics, marketing)
  • Manage Preferences: Customize which cookies and tracking technologies you accept

8.3 Managing Your Preferences

You can manage your cookie and tracking preferences through:

  1. Our Cookie Preference Center: [INSERT URL]
  2. Browser Settings: Clear cookies and disable tracking through your browser settings
  3. Opt-Out Mechanisms:
    • Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout
    • Digital Advertising Alliance (DAA): https://www.aboutads.info/choices
    • Network Advertising Initiative (NAI): https://optout.networkadvertising.org/
    • Your Online Choices (EU): https://www.youronlinechoices.com/

8.4 Global Privacy Control (GPC)

We recognize and honor Global Privacy Control (GPC) signals transmitted by your browser or device. When we detect a valid GPC signal, we will:

  • Treat it as a valid opt-out request for targeted advertising and data sharing
  • Display visible confirmation that your opt-out has been honored
  • Cease setting tracking cookies and pixels
  • Not use your data for targeted advertising or sharing with data brokers

How to Enable GPC:

  • Download and install a GPC-enabled browser extension or use a browser with built-in GPC support
  • Alternatively, visit: https://globalprivacycontrol.org/

8.5 Do Not Track (DNT) Signals

Your browser may allow you to transmit “Do Not Track” (DNT) signals. However, there is currently no industry-wide standard for recognizing DNT signals, and we do not alter our practices in response to browser-based DNT signals. However, you can use other mechanisms described in this section (GPC, browser settings, opt-out tools) to control tracking.

9. Automated Decision-Making and Profiling

9.1 Automated Decision-Making

We use automated decision-making (including AI and machine learning) for the following limited purposes:

Permitted Uses:

  • Fraud Detection: Automated systems flag potentially fraudulent transactions for review
  • Content Recommendation: Algorithms recommend relevant courses or content based on your profile
  • Email Filtering: Spam detection and email classification
  • Support Routing: Automatic categorization and routing of support tickets
  • Personalization: Customizing your dashboard and content recommendations

Significant Decision Uses:
We do NOT currently use automated decision-making to make significant decisions with legal or financial impacts (such as credit decisions, loan approvals, or employment decisions).

9.2 Profiling

We engage in profiling to create behavioral segments and user personas, which we use for:

  • Marketing segmentation and targeted advertising
  • Personalizing your experience
  • Predicting user preferences and behavior
  • Content recommendation algorithms

9.3 Your Right to Opt-Out of Automated Decision-Making

You have the right to opt-out of profiling and automated decision-making that has a foreseeable risk to your privacy or interests. To exercise this right:

  1. Visit our Opt-Out of Automated Decision-Making page: [INSERT URL]
  2. Email privacy@josa.ai with your request
  3. Call 863-591-5300
  4. Use your account settings to disable personalization features

9.4 Transparency for AI Processing

If we use your data to train or improve our AI-powered tools or services, we will:

  • Clearly disclose this use in our notices at collection
  • Provide you with the ability to opt-out before AI processing begins
  • Ensure that any AI-generated insights are transparent and explainable
  • Maintain human oversight of significant AI-based decisions

10. Data Security

10.1 Security Measures

We implement comprehensive security measures to protect personal information from unauthorized access, alteration, disclosure, or destruction. These include:

Technical Safeguards:

  • HTTPS encryption in transit (TLS 1.2 or higher)
  • Encryption at rest for sensitive data (AES-256 encryption)
  • Secure authentication mechanisms (multi-factor authentication available)
  • Web application firewall (WAF) protection
  • Regular penetration testing and vulnerability scanning
  • DDoS protection and monitoring
  • Database encryption
  • Secure API design with rate limiting and authentication
  • Intrusion detection and prevention systems

Administrative Safeguards:

  • Privacy and security training for all employees
  • Background checks for employees with access to personal data
  • Non-disclosure agreements with employees and contractors
  • Least-privilege access controls (employees access only data needed for role)
  • Role-based access controls (RBAC)
  • Audit logs and monitoring of data access
  • Incident response procedures and breach protocols
  • Regular privacy and security audits
  • Data minimization practices (collect only necessary information)

Physical Safeguards:

  • Secure data center facilities with access controls
  • Surveillance and monitoring
  • Restricted access to server rooms
  • Physical media destruction protocols

10.2 Limitations

No method of transmission or storage is 100% secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security. You use our Services at your own risk. We recommend using strong passwords, enabling multi-factor authentication, and not sharing confidential information over unsecured channels.

10.3 Breach Notification

In the event of a data breach involving personal information, we will:

  • Investigate the breach promptly
  • Notify affected individuals without unreasonable delay (typically within 60 days)
  • Notify relevant state attorneys general as required by law
  • Provide information on the nature of the breach, data compromised, and steps being taken
  • Offer credit monitoring or identity theft protection where appropriate
  • Comply with all notification requirements under state breach notification laws

11. Third-Party Links and Services

11.1 Third-Party Websites and Services

Our Services may contain links to third-party websites and services, including social media platforms, payment processors, and partner websites. We are not responsible for the privacy practices of these third-party sites. When you click on a third-party link, you leave our Services and are subject to that third party's privacy policy.

We recommend reviewing the privacy policy of any third-party service before providing personal information.

11.2 Social Media Integration

We may offer options to log in using your social media account (e.g., Google, LinkedIn, Facebook). If you choose this option:

  • We only access the information you authorize
  • Your social media provider controls what information is shared with us
  • We receive your basic profile information (name, email, profile picture)
  • You can revoke this access through your social media account settings

12. Children's Privacy

12.1 Minimum Age Requirement

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will delete such information immediately.

For Children Ages 13-15:
If you are between 13 and 15, we collect information from you to provide our Services, but with additional protections:

  • We require parental consent for certain data uses
  • We limit data sharing and advertising targeting
  • We provide enhanced privacy controls
  • We do not sell or share information from minors to third parties for targeted advertising

For Children Ages 16-17:
If you are between 16 and 17, we require your consent (not parental consent) for data uses, except in limited circumstances.

12.2 Parental Rights

If you are a parent or guardian of a child under 16 using our Services, you have the right to:

  • Request access to your child's personal information
  • Request correction or deletion of your child's personal information
  • Request that we cease collecting information from your child
  • Contact us at privacy@josa.ai with proof of guardianship

13. California Consumer Privacy Act (CCPA/CPRA) Disclosures

13.1 California Resident Rights

If you are a California resident, you have the following rights under the CCPA and CPRA:

Right to Know: You may request what personal information we collect, the categories of sources, our business purposes, and the categories of recipients.

Right to Correct: You may request correction of inaccurate information we maintain about you.

Right to Delete: You may request deletion of personal information, except where we have a legal basis to retain it.

Right to Opt-Out of Sale or Sharing: You may opt-out of the sale or sharing of your personal information. Visit our “[Do Not Sell or Share My Personal Information](link)” page.

Right to Limit Use of Sensitive Personal Information: You may limit our collection, use, and retention of sensitive personal information to what is necessary to provide our Services. Visit our “[Limit Use of My Sensitive Information](link)” page.

Right to Opt-Out of Automated Decision-Making: You may opt-out of automated decision-making and profiling that has foreseeable risk to your privacy. To opt-out, email privacy@josa.ai or call 863-591-5300.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

Right to Data Portability: You may receive a copy of your personal information in a portable format.

Right to Appeal: You may appeal our decision on your privacy rights request.

13.2 Sensitive Personal Information Disclosures (CPRA)

We collect the following sensitive personal information:

  • Social Security numbers or tax ID numbers (only when legally required)
  • Financial account information (credit card data, processed via secure third-party processors)
  • Precise geolocation (only with explicit opt-in)
  • Government-issued identification (for billing verification)

Limiting Use of Sensitive Information:
You have the right to limit our use of sensitive personal information to what is reasonably necessary to provide our Services. To exercise this right, click the “[Limit Use of My Sensitive Information](link)” link in our website footer, or email privacy@josa.ai.

13.3 California Privacy Requests

To submit a California privacy rights request, use the methods listed in Section 7.2 (How to Submit a Privacy Rights Request).

14. Virginia, Colorado, Connecticut, Utah, and Oregon Privacy Rights

14.1 Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, and Oregon OCPA

If you are a resident of Virginia, Colorado, Connecticut, Utah, or Oregon, you have rights similar to those listed for California:

  • Right to Know: Access your personal information
  • Right to Correct: Request corrections to inaccurate data
  • Right to Delete: Request deletion of your data
  • Right to Opt-Out: Opt-out of targeted advertising and data sales
  • Right to Data Portability: Receive your data in portable format
  • Right to Appeal: Appeal our response to your request

These rights apply if we process personal information of Virginia, Colorado, Connecticut, Utah, or Oregon residents.

14.2 Exercising Your Rights

To exercise your rights under these state laws, use the methods listed in Section 7.2.

15. Indiana, Kentucky, and Rhode Island Privacy Rights

15.1 Indiana INCDPA, Kentucky KCDPA, and Rhode Island RIDTPPA

If you are a resident of Indiana, Kentucky, or Rhode Island, you have the following rights:

  • Right to Know/Access: Request a copy of your personal information
  • Right to Correct: Request correction of inaccurate information
  • Right to Delete: Request deletion of your information
  • Right to Obtain a Copy: Receive a copy of your data in a portable format
  • Right to Opt-Out: Opt-out of targeted advertising, data sales, and automated profiling
  • Right to Appeal: Appeal our response to your request
  • Non-Discrimination: We will not discriminate based on your exercise of these rights

15.2 Responding to Requests

We will respond to your request within 45 days of verification (extendable to 90 days if necessary). For Rhode Island residents, revocation of consent requests must be processed within 15 days.

15.3 Exercising Your Rights

To exercise your rights, contact us using the methods listed in Section 7.2.

16. Data Processing for Business Purposes

16.1 Data Processing Agreements (DPA)

If you are a business, organization, or entity using our Services, and you are collecting data from end-users through our platform, we may act as a data processor on your behalf. We offer Data Processing Agreements that clearly define:

  • Our roles and responsibilities as a processor
  • Permitted uses and limitations on data use
  • Data security requirements
  • Breach notification procedures
  • Sub-processor arrangements
  • Your rights as a controller
  • Data subject rights fulfillment

To request a DPA or discuss data processing arrangements, contact privacy@josa.ai.

17. International Data Transfers

17.1 U.S. Data Processing

Our Services are hosted in the United States. If you access our Services from outside the U.S., your personal information will be transferred to, stored in, and processed in the United States.

17.2 International Users

By using our Services, you consent to the transfer of your information to the United States, where privacy protections may differ from those in your home country. If you do not consent to this transfer, please do not use our Services.

18. Policy Updates and Changes

18.1 Modifications to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the revised policy on our website with an updated “Last Modified” date
  • Sending you an email notification (for significant changes)
  • Requiring your re-acceptance of the policy (for material changes)

Your continued use of our Services after the effective date of updates constitutes your acceptance of the revised Privacy Policy.

18.2 Review This Policy Regularly

We encourage you to review this Privacy Policy regularly to stay informed about how we protect your personal information.

19. Additional Information and Resources

19.1 California Attorney General

https://oag.ca.gov/

19.2 Federal Trade Commission (FTC)

https://www.ftc.gov/

19.3 Your Online Choices (Advertising Preferences)

https://www.youronlinechoices.com/

19.4 Digital Advertising Alliance

https://www.aboutads.info/

19.5 Network Advertising Initiative

https://optout.networkadvertising.org/

19.6 Global Privacy Control

https://globalprivacycontrol.org/

20. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Josato Group LLC d/b/a Josa.ai
Privacy Department
114 East Parker Street
Lakeland, Florida 33801
United States

Phone: 863-591-5300
Email: privacy@josa.ai

Mailing Address for Legal Inquiries:
Josato Group LLC
Attn: Legal / Privacy Compliance
114 East Parker Street
Lakeland, Florida 33801

We will respond to your inquiry within 30 days.

Acknowledgment:

By using Josa.ai and our Services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal information as described herein.