Privacy Policy

Effective date: May 20, 2026

Applies to: the JOP6 mobile application (the “App”), our websites (including pages that host shared forms or related flows), and the online APIs and services that interoperate with them (collectively, the “Services”), operated by Jop 6 Limited, a company incorporated in Hong Kong (“we,” “us,” or “our”).

Summary

JOP6 helps you work with structured forms and related messages: form submissions and workspace activity, workspaces, contacts, composing and sharing forms with others, and workspace membership and invitations. You can use some capabilities before signing in (“guest” use); data from that use stays on your device until you create an account or sign in, as the product allows. Content you send or sync is processed on our servers so delivery, display, and collaboration work across devices and participants.

We process account and sign-in data, identifiers and metadata from clients, content you create or receive, and operational logs. On Android and iOS builds that successfully initialize Google Firebase (which requires valid Firebase configuration in the build), we also use Firebase for push delivery, crash reporting, performance monitoring (for example app start and responsiveness metrics), optional app-integrity checks (App Check), and automatic screen or route analytics. If Firebase is not initialized in your build, those Firebase features are not active. Sign-in with Google or Apple involves those providers as described below.

When you sign in with Google in the App, we request your Google account email and basic profile information to create and secure your account, and—with your consent—the Google Drive permission drive.file so workspace owners can push approved form submissions to folders you choose. We do not request broad access to all files in your Google Drive. See Google account, Sign-In, and Google Drive below.

1. Who this policy covers

This policy covers individuals who use the App, visit our websites, or otherwise interact with the Services (“you”). If you use JOP6 on behalf of an organization, that organization’s agreement with you may apply to your use; this policy describes how Jop 6 Limited handles personal data processed through the Services.

For purposes of the UK GDPR / EU GDPR, where applicable, Jop 6 Limited is the data controller for personal data processed through the Services.

2. Information we collect

2.1 Account and authentication

The App supports Google Sign-In, Sign in with Apple (on supported devices), and email-based sign-in. Depending on how you sign in, we may collect and store:

Email address and display name.
A stable user identifier assigned in our systems.
Sign-in provider identifiers when you use Google or Sign in with Apple (for example provider subject identifiers used to link your account).
For email sign-in, one-time verification codes sent to your address (and related proof tokens on our systems), and, when you set a password for your account, a cryptographic hash of that password (we do not store the password in plain text).
OAuth tokens, refresh tokens, and related session data as needed to maintain your session and provider integration.

2.1.1 Google account, Sign-In, and Google Drive

The App offers Sign in with Google on supported devices. When you choose it, Google’s sign-in screen asks you to allow access to:

Email and profile (email, profile) — so we can identify your account, show your name where the product allows, and keep your workspaces and data synced when you sign in on a new device.
Google Drive — per-file access (https://www.googleapis.com/auth/drive.file) — so you or your workspace can connect Google Drive as a push destination for supervisor-approved form submissions. This scope lets the App create, open, and update only files and folders that Jop 6 creates or that you explicitly select through the App. It does not give us permission to read, list, or change your other Google Drive files.

We use Google account data only to operate the Services, including:

Authenticating you and maintaining your session.
Linking your Jop 6 account to the same Google account on repeat sign-in.
Storing OAuth access and refresh tokens on our servers (encrypted in transit; protected at rest under our security practices) so integrations keep working until you disconnect or revoke access.
When a workspace has Google Drive enabled and you (or an owner on your behalf) trigger a push, uploading structured submission exports (for example submission.json) and related attachments into the Drive folder path configured for that workspace—only after review/approval in the product workflow.

We do not use Google user data for advertising, and we do not sell it. Google may also process data under its own policies when you use Sign in with Google or when Firebase features are active (see sections 2.3 and 5).

You can stop our access to Google Drive by disconnecting the integration in the App (workspace integrations) and/or revoking Jop 6’s access in your Google Account permissions. Disconnecting does not by itself delete files already uploaded to your Drive; you may remove those in Google Drive directly.

2.2 Content and activity

We process information you create or exchange through the Services, including:

Templates, form instances, submissions, replies, dispatches, and related metadata needed for delivery, display, and sync.
Contacts or participant information you add or that we infer from communications (for example senders or recipients associated with form submissions or with workspaces).
Responses or files submitted through public web pages we host when someone opens a shared form link in a browser (those pages may load third-party bot-protection; see below).
Drafts, local preferences, display name overrides, and profile images you choose to provide.
Files, photos, signatures, or attachments you add where the product allows it, and exports or saved output (for example PDFs or images) you generate on your device where supported.
Data held only on your device for guest or offline use (for example local database content) until you sign in, remove it, or uninstall the App.

You should assume that any data you upload or send may be visible to recipients you designate and processed on our servers as required to operate sync, backups, and retention.

2.3 Device, security, and diagnostics

We collect or derive:

Device and app metadata sent with API requests from the App (for example the X-Jop6-Platform and X-Jop6-App-Build headers with your platform and application build number) to support compatibility, security, version requirements, and support.
A per-installation identifier (a UUID stored in on-device preferences) sent with email sign-in requests as the X-Jop6-Device-Id header for abuse prevention and rate limiting (such as limiting verification messages).
Push notification tokens (Firebase Cloud Messaging) registered with our servers when Firebase is initialized on a supported device, so we can send data messages related to the Services. Push delivery uses Google’s infrastructure in that case.
Crash and error reports through Firebase Crashlytics when the App initializes Firebase on Android or iOS, including fatal errors and certain non-fatal reports (for example selected HTTP failures during sign-in or token refresh), which may include truncated or summarized response details.
Performance metrics through Firebase Performance Monitoring when Firebase is initialized, including automatic traces such as app start time and other responsiveness signals collected by the SDK on supported devices.
Usage analytics through Firebase Analytics when Firebase is initialized: the App records screen or route views (including main shell tabs), time spent on each screen (custom screen_engagement events when you leave a screen or background the App), and overall in-app engagement time (automatic user_engagement / session metrics). Signed-in users are linked in Analytics by an opaque server account identifier (not email); guest/local use is not linked to that identifier.

When Firebase App Check is enabled for a build, the App obtains App Check tokens and may send them to our API (for example in the X-Firebase-AppCheck header); Google may process attestation or integrity signals to help prevent abuse. App Check may use debug providers on simulators or in non-production configurations.

2.4 Technical logs

Our servers and client software may log operational events (for example sync activity, error conditions, and security events). We aim to minimize sensitive data in logs—for example avoiding raw message payloads, secrets, and authentication tokens in routine logging—but we cannot guarantee that no personal data ever appears in logs (for example in error text or crash attachments).

2.5 Information from third parties

When you use Google Sign-In or Sign in with Apple, we receive information from those providers according to your choices and their policies.

When you use a shared form link in a web browser, the page may load Cloudflare Turnstile (or similar) for abuse prevention; Cloudflare may process technical data related to that challenge. Our server verifies tokens with Cloudflare when Turnstile is enabled for that environment.

We may receive IP address, cookies or similar identifiers, and standard HTTP information as part of normal operation of our websites and APIs.

3. How we use information

We use the information above to:

Provide, operate, and improve the Services (including sync, form submissions and workspace collaboration features, and notifications).
Authenticate users, maintain sessions, and secure accounts—including Sign in with Google and Sign in with Apple.
Deliver approved form data to destinations you or your workspace configure, including uploading exports and attachments to Google Drive when that integration is connected and you have granted the drive.file scope.
Detect, prevent, and respond to abuse, fraud, and technical issues, and to enforce minimum supported application versions where the product checks client build information.
Comply with law and enforce our terms.
Communicate with you about the Services (for example support or legally required notices).

We do not sell your personal information as that term is commonly defined in U.S. state privacy laws. We do not use your content for third-party advertising unless we separately notify you and, where required, obtain consent.

4. Legal bases (where applicable)

If laws such as the UK or EU GDPR apply, we rely on one or more of the following, depending on the activity:

Performance of a contract (providing the Services you request).
Legitimate interests (security, abuse prevention, product improvement, and internal analytics), balanced against your rights.
Consent where required by applicable law (for example for certain cookies or analytics in some regions).
Legal obligation where we must retain or disclose information.

5. Sharing and subprocessors

We share information with:

Service providers who host infrastructure, send transactional email, deliver notifications, or provide security and analytics tools, under contractual obligations.
Google (Firebase: Cloud Messaging, Crashlytics, Analytics, App Check; Google Sign-In; and the Google Drive API when you connect Drive or sign in with Google including the drive.file scope). See Google’s Privacy Policy and relevant Firebase and Google Drive API documentation.
Apple when you use Sign in with Apple or Apple push services. See Apple’s Privacy Policy.
Cloudflare when Turnstile (or related services) is used on our web pages. See Cloudflare’s Privacy Policy.
Sentry (or similar) for server-side error reporting when we configure it, which may include limited request or diagnostic context. See the provider’s policy for details.
Authorities or third parties when required by law or to protect rights, safety, and integrity.

For a current list of major subprocessors, email privacy@jop6.com.

6. Retention

We retain information for as long as needed to provide the Services and for legitimate business and legal purposes. For example:

Server-side messages, form data, and related records may be subject to automated retention limits (such as deletion or purging after a defined period). Exact periods may depend on environment and configuration.
Devices may retain local copies of synced data until you remove them (for example by deleting items, clearing app data, or uninstalling the App), even if the server no longer holds older history.

You can schedule deletion of your account in the App under Settings → Account → Data & privacy. That requests deletion on our servers and starts a 30-day grace period; signing in again before it ends cancels the scheduled server deletion. After the server accepts the request, the App also removes associated local data on that device. When the grace period completes, we delete or anonymize personal data on our systems subject to backup, legal hold, and technical limitations. If you cannot use the App, contact us from the email on your account; we can schedule the same server-side process. General instructions also appear on our website at /account-deletion (when that page is available on your deployment).

7. Security

We use administrative, technical, and organizational measures designed to protect personal data, including secure network connections between the App and our servers (for example TLS), secure storage for credentials on supported platforms, access controls on servers, and careful logging practices where feasible. No method of transmission or storage is completely secure.

8. Your choices and rights

Depending on your location, you may have rights to access, correct, delete, export, or restrict processing of your personal data, or to object to certain processing. You may also have the right to withdraw consent where processing is consent-based.

To exercise rights, contact privacy@jop6.com. We may verify your request as permitted by law. You may also lodge a complaint with a supervisory authority in your country or region.

For Google-specific controls: you can revoke the App’s access to your Google account (including Drive) at any time through Google Account → Third-party access, and disconnect Google Drive integrations inside the App where the product provides that option.

California residents: Under the CCPA/CPRA, you may have additional rights (for example to know categories of personal information collected, to delete personal information, and to opt out of certain sharing). We do not sell personal information. To submit a request, email privacy@jop6.com.

9. Children

The Services are not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps.

10. International transfers

We are based in Hong Kong, but the Services rely on hosting and other providers that may store or process personal data in other countries or regions where those providers operate data centres (for example regions chosen for performance, capacity, or redundancy). If you use the Services from outside those locations, your information may be transferred across borders to those facilities. Destination countries may have different data protection laws than your own. Where required by applicable law, we use appropriate safeguards (such as standard contractual clauses).

11. Changes

We may update this policy from time to time. We will post the updated version and revise the “Effective date” at the top. If changes are material, we will provide additional notice as required by law (for example in-app notice or email).

12. Contact

Jop 6 Limited

Hong Kong

Email: privacy@jop6.com

← Back to home