OwnRep Privacy Policy

Last updated: April 2026 · Effective: April 2026

This Privacy Policy describes how JK.Creative LLC ("JK Creative," "we," "us," or "our") handles information in connection with OwnRep ("Software"). By installing and using OwnRep, you agree to the practices described in this policy.

For questions or privacy requests, contact support@jkcreative.store.

1. The Core Principle: Your Data Stays on Your Machine

OwnRep is a locally installed desktop application. All business data — reviews, emails, support tickets, OAuth tokens, configuration settings, and logs — is stored in a SQLite database on your own computer. JK Creative does not operate a cloud server that receives, stores, or processes your business data.

The only data transmitted to JK Creative is your license key, sent at application launch to verify your subscription status. Nothing else is sent to us.

2. What Data the Software Collects and Stores Locally

The following data is stored in a local SQLite database on your machine:

Data TypeWhat It IsWhy It's Stored
OAuth access tokens and refresh tokensCredentials for your Google (Gmail + GBP) or Microsoft (Outlook) accountRequired to send emails and monitor reviews on your behalf
Business email addressThe email account you connect during setupIdentifies which account to use for sending
Review dataReview text, reviewer names, star ratings, platform source (Google, Yelp), timestampsCore function — monitoring and responding to reviews
Email send recordsRecipients, send timestamps, response statusTracks which customers received review requests
Support ticket contentTicket text provided by you for macro generationUsed to generate support response templates (one-time analysis)
Support macrosAI-generated response templates created from your ticketsStored for reuse in future support interactions
Application configurationAPI keys you enter (e.g., your Yelp API key), preferences, notification settingsApp operation
Application logsDiagnostic events, errors, API call timestampsDebugging and troubleshooting
License keyYour subscription license key from SquareValidated on launch

None of this data is transmitted to JK Creative except the license key as described in Section 4.

3. Data You Provide That Is Processed Locally

When you use OwnRep's features, you or the Software may process:

  • Customer email addresses — for sending review request emails. These are entered by you or imported by you. They are stored locally and used solely for the send action you initiate.
  • Review content — pulled from Google Business Profile and Yelp APIs and stored locally for monitoring and response drafting.
  • Support ticket text — provided by you in bulk for the one-time Support Macro Library analysis. This content is sent to Google Gemini Flash for AI processing (see Section 5).

4. The Only Data Sent to JK Creative: License Validation

Each time OwnRep launches, it sends your license key to JK Creative's license validation server. This request:

  • Contains only the license key string
  • Does not include your email, name, business name, review data, customer data, or any other personal or business information
  • Is used solely to confirm that your Square subscription is active
  • Is made over HTTPS

We log the validation request (timestamp + license key status) for billing and fraud prevention purposes. We do not log IP addresses in association with license keys beyond what is inherent in standard web server logging, and we do not use this data for any purpose other than license management.

5. Third-Party Services and Data They Receive

OwnRep integrates with several third-party services. When you use a feature that relies on a third-party API, data is transmitted to that service as described below.

5.1 Google APIs (Gmail API, Google Business Profile API)

  • What's sent: Email content you compose and send; API requests to retrieve review listings and post responses
  • What Google receives: Your OAuth tokens (managed by Google), email content, review response text
  • Who controls it: You authorize the Google connection via OAuth. You can revoke access at any time from your Google Account settings (myaccount.google.com/permissions)
  • Google's privacy policy: policies.google.com/privacy

5.2 Google Gemini Flash (AI draft generation)

  • What's sent: Review text (including reviewer name and review body) and/or support ticket text you submit for analysis
  • Purpose: Generating draft responses to reviews and support macros
  • PII caution: Review text may contain names, opinions, or other information written by your customers. OwnRep sends this text to Gemini as-is to generate a draft. We do not strip or anonymize it before sending.
  • What Gemini does NOT receive: Your Gmail message contents, customer email lists, OAuth tokens, license key, or any data not directly relevant to the draft being generated
  • Google's AI data handling: ai.google.dev/gemini-api/terms

5.3 Microsoft Graph API (Outlook email sending)

  • What's sent: Email content you compose and send, via your authorized Microsoft account
  • Who controls it: You authorize the Microsoft connection via OAuth (Microsoft Entra). Revoke at any time from your Microsoft account settings (account.microsoft.com)
  • Microsoft's privacy policy: privacy.microsoft.com

5.4 Yelp Fusion API

  • What's sent: Your business identifier to retrieve public review listings
  • What's received: Publicly visible review data from Yelp
  • Limitation: OwnRep uses read-only Yelp API access. No data is written to Yelp through OwnRep.
  • Yelp's privacy policy: yelp.com/tos/privacy

5.5 Square

  • What's sent: Payment information you provide at checkout, managed entirely by Square
  • What JK Creative receives from Square: Subscription status, license key activation events, payment confirmation — no full card numbers
  • Square's privacy policy: squareup.com/legal/privacy

5.6 Google API Services User Data Policy — Limited Use Disclosure

OwnRep's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Scope requested: https://www.googleapis.com/auth/gmail.send. This scope permits OwnRep to send email as the authenticated user. It does not permit OwnRep to read, modify, or delete any email in the user's mailbox. OwnRep does not request any other Gmail scope.

How OwnRep uses Google user data:

  • Gmail send: OwnRep uses gmail.send for exactly one purpose — to send review-request emails, composed by the authenticated business owner, to customers on lists the owner imports into OwnRep. Emails are sent from the owner's own Gmail account so recipients recognize the sender and messages deliver with the domain's own reputation.
  • Google Business Profile: OwnRep reads and responds to reviews on the business profiles the authenticated user owns.

How OwnRep does NOT use Google user data:

  • OwnRep does not read, store, or analyze the contents of any email in the user's mailbox.
  • OwnRep does not use Google user data to train machine-learning models, including third-party AI models.
  • OwnRep does not transfer Google user data to any third party, except as required to deliver the email or review response through Google's own servers.
  • OwnRep does not use Google user data for advertising purposes, including personalized, retargeted, or interest-based advertising.
  • OwnRep does not sell Google user data.
  • Human beings at JK Creative do not read Google user data, except (a) with the user's explicit consent for specific messages, (b) to comply with applicable law, (c) for security investigations, or (d) where the data has been aggregated and anonymized for internal operations.

Where Google user data is stored: OwnRep is a desktop application. OAuth access tokens and refresh tokens are stored locally on the user's own device in the application's configuration directory. These tokens are never transmitted to JK Creative's servers. The contents of outgoing emails are sent directly from the user's device to Google's Gmail API and are not retained by JK Creative after sending.

How to revoke access: Users can revoke OwnRep's access to their Google account at any time at https://myaccount.google.com/permissions. Signing out of OwnRep also deletes the locally stored OAuth tokens.

6. Auto-Update Mechanism

On launch, OwnRep checks JK Creative's CDN for available software updates. This request:

  • Contains only the current software version number and your operating system (Windows or macOS)
  • Does not include personal or business data
  • Is used only to determine whether an update is available

7. Data We Do Not Collect

JK Creative does not collect, and OwnRep does not transmit to JK Creative:

  • Your customers' email addresses or contact information
  • Review content or review response drafts
  • Email content you send through the Software
  • Support ticket content
  • OAuth tokens or credentials
  • Business name, address, or profile information
  • Usage analytics or behavioral telemetry
  • IP addresses tied to your identity (beyond standard server log entries for license validation)

8. Data Retention and Deletion

Because all data is stored locally on your machine, you have full control over retention and deletion.

  • To delete your data: Uninstall OwnRep and delete the application data folder. On Windows, this is typically %APPDATA%\OwnRep. On macOS, it is typically ~/Library/Application Support/OwnRep.
  • To revoke OAuth access: Remove OwnRep's access from your Google or Microsoft account settings. This does not delete local tokens immediately — uninstalling the app removes them from your machine.
  • JK Creative's retention of your license key: We retain your license key in our Square account records per Square's standard practices and our own billing records. To request deletion, contact support@jkcreative.store.

9. Security

JK Creative does not store your business data and therefore cannot be breached for it. The security of your locally stored data (including OAuth tokens) is your responsibility as the device owner. We recommend:

  • Using full-disk encryption on the device where OwnRep is installed
  • Using a strong login password on your device
  • Revoking OAuth access if your device is lost or stolen

The license validation connection uses HTTPS. We do not store your OAuth tokens on our servers at any time.

10. California Residents — CCPA/CPRA

Because OwnRep stores all data locally on your machine and JK Creative does not receive or maintain your personal or business data, most CCPA/CPRA obligations (right to access, delete, or opt out of sale) apply to data held on your device, which you already fully control.

The only personal information JK Creative holds is your license key and billing information processed through Square. For requests related to those:

11. GDPR Considerations

JK Creative is a US-based company and OwnRep is marketed and sold in the United States. We do not operate EU-directed marketing or maintain EU data transfer mechanisms (e.g., Standard Contractual Clauses) at this time.

If you are located in the European Union or European Economic Area, please be aware:

  • Your business data is stored locally on your machine and not transferred to JK Creative
  • Data passed to Google Gemini, Google APIs, Microsoft, and Yelp is governed by those companies' own GDPR compliance posture
  • License key data processed by JK Creative is minimal and used only for billing verification

We recommend reviewing the GDPR policies of Google, Microsoft, and Yelp before deploying OwnRep in an EU context.

12. Children

OwnRep is a business tool not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has somehow provided information to JK Creative in connection with OwnRep, contact support@jkcreative.store.

13. Changes to This Policy

JK Creative may update this Privacy Policy at any time. We will post the updated policy at jkcreative.store and update the "Last Updated" date. For material changes, we will provide notice via the email address on file with Square. Continued use of OwnRep after the effective date of a material change constitutes acceptance.

14. Contact