Policies for JewelLink customers, users, and visitors.

Jewellink Master Terms of Service

These Master Terms of Service, together with any Order Form, Data Processing Addendum, Messaging Terms, Acceptable Use Policy, AI Features Addendum, and other documents incorporated by reference, govern access to and use of the Jewellink services by the retailer or other customer identified in an Order Form or account registration ("Retailer").

"Jewellink" means Jewelry Sales Academy LLC d/b/a Jewellink, and its affiliates where applicable. "Services" means the Jewellink CRM, sales analytics, messaging, training, AI, mobile, integrations, and related services.

1. Accounts and Authorized Users

Retailer is responsible for all activity under its account, including activity by employees, contractors, administrators, consultants, agents, and any other users invited or enabled by Retailer ("Authorized Users"). Retailer is responsible for selecting and managing Authorized Users; assigning appropriate roles and permissions; maintaining accurate account, billing, and business information; protecting passwords, devices, API tokens, OAuth connections, inboxes, social accounts, and POS credentials; promptly disabling access for former personnel; and notifying Jewellink without undue delay of any suspected unauthorized access, credential compromise, phishing event, or misuse of the Services.

Jewellink is not responsible for unauthorized access, loss, disclosure, or misuse arising from Retailer Systems, Retailer credentials, Authorized Users, shared devices, compromised inboxes, phishing, malware, social engineering, weak passwords, or Retailer's failure to follow reasonable security practices, except to the extent caused by Jewellink's breach of its express obligations under these Terms.

2. Retailer Data

"Retailer Data" means data, content, records, files, images, communications, POS data, customer data, training data, and other information submitted to, imported into, synced with, generated through, or made available to the Services by or on behalf of Retailer.

As between the parties, Retailer owns Retailer Data. Retailer grants Jewellink and its service providers a worldwide, non-exclusive, limited license to host, copy, process, transmit, display, transform, analyze, and otherwise use Retailer Data as necessary or appropriate to provide, secure, support, and improve the Services; configure integrations selected by Retailer; provide CRM, messaging, analytics, training, AI, reporting, support, and mobile functionality; prevent fraud, abuse, security incidents, and service misuse; comply with law, legal process, and carrier/platform requirements; enforce these Terms and incorporated policies; and create Aggregated Data and De-Identified Data as described below.

3. Retailer Data Warranties

Retailer represents and warrants that Retailer has all rights, permissions, notices, consents, and legal bases required to provide Retailer Data to Jewellink and to authorize Jewellink to process it; Retailer Data does not violate law, third-party rights, privacy commitments, confidentiality obligations, employment obligations, POS vendor contracts, platform policies, or consumer consents; Retailer owns or has sufficient rights to Retailer Data and has permission from its POS providers, software vendors, data sources, systems, platforms, licensors, and other third parties to access, export, sync, transmit, import, and process Retailer Data through the Services; Retailer is responsible for the accuracy, legality, quality, integrity, and appropriateness of Retailer Data; Retailer is responsible for providing, connecting, authorizing, maintaining, and updating the data sources, credentials, exports, files, feeds, APIs, integrations, mappings, and permissions needed to populate and operate the Services; Retailer is responsible for auditing, validating, reconciling, and correcting Retailer Data, integrations, imports, mappings, sync results, sales analytics, dashboards, reports, automations, AI outputs, and customer records; Retailer will not submit data it is prohibited from providing to Jewellink; Retailer will not use the Services to collect or process sensitive data unless the applicable feature, Order Form, or written instructions expressly permit that processing; and Retailer is responsible for responding to its customers, employees, and other individuals regarding Retailer Data, except where Jewellink is legally required to respond directly.

Retailer must not submit, upload, import, sync, store, request, transmit, or otherwise process through the Services any "Prohibited Sensitive Data" unless Jewellink has expressly authorized that processing in a written Order Form, addendum, or signed agreement.

Prohibited Sensitive Data includes social security numbers, full payment card numbers, CVV codes, bank account or routing numbers, consumer credit reports, credit scores, financing applications, loan applications, income information, protected health information, medical information, government identification numbers, driver's license numbers, passport numbers, biometric identifiers or biometric templates, account passwords, authentication credentials, children's data, and other highly sensitive or specially regulated information not expressly supported by the Services.

Retailer is solely responsible for any Prohibited Sensitive Data submitted to the Services in violation of these Terms. Jewellink is not responsible for claims, losses, fines, penalties, regulatory obligations, breach notification duties, or damages arising from Retailer's unauthorized submission or processing of Prohibited Sensitive Data, except to the extent caused by Jewellink's breach of its express obligations under these Terms. Jewellink may reject, quarantine, delete, disable, or restrict access to Prohibited Sensitive Data where Jewellink reasonably believes such data has been submitted in violation of these Terms.

4. Aggregated Data, De-Identified Data, and Product Improvement

Jewellink may create and use Usage Data, Aggregated Data, and De-Identified Data to operate, analyze, secure, improve, and develop the Services, including AI, analytics, benchmarking, fraud prevention, product research, and performance measurement.

"Usage Data" means technical, operational, and usage information about the Services, such as logs, events, performance data, feature usage, errors, device data, and security signals. "Aggregated Data" means data combined with other data so that it does not identify Retailer, any Retailer customer, or any individual. "De-Identified Data" means data processed to remove or obscure direct and reasonably linkable identifiers so that Jewellink does not reasonably use it to identify Retailer, a Retailer customer, or an individual.

Jewellink will not use Retailer Customer Data containing personal information to train shared or generally available AI models unless Retailer has expressly authorized that use in writing, such as through a separate AI Product Improvement Program or Order Form. Nothing in these Terms restricts Jewellink from using general skills, ideas, know-how, techniques, learnings, or non-identifying insights developed in providing the Services.

5. Third-Party Services and Integrations

The Services may interoperate with third-party services, including POS systems, cloud providers, payment processors, communications providers, email and calendar providers, social platforms, AI providers, media hosts, learning systems, mobile platforms, and other services. Retailer authorizes Jewellink to access, transmit, receive, store, and process Retailer Data through third-party services and subprocessors as necessary to provide the Services.

Retailer is responsible for choosing whether to connect third-party accounts; maintaining rights to those accounts; obtaining and maintaining all permissions, licenses, API rights, export rights, vendor approvals, and contractual rights required to connect, access, sync, export, import, transmit, or process data from POS systems, email providers, social platforms, CRMs, payment systems, inventory systems, analytics tools, data providers, and other third-party systems; complying with third-party terms and platform policies; ensuring connected accounts and credentials remain secure; reviewing permissions requested by third-party services; and any data, instructions, or content sent through those integrations.

Jewellink is not responsible for third-party services, including outages, delays, API changes, fees, data loss, inaccurate source data, incomplete source data, broken exports, mapping errors, permission failures, vendor restrictions, filtering, deliverability failures, account suspensions, carrier blocking, platform enforcement, or third-party security incidents, except to the extent caused by Jewellink's breach of its express obligations under these Terms.

6. Messaging, Email, and Social Communications

Retailer is solely responsible for the content, timing, recipients, lawfulness, consent, opt-out handling, and compliance of messages, emails, calls, social messages, and other communications sent or managed through the Services. Retailer must comply with all applicable laws and rules, including the Telephone Consumer Protection Act, CAN-SPAM Act, state privacy and telemarketing laws, carrier rules, CTIA guidelines, The Campaign Registry requirements, Twilio requirements, Meta platform policies, Google and Microsoft policies, and any other applicable messaging, email, or platform rules.

Retailer must maintain proof of consent where required and promptly honor opt-outs, revocations, do-not-contact requests, and other consumer instructions. Additional requirements are set forth in the Jewellink Messaging Terms.

7. AI Features

The Services may include AI-assisted features, including suggested replies, sales coaching, roleplay, voice transcription, summaries, analytics, lead insights, training feedback, generated scripts, and generated media. AI Features are assistive tools only. Retailer is responsible for reviewing, approving, and using AI outputs. Jewellink does not guarantee that AI outputs are accurate, complete, unique, non-infringing, compliant, or suitable for any particular use.

Retailer must not use AI Features to deceive consumers, impersonate individuals without authorization, make unlawful claims, generate misleading offers, provide regulated professional advice, make automated high-impact decisions, or avoid human review where legally or commercially required. Additional requirements are set forth in the Jewellink AI Features Addendum.

8. Acceptable Use

Retailer and its Authorized Users must comply with the Jewellink Acceptable Use Policy. Jewellink may investigate suspected violations and may suspend or limit access where Jewellink reasonably believes activity creates legal, security, operational, carrier, platform, reputational, or customer harm.

9. Security

Jewellink will maintain commercially reasonable administrative, technical, and organizational safeguards designed to protect Retailer Data in Jewellink's possession from unauthorized access, disclosure, alteration, and destruction. Retailer acknowledges that no system, network, transmission, vendor, AI provider, communications provider, or storage environment can be guaranteed to be perfectly secure or error-free.

Retailer remains responsible for Retailer Systems, including local devices, networks, employee practices, POS systems, email accounts, social accounts, OAuth grants, browser sessions, passwords, and endpoint security.

"Retailer-Caused Security Incident" means any unauthorized access, disclosure, loss, alteration, unavailability, or compromise of Retailer Data or the Services arising from or relating to Retailer Systems, Authorized Users, Retailer credentials, connected third-party accounts, POS systems, email accounts, social accounts, malware on Retailer devices, phishing or social engineering of Retailer personnel, misconfigured permissions, failure to offboard users, Retailer's instructions, Retailer's unlawful or unauthorized data collection, or Retailer's submission of Prohibited Sensitive Data.

Retailer is solely responsible for Retailer-Caused Security Incidents and for all resulting costs, losses, claims, fines, penalties, notices, investigations, forensics, remediation, credit monitoring, consumer support, regulatory responses, legal fees, settlements, judgments, carrier or platform fees, and other expenses, except to the extent caused by Jewellink's breach of its express obligations under these Terms. Retailer will reimburse Jewellink for reasonable costs and expenses Jewellink incurs in investigating, responding to, mitigating, defending, or assisting with a Retailer-Caused Security Incident, including reasonable attorneys' fees, forensic expenses, notification support, customer support, vendor charges, and platform or carrier charges.

10. Confidentiality

Each party may receive non-public information from the other party that is marked confidential or reasonably should be understood to be confidential. The receiving party will use the disclosing party's confidential information only to perform or receive the Services, protect it using reasonable care, and disclose it only to personnel, contractors, service providers, advisors, or authorities who have a legitimate need to know. Confidential information does not include information that is publicly available without breach, already known without restriction, independently developed, or lawfully received from a third party.

11. Fees, Billing, and Taxes

Retailer will pay all fees described in the applicable Order Form or checkout flow. Fees are non-refundable except as expressly stated in an Order Form or required by law. Retailer is responsible for taxes, carrier fees, messaging fees, AI usage charges, overage charges, app store charges, integration fees, and third-party fees unless an Order Form states otherwise. Jewellink may suspend or limit Services for overdue amounts, failed payments, chargebacks, suspected fraud, excessive usage, or billing disputes not raised in good faith.

If any undisputed payment is more than fifteen days overdue, Jewellink may suspend, restrict, disable, terminate, or delete Retailer's account, Authorized User access, integrations, and Retailer Data ingested into the Services. Jewellink may retain limited information as necessary for legal, security, backup, audit, dispute, compliance, fraud prevention, billing, and legitimate business purposes.

12. Service Changes and Beta Features

Jewellink may modify, improve, discontinue, or replace features from time to time. Jewellink will use commercially reasonable efforts to avoid materially reducing core paid functionality during an active subscription term. Beta, preview, experimental, pilot, or trial features are provided as-is, may change or stop at any time, and may be subject to additional limits.

13. Data Retention, Export, Portability, and Deletion

During the subscription term, Retailer may export certain Retailer Data using available functionality or by requesting reasonable assistance from Jewellink. After termination, Jewellink may retain Retailer Data for a limited period for legal, security, backup, dispute, audit, compliance, fraud prevention, and legitimate business purposes. Jewellink may delete or disable access to Retailer Data after termination unless law or a written agreement requires retention.

Jewellink is not a permanent archive, legal records system, disaster recovery service, or system of record unless an Order Form expressly states otherwise. Retailer is responsible for exporting or preserving any Retailer Data it wishes to retain using the then-current export, sync, API, reporting, or download functionality made available within the Services.

Except for export, sync, API, reporting, or download functionality made generally available by Jewellink, Jewellink has no obligation to provide custom exports, database dumps, schemas, transformation files, migration scripts, third-party import files, message archives, usage logs, audit logs, metadata, derived data, analytics data, AI outputs, system data, deleted data, backup data, or data in a format requested by Retailer or a third party. Jewellink is not responsible for migrating, syncing, mapping, transforming, formatting, transmitting, validating, or importing Retailer Data into any third-party CRM, POS system, messaging platform, marketing platform, email platform, analytics tool, data warehouse, AI system, or other service.

Any migration, export, sync, or transition assistance provided by Jewellink outside standard product functionality is discretionary, may require a separate written agreement and additional fees, and is provided on a commercially reasonable efforts basis only. Retailer is solely responsible for reviewing exports, preserving records, validating data accuracy, maintaining its own backups where required, and completing any transition before cancellation, expiration, suspension, termination, or deletion.

Jewellink is not liable for any loss, corruption, delay, incompatibility, failed migration, incomplete export, mapping error, formatting issue, third-party import failure, business interruption, or loss of access arising from Retailer's transition away from the Services, except to the extent caused by Jewellink's breach of its express obligations under these Terms. Jewellink may decline, limit, delay, or condition any export, sync, API access, or migration request that Jewellink reasonably believes would create security, privacy, legal, operational, confidentiality, third-party, excessive-burden, or service-integrity risk.

If Retailer is more than fifteen days late on any undisputed payment, Jewellink may delete Retailer Data ingested into the Services, including CRM data, imported data, synced data, messages, files, AI data, training data, media, and integration data, subject to any retention Jewellink determines is necessary for legal, security, backup, audit, dispute, compliance, fraud prevention, billing, and legitimate business purposes.

14. Suspension

Jewellink may suspend, limit, throttle, block, or terminate access to all or part of the Services if Jewellink reasonably believes Retailer or an Authorized User has violated these Terms or an incorporated policy; continued use may create legal, regulatory, carrier, platform, security, privacy, operational, reputational, or third-party risk; Retailer Data or message content is unlawful, deceptive, harmful, or infringing; Retailer credentials, accounts, or connected services appear compromised; use may harm the Services, Jewellink, other customers, consumers, vendors, or platforms; payment is overdue, including any undisputed payment more than fifteen days overdue; or suspension is required by law, a third-party provider, carrier, platform, or court order. Jewellink will use commercially reasonable efforts to provide notice where practical, but may act immediately where needed to prevent harm.

15. Disclaimers

Except as expressly stated in these Terms, the Services are provided "as is" and "as available." Jewellink disclaims all warranties, whether express, implied, statutory, or otherwise, including warranties of merchantability, fitness for a particular purpose, title, non-infringement, uninterrupted operation, error-free operation, data preservation, deliverability, revenue improvement, sales results, customer conversion, regulatory compliance, or that the Services will prevent fraud, phishing, data loss, or security incidents.

Jewellink does not guarantee results from CRM workflows, training programs, AI outputs, SMS delivery, email delivery, social messaging, analytics, integrations, inventory recommendations, or sales insights. Jewellink makes no representation or warranty that Retailer Data, customer records, POS data, inventory data, transaction data, message data, usage data, dashboards, reports, sales analytics, forecasts, recommendations, automations, AI outputs, or integrations are accurate, complete, current, available, compliant, or suitable for Retailer's business purposes. Accuracy depends on Retailer's source systems, data rights, exports, integrations, mappings, configuration, user activity, and ongoing review.

Retailer is solely responsible for auditing, validating, reconciling, correcting, and approving all Retailer Data, customer records, analytics, reports, dashboards, AI-generated content, suggested messages, automations, imports, exports, syncs, and integration results before relying on them or using them with customers, employees, vendors, regulators, or third parties.

16. Retailer Indemnity

Retailer will defend, indemnify, and hold harmless Jewellink and its affiliates, officers, directors, employees, contractors, agents, and service providers from and against any claims, damages, losses, liabilities, penalties, fines, costs, and expenses, including reasonable attorneys' fees, arising from or relating to Retailer Data; Retailer Systems; Retailer's products, services, stores, employees, contractors, or customers; Retailer's source systems, POS systems, exports, integrations, mappings, data permissions, vendor permissions, or third-party system terms; messaging, email, calling, social messaging, or other communications; failure to obtain or maintain consents, notices, permissions, or legal rights; violation of law, consumer rights, privacy rights, platform policies, carrier rules, or third-party rights; Retailer's use of AI outputs or generated content; connected third-party accounts or integrations; Retailer-Caused Security Incidents; disputes between Retailer and its customers, employees, vendors, or POS providers; unauthorized use caused by Authorized Users, credentials, devices, or Retailer Systems; or breach of these Terms or incorporated policies.

17. Jewellink Indemnity

Jewellink will defend Retailer against a third-party claim alleging that the Services, as provided by Jewellink and used as authorized, infringe a United States patent, copyright, trademark, or trade secret, and will pay damages finally awarded or settlement amounts approved by Jewellink. Jewellink has no obligation for claims arising from Retailer Data, Retailer instructions, third-party services, open-source software, modifications not made by Jewellink, combinations not provided by Jewellink, unauthorized use, or continued use after Jewellink provides a replacement or workaround. Jewellink may resolve an infringement claim by procuring rights, modifying the Services, replacing the Services, or terminating the affected Services and refunding prepaid unused fees for the terminated portion.

18. Limitation of Liability

To the maximum extent permitted by law, Jewellink will not be liable for indirect, incidental, special, consequential, exemplary, punitive, enhanced, or similar damages, or for lost profits, lost revenue, lost business, lost goodwill, reputational harm, business interruption, loss of data, loss of messages, cost of substitute services, regulatory penalties, or third-party claims, even if Jewellink has been advised of the possibility of such damages. To the maximum extent permitted by law, Jewellink's aggregate liability for all claims arising out of or relating to the Services or these Terms will not exceed the fees paid by Retailer to Jewellink for the affected Services during the twelve months before the event giving rise to liability. The limitations in this section apply regardless of legal theory and even if a remedy fails of its essential purpose.

19. Term and Termination

These Terms begin when Retailer accepts them, signs an Order Form, or uses the Services, and continue until terminated. Either party may terminate as set forth in the applicable Order Form. Jewellink may terminate or suspend for material breach, non-payment, legal risk, security risk, or discontinued service availability. Upon termination, Retailer must stop using the Services and pay all amounts owed. Sections intended to survive will survive, including confidentiality, data rights, fees, disclaimers, indemnity, limitation of liability, and dispute terms.

20. Governing Law and Disputes

These Terms are governed by the laws of the State of Arkansas, without regard to conflict of law principles.

The parties will first attempt to resolve disputes through good-faith business escalation. If not resolved, any lawsuit, claim, action, or proceeding arising out of or relating to the Services or these Terms must be brought exclusively in the state or federal courts located in Pulaski County, Arkansas, including courts located in or serving Little Rock, Arkansas, unless an Order Form or separate arbitration agreement provides otherwise. Each party irrevocably submits to the personal jurisdiction of those courts and waives any objection based on venue, inconvenience, or lack of personal jurisdiction to the maximum extent permitted by law.

Retailer waives any right to participate in a class, collective, consolidated, or representative action to the maximum extent permitted by law.

21. Changes

Jewellink may update these Terms from time to time. Material changes will be posted or otherwise provided through reasonable notice. Continued use of the Services after the effective date of updated Terms constitutes acceptance, unless law requires otherwise.

22. Contact

Legal notices to Jewellink should be sent to Jewelry Sales Academy LLC d/b/a Jewellink, 1825 N Grant St, Little Rock, Arkansas 72207, Email: support@jewellink.com. Operational privacy and support requests may be sent to support@jewellink.com.

Jewellink Privacy Policy

This Privacy Policy explains how Jewelry Sales Academy LLC d/b/a Jewellink ("Jewellink," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our websites, applications, CRM, sales analytics, messaging, training, AI, mobile, and related services.

1. Scope

This Policy applies to visitors to Jewellink websites; retailers and their personnel who use Jewellink; individuals who communicate with Jewellink; and personal information we process for our own business purposes. When Jewellink processes a retailer's customer data on behalf of that retailer, the retailer is generally responsible for its own privacy notices and legal obligations. Jewellink processes that data as described in our agreements with the retailer.

2. Information We Collect

We may collect account information, such as name, email, phone number, role, company, location, login credentials, and permissions; retailer business information, such as store details, billing contacts, subscription details, A2P registration information, and integration settings; customer and CRM data submitted or synced by retailers, such as names, contact information, preferences, notes, birthdays, anniversaries, sales history, wishlist data, appointment data, form submissions, and relationship history; POS, sales, transaction, inventory, product, associate, and location data; communications data, such as SMS/MMS, email, webchat, Messenger, Instagram, call, and message content and metadata; training and learning data, such as course enrollment, progress, scores, roleplay sessions, transcripts, audio, and coaching activity; AI feature data, such as prompts, outputs, transcripts, generated replies, summaries, and feedback; media and files, such as images, videos, product photos, training assets, uploads, and generated media; mobile data, such as device tokens, app version, permissions, local authentication settings, and push notification metadata; usage and device data, such as IP address, browser, operating system, pages viewed, feature usage, logs, errors, and security events; and billing and payment metadata, while payment card details are generally processed by our payment processor.

Retailers are prohibited from submitting social security numbers, full payment card numbers, CVV codes, bank account or routing numbers, consumer credit reports, credit scores, financing applications, loan applications, income information, protected health information, medical information, government identification numbers, driver's license numbers, passport numbers, biometric identifiers or biometric templates, account passwords, authentication credentials, children's data, or other highly sensitive or specially regulated information unless Jewellink has expressly authorized that processing in writing.

3. Sources of Information

We may collect information from retailers and their Authorized Users; retailer systems, POS systems, imports, and connected accounts; customers and prospects who interact with retailer-facing forms, messaging, or webchat features; service providers and integration partners; public sources and business contact sources; mobile apps and websites; and automated logs and security tools.

4. How We Use Information

We may use information to provide, operate, support, secure, and improve the Services; manage accounts, authentication, permissions, billing, and subscriptions; provide CRM, analytics, messaging, training, AI, mobile, and reporting features; sync data from POS systems and third-party integrations; send transactional, administrative, support, and security communications; process SMS, MMS, email, social, webchat, push, and other communications; provide AI-assisted features such as summaries, suggestions, roleplay, transcription, and generated content; prevent fraud, abuse, misuse, spam, security incidents, and unauthorized access; debug, monitor, analyze, and improve performance; create aggregated or de-identified data; comply with law, legal process, carrier rules, platform requirements, and contractual obligations; and enforce our terms and policies.

5. AI and Product Improvement

We may use Usage Data, Aggregated Data, De-Identified Data, feedback, evaluation data, and non-identifying telemetry to improve and develop Jewellink services and AI features. We do not use retailer customer data containing personal information to train shared or generally available Jewellink AI models unless the retailer has expressly authorized that use in writing. Third-party AI providers may process data as service providers to deliver AI features. We seek to use business/API configurations that do not permit those providers to train their generally available models on retailer data unless disclosed or authorized.

6. How We Disclose Information

We may disclose information to cloud hosting, database, infrastructure, and security providers; messaging, email, push notification, and communications providers; payment and billing providers; AI, transcription, voice, media, and analytics providers; POS, CRM, learning management, social, email, calendar, and other integration providers; professional advisors, auditors, insurers, and legal counsel; authorities, courts, regulators, carriers, and platforms where required or appropriate; parties involved in a merger, acquisition, financing, restructuring, or sale of assets; and other parties with consent or at the direction of the retailer or user. We do not sell retailer customer lists.

7. Cookies and Website Technologies

Our websites and applications may use cookies, pixels, SDKs, local storage, and similar technologies for authentication, security, preferences, analytics, performance, and website functionality. If we use advertising or cross-context behavioral advertising technologies, we will provide additional notices or choices where required by law.

8. SMS and Communications

If you opt in to receive SMS/MMS or other communications from Jewellink or a retailer using Jewellink, message frequency may vary. Message and data rates may apply. You may opt out of SMS messages by replying STOP where supported. You may request help by replying HELP or contacting the sender. Retailers are responsible for their own customer messaging practices and consent obligations.

9. Data Retention

We retain information for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, maintain security, enforce agreements, support business operations, and meet legitimate business needs. Retention periods vary depending on the type of data, feature, retailer instructions, legal requirements, backup cycles, and operational needs.

10. Security

We use commercially reasonable safeguards designed to protect information in our possession. No method of transmission, storage, vendor processing, AI processing, or electronic system is completely secure. Retailers are responsible for securing their own accounts, devices, personnel, POS systems, email accounts, social accounts, networks, and connected services.

11. Privacy Rights

Depending on where you live, you may have rights to request access, correction, deletion, portability, restriction, objection, opt-out of certain processing, or non-discrimination. If your information is processed by Jewellink on behalf of a retailer, we may refer your request to that retailer. To submit a privacy request to Jewellink, contact us at privacy@jewellink.com or support@jewellink.com.

12. California Privacy Notice

California residents may have rights under the California Consumer Privacy Act, as amended, including rights to know, delete, correct, opt out of sale or sharing, limit use of sensitive personal information, and non-discrimination. We do not knowingly sell retailer customer data. We do not knowingly share retailer customer data for cross-context behavioral advertising. We may disclose personal information to service providers and contractors for business purposes described in this Policy.

13. Children

The Services are intended for business use by retail jewelry businesses and are not directed to children under 13. Retailers must not use the Services to collect information from children unless they have all required rights and consents.

14. Changes

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated effective date.

15. Contact

Jewelry Sales Academy LLC d/b/a Jewellink
1825 N Grant St
Little Rock, Arkansas 72207
support@jewellink.com

Jewellink Data Processing Addendum

This Data Processing Addendum ("DPA") supplements the Jewellink Master Terms of Service and applies to Jewellink's processing of personal information in Retailer Data.

1. Roles

For Retailer Customer Data, Retailer is the controller, business, or equivalent entity that determines the purposes and means of processing. Jewellink is the processor, service provider, contractor, or equivalent entity processing Retailer Customer Data on Retailer's behalf. For Jewellink account administration, billing, security, usage analytics, product operations, and direct business relationships with Retailer personnel, Jewellink may act as an independent controller or business.

2. Processing Instructions

Retailer instructs Jewellink to process Retailer Data to provide, secure, support, maintain, analyze, and improve the Services, including CRM, sales analytics, messaging, training, AI features, mobile functionality, integrations, support, billing, fraud prevention, security, and compliance. Retailer also instructs Jewellink to process Retailer Data through approved service providers and subprocessors as needed to provide the Services.

3. Retailer Responsibilities

Retailer is responsible for providing legally valid processing instructions; giving all required notices to customers, employees, leads, and other individuals; obtaining all required consents and authorizations; owning or having sufficient rights to Retailer Data and obtaining all permissions, licenses, API rights, export rights, vendor approvals, and contractual rights required from POS providers, software vendors, data sources, systems, platforms, licensors, and other third parties to access, export, sync, transmit, import, and process Retailer Data through the Services; providing, connecting, authorizing, maintaining, and updating the data sources, credentials, exports, files, feeds, APIs, integrations, mappings, and permissions needed to populate and operate the Services; auditing, validating, reconciling, and correcting Retailer Data, integrations, imports, mappings, sync results, dashboards, reports, analytics, AI outputs, and customer records; responding to privacy rights requests unless Jewellink is legally required to respond directly; ensuring Retailer Data is accurate, lawful, and appropriate for the Services; determining whether the Services are suitable for Retailer's legal obligations; and ensuring Retailer does not submit prohibited or unsupported data.

Retailer will not instruct Jewellink to process data in violation of applicable law. Jewellink is not responsible for inaccurate, incomplete, stale, unauthorized, or unlawfully supplied Retailer Data; POS vendor restrictions; source system limitations; mapping errors caused by source data or Retailer instructions; or Retailer's failure to maintain required third-party permissions, except to the extent caused by Jewellink's breach of its express obligations under the Agreement.

4. Categories of Data

Retailer Data may include customer and lead names, contact information, addresses, preferences, birthdays, anniversaries, household details, spouse or family references, notes, and relationship history; sales, transaction, wishlist, appointment, form, inventory, product, associate, location, and POS data; SMS, MMS, email, webchat, Messenger, Instagram, call, and conversation content and metadata; training, course, roleplay, quiz, progress, performance, coaching, and user activity data; uploaded files, images, videos, audio, transcripts, generated media, and product media; connected account tokens, identifiers, and integration metadata; device tokens and mobile app metadata; and billing and subscription metadata, excluding full payment card numbers processed directly by payment processors.

Retailer must not submit, upload, import, sync, store, request, transmit, or otherwise process Prohibited Sensitive Data through the Services unless Jewellink has expressly authorized that processing in a written Order Form, addendum, or signed agreement. Prohibited Sensitive Data includes social security numbers, full payment card numbers, CVV codes, bank account or routing numbers, consumer credit reports, credit scores, financing applications, loan applications, income information, protected health information, medical information, government identification numbers, driver's license numbers, passport numbers, biometric identifiers or biometric templates, account passwords, authentication credentials, children's data, and other highly sensitive or specially regulated information not expressly supported by the Services.

Retailer remains solely responsible for unauthorized submission of Prohibited Sensitive Data and for all legal obligations, notices, consents, deletion requests, breach notification duties, and claims arising from that unauthorized submission, except to the extent caused by Jewellink's breach of its express obligations under the Agreement.

5. Data Subjects

Data subjects may include Retailer's customers, leads, prospects, employees, contractors, authorized users, sales associates, administrators, vendors, and other individuals whose information is included in Retailer Data.

6. Subprocessors

Retailer authorizes Jewellink to use subprocessors to provide the Services. Jewellink will maintain a service provider and subprocessor list describing material subprocessors and their general processing purposes. Jewellink may add, replace, or remove subprocessors from time to time. Where required by applicable law or a signed agreement, Jewellink will provide notice of material changes and an opportunity to object on reasonable data protection grounds. Jewellink will impose commercially reasonable data protection obligations on subprocessors that process Retailer Customer Data.

7. CCPA Service Provider Terms

To the extent the California Consumer Privacy Act, as amended, applies, Jewellink will process personal information as a service provider or contractor for the business purposes described in the Agreement and this DPA. Jewellink will not retain, use, or disclose personal information except to perform the Services; for the business purposes described in the Agreement; to retain and use subprocessors under written terms; for internal use to build or improve the quality, safety, and security of the Services, provided Jewellink does not use the personal information to perform services for another business in a manner prohibited by law; to create and use Aggregated Data and De-Identified Data; to detect security incidents, protect against malicious or illegal activity, and enforce terms; as otherwise permitted by applicable law; or as instructed by Retailer. Jewellink will not sell Retailer Customer Data or share Retailer Customer Data for cross-context behavioral advertising as those terms are defined by applicable California law.

8. Confidentiality and Personnel

Jewellink will ensure that personnel authorized to process Retailer Customer Data are subject to confidentiality obligations or professional obligations of confidentiality.

9. Security Measures

Jewellink will maintain commercially reasonable administrative, technical, and organizational safeguards designed to protect Retailer Customer Data in Jewellink's possession. These safeguards may include access controls, encryption in transit, encryption at rest where supported, credential protection, logging, environment separation, secret management, and incident response procedures. Retailer acknowledges that security obligations are shared. Retailer remains responsible for Retailer Systems, Authorized Users, endpoint security, account permissions, passwords, OAuth grants, POS access, email accounts, social accounts, and consumer-facing practices.

10. Security Incidents

Jewellink will notify Retailer without undue delay after confirming a Security Incident affecting Retailer Customer Data in Jewellink's possession. Notice may include, to the extent known and legally permitted, the nature of the incident, affected Services, categories of data involved, measures taken or planned, and information reasonably needed for Retailer to meet its legal obligations.

Unsuccessful access attempts, blocked attacks, scans, pings, denial-of-service attempts, spam, phishing attempts not resulting in compromise of Jewellink systems, and incidents caused by Retailer Systems or Authorized Users are not Security Incidents under this DPA.

"Retailer-Caused Security Incident" means any unauthorized access, disclosure, loss, alteration, unavailability, or compromise of Retailer Customer Data arising from or relating to Retailer Systems, Authorized Users, Retailer credentials, connected third-party accounts, POS systems, email accounts, social accounts, malware on Retailer devices, phishing or social engineering of Retailer personnel, misconfigured permissions, failure to offboard users, Retailer's instructions, Retailer's unlawful or unauthorized data collection, or Retailer's submission of Prohibited Sensitive Data. Retailer is responsible for Retailer-Caused Security Incidents and for all resulting legal obligations, notices, investigations, forensics, remediation, credit monitoring, consumer support, regulatory responses, claims, fines, penalties, legal fees, settlements, judgments, and other expenses, except to the extent caused by Jewellink's breach of its express obligations under the Agreement. Retailer will reimburse Jewellink for reasonable costs Jewellink incurs in investigating, responding to, mitigating, defending, or assisting with a Retailer-Caused Security Incident.

11. Privacy Rights Requests

Jewellink will provide reasonable assistance to Retailer for data subject requests to the extent required by applicable law and technically feasible through the Services. If Jewellink receives a request directly from an individual relating to Retailer Customer Data, Jewellink may refer the individual to Retailer unless Jewellink is legally required to respond.

12. Return and Deletion

Upon termination or written request, Jewellink will return or delete Retailer Customer Data as required by the Agreement, applicable law, and technical feasibility. Retailer is responsible for using available self-service export, sync, API, reporting, or download tools before cancellation, expiration, suspension, termination, or deletion. Jewellink is not required to create custom exports, database dumps, migration files, schemas, transformation files, reports, message archives, usage logs, audit logs, metadata, derived data, analytics data, AI outputs, system data, deleted data, backup data, or third-party import formats unless expressly agreed in writing. Jewellink is not responsible for migrating, syncing, mapping, transforming, formatting, transmitting, validating, or importing Retailer Customer Data into any third-party CRM, POS system, messaging platform, marketing platform, email platform, analytics tool, data warehouse, AI system, or other service. Jewellink may retain data as necessary for legal, security, backup, audit, dispute, compliance, fraud prevention, billing, and legitimate business purposes. Jewellink may also retain Aggregated Data and De-Identified Data. Deletion from backups may occur in accordance with Jewellink's normal backup lifecycle. If Retailer is more than fifteen days late on any undisputed payment, Retailer instructs Jewellink that Jewellink may suspend, restrict, disable, terminate, or delete Retailer Customer Data ingested into the Services, subject to any retention Jewellink determines is necessary for legal, security, backup, audit, dispute, compliance, fraud prevention, billing, and legitimate business purposes.

13. Audits

Upon reasonable written request and no more than once annually unless required by law or following a confirmed Security Incident, Jewellink will provide information reasonably necessary to demonstrate compliance with this DPA. Jewellink may satisfy audit requests through security summaries, questionnaires, third-party reports, certifications if available, or written responses. On-site audits require advance notice, reasonable scope, confidentiality, and reimbursement of Jewellink's reasonable costs unless prohibited by law.

14. International Transfers

Retailer authorizes Jewellink and its subprocessors to process Retailer Data in the United States and other jurisdictions where Jewellink or its service providers operate. Where legally required, the parties will use appropriate transfer mechanisms.

15. AI and Model Improvement

Jewellink may use Retailer Data to provide AI-enabled features to Retailer. Jewellink may use Usage Data, Aggregated Data, and De-Identified Data to improve and develop Jewellink services and AI features. Jewellink will not use Retailer Customer Data containing personal information to train shared or generally available AI models unless Retailer expressly authorizes that use in writing.

16. Conflict

If this DPA conflicts with the Master Terms, this DPA controls for processing of Retailer Customer Data to the extent of the conflict.

Jewellink Acceptable Use Policy

This Acceptable Use Policy applies to all use of the Jewellink Services.

1. General Rule

Retailer may use the Services only for lawful retail jewelry business purposes and in accordance with the Master Terms, Messaging Terms, AI Features Addendum, applicable laws, carrier rules, platform policies, and third-party terms.

2. Prohibited Conduct

Retailer must not, and must not allow any Authorized User or third party to violate any law, regulation, court order, privacy right, publicity right, consumer protection law, intellectual property right, or contractual obligation; use the Services for fraud, scams, phishing, pharming, spoofing, impersonation, deceptive offers, fake urgency, bait-and-switch promotions, or misleading claims; send unlawful, unwanted, or non-consensual communications; ignore or evade opt-outs, do-not-contact requests, quiet hours, carrier restrictions, platform rules, or consent revocations; upload, sync, or process data without sufficient rights, notices, consents, or legal basis; access, test, scan, probe, scrape, crawl, overload, disrupt, reverse engineer, or attack the Services or any third-party system; introduce malware, malicious code, credential harvesters, spyware, or harmful files; bypass security controls, rate limits, authentication, authorization, usage limits, or billing controls; share credentials, API tokens, or connected account access in an insecure manner; use the Services to harass, intimidate, threaten, discriminate, defame, or exploit any person; submit or generate sexually explicit, violent, hateful, exploitative, or unlawful content; collect or process data about minors without all required rights and consents; submit, upload, import, sync, store, request, transmit, or otherwise process social security numbers, full payment card numbers, CVV codes, bank account or routing numbers, consumer credit reports, credit scores, financing applications, loan applications, income information, protected health information, medical information, government identification numbers, driver's license numbers, passport numbers, biometric identifiers or biometric templates, account passwords, authentication credentials, children's data, or other highly sensitive or specially regulated information unless expressly authorized by Jewellink in writing; use the Services to make regulated credit, employment, housing, insurance, legal, medical, or similar high-impact decisions; resell, sublicense, rent, timeshare, or provide service bureau access to the Services without written permission; use the Services to build a competing product or benchmark the Services for competitive purposes; remove, obscure, or alter legal notices or proprietary rights notices; or use the Services in a way that harms Jewellink, other customers, consumers, carriers, platforms, vendors, or the reputation of the Services.

3. Messaging Rules

Retailer must not send or facilitate messages that lack required consent; misrepresent sender identity; fail to identify the retailer where legally or commercially required; promote illegal goods or services; contain phishing links or misleading URLs; contain SHAFT content or other carrier-prohibited content where prohibited by carriers or messaging providers; evade carrier filters, snowshoe, rotate numbers to avoid detection, or manipulate sender identity; continue after a STOP, unsubscribe, do-not-contact, or equivalent request; use purchased, scraped, rented, or shared lists without lawful consent; or violate Twilio, The Campaign Registry, CTIA, carrier, Meta, Google, Microsoft, or other platform requirements.

4. AI Rules

Retailer must not use AI Features to deceive consumers into believing generated content was created by a human where disclosure is required or context makes nondisclosure misleading; clone, simulate, or use a person's voice, image, likeness, or identity without authorization; generate misleading jewelry, pricing, financing, appraisal, warranty, scarcity, investment, or authentication claims; provide legal, financial, medical, tax, appraisal, insurance, credit, or other regulated professional advice without qualified human review; make automated decisions with legal or similarly significant effects; generate phishing, social engineering, malware, spam, or manipulation; or avoid required human review of customer communications.

5. Security and Access

Retailer must maintain reasonable security practices for Retailer Systems and Authorized Users, including appropriate passwords, device security, access reviews, prompt offboarding, and protection of connected accounts. Retailer must promptly notify Jewellink of suspected misuse, unauthorized access, compromised credentials, suspicious messaging, or security events involving the Services.

6. Enforcement

Jewellink may investigate suspected violations and may remove content, block messages, suspend integrations, throttle usage, disable accounts, terminate Services, report abuse to service providers or authorities, or take other actions Jewellink reasonably believes are necessary to protect Jewellink, the Services, consumers, vendors, carriers, platforms, or other customers. Jewellink may act without prior notice where immediate action is needed to prevent harm, legal exposure, security risk, carrier enforcement, platform enforcement, or service disruption.

Jewellink Messaging Terms

These Messaging Terms apply to SMS, MMS, RCS, email, webchat, social messaging, call-related messaging, and other communications sent, received, routed, drafted, automated, or managed through the Jewellink Services.

1. Retailer Is the Sender

Retailer is the sender, initiator, and content owner of communications sent through or managed by the Services, except for Jewellink administrative messages about the Services. Retailer is solely responsible for the content, recipients, timing, frequency, consent, legality, and business purpose of its communications.

2. Consent and Opt-Outs

Retailer must obtain and maintain all consents required to message each recipient. Retailer must be able to prove consent, including the date, source, method, disclosure, phone number or address, and scope of consent where required. Retailer must promptly honor opt-outs, revocations, unsubscribe requests, do-not-contact requests, and consumer instructions. Opt-out requests may be made by any reasonable method, including keywords such as STOP where supported. Retailer must not message individuals who have opted out unless legally permitted and consent has been re-established.

3. A2P 10DLC, Carrier, and Platform Requirements

Retailer must provide complete, accurate, and current information for A2P 10DLC, toll-free verification, sender registration, brand registration, campaign registration, number assignment, privacy policy review, terms review, and similar carrier or platform requirements. Retailer authorizes Jewellink and its messaging providers to submit Retailer information to carriers, messaging providers, registries, and platform partners as needed to provide messaging services. Retailer acknowledges that carriers, registries, providers, and platforms may reject, suspend, filter, block, limit, delay, or charge fees for messages, numbers, brands, campaigns, or accounts. Jewellink is not responsible for carrier or platform decisions, filtering, deliverability failures, registration denials, fees, or policy enforcement.

4. Message Content

Retailer must ensure message content is truthful, non-deceptive, legally compliant, and consistent with the consent obtained. Retailer must not send messages that contain or promote phishing, fraud, scams, impersonation, or deceptive sender identity; illegal goods or services; misleading jewelry pricing, discounts, financing, warranties, scarcity, appraisal, provenance, authenticity, or investment claims; harmful, malicious, or misleading links; harassment, threats, hate, exploitation, or unlawful discrimination; carrier-prohibited content; or content prohibited by the Acceptable Use Policy.

5. Automations and AI Drafts

Retailer is responsible for reviewing and approving automations, templates, auto-replies, AI-suggested replies, generated scripts, and campaign content. Retailer must configure automations to avoid unlawful outreach, excessive frequency, quiet-hour violations, opt-out failures, misleading claims, or messaging outside the scope of consent.

6. No Emergency Use

The Messaging Services are not intended for emergency, life-safety, security alarm, or urgent medical communications. Retailer must not rely on the Services for emergency communications.

7. Message Delivery

Jewellink does not guarantee message delivery, delivery speed, read receipts, engagement, conversion, or compliance approval. Message delivery may be affected by recipient devices, carriers, spam filters, provider outages, platform rules, number reputation, registration status, message content, frequency, and recipient behavior.

8. Fees

Retailer is responsible for applicable messaging fees, carrier fees, registration fees, number fees, verification fees, usage fees, pass-through fees, and overages unless an Order Form states otherwise.

9. Suspension

Jewellink may suspend or limit messaging if Jewellink reasonably believes Retailer's messaging creates legal, carrier, platform, security, operational, deliverability, consumer, or reputational risk.

10. Indemnity

Retailer will defend, indemnify, and hold harmless Jewellink from claims, fines, penalties, fees, damages, costs, and expenses arising from Retailer's communications, including claims under the TCPA, CAN-SPAM Act, state telemarketing laws, privacy laws, consumer protection laws, carrier rules, platform policies, opt-out failures, consent failures, message content, or unauthorized use.

Jewellink AI Features Addendum

This AI Features Addendum applies to AI-assisted features in the Jewellink Services.

1. AI Features

AI Features may include suggested replies, AI chat, CRM insights, customer summaries, sales analytics, roleplay, coaching feedback, voice transcription, text-to-speech, avatar/video generation, image or media analysis, lead prioritization, generated templates, and other machine learning or generative AI functionality. AI Features may be provided by Jewellink models, third-party AI providers, or a combination of both.

2. Inputs and Outputs

"Inputs" means Retailer Data, prompts, audio, messages, files, images, transcripts, instructions, and other content submitted to AI Features. "Outputs" means text, audio, transcripts, summaries, recommendations, scores, generated media, replies, scripts, classifications, or other results generated by AI Features. As between Retailer and Jewellink, Retailer retains ownership of Retailer-provided Inputs. Subject to the Master Terms, Retailer may use Outputs for its internal retail jewelry business purposes.

3. Human Review Required

AI Features are assistive tools only. Retailer and Authorized Users are responsible for reviewing, validating, editing, approving, and deciding whether to use Outputs. Retailer must not rely on AI Features as the sole basis for legal, compliance, credit, employment, disciplinary, pricing, appraisal, insurance, medical, safety, or similarly significant decisions.

4. No Accuracy Guarantee

AI Outputs may be inaccurate, incomplete, offensive, biased, outdated, non-unique, or unsuitable. Jewellink does not warrant that Outputs are accurate, compliant, non-infringing, unique, complete, or appropriate for any particular purpose. Retailer is responsible for verifying jewelry, inventory, pricing, discounts, financing, appraisal, warranty, provenance, scarcity, availability, customer preference, sales claims, customer records, POS data, transaction history, message history, usage data, sales analytics, and source data before using or relying on an Output. AI Outputs and AI-assisted analytics depend on Retailer Data, source systems, integrations, mappings, configuration, and Retailer's instructions. Retailer is responsible for supplying accurate and authorized data, auditing AI Outputs, correcting source data and mappings, and deciding whether any Output is appropriate for customer-facing or business use.

5. AI Product Improvement

Jewellink may use Usage Data, Aggregated Data, De-Identified Data, feedback, evaluation data, and non-identifying telemetry to operate, secure, analyze, improve, and develop the Services and AI Features. Jewellink will not use Retailer Customer Data containing personal information to train shared or generally available AI models unless Retailer has expressly authorized that use in writing. If Jewellink offers an optional AI Product Improvement Program, the terms of that program should describe what data may be contributed; whether data will be identifiable, de-identified, or aggregated; whether data may improve features for other retailers; whether third-party AI providers may receive the data; how Retailer may opt out or revoke participation; any limits on deletion after model training; and any additional security or confidentiality commitments.

6. Third-Party AI Providers

Jewellink may use third-party AI providers, such as language model, transcription, voice, avatar, media, or analytics providers, to provide AI Features. Jewellink will use commercially reasonable efforts to configure third-party AI providers so that Retailer Data submitted through business/API services is not used by those providers to train their generally available models unless Jewellink discloses otherwise or Retailer authorizes such use. Third-party AI providers may process Inputs and Outputs for abuse monitoring, security, service delivery, temporary retention, legal compliance, debugging, or other purposes permitted by their terms and applicable law.

7. Voice, Image, and Likeness

Retailer must obtain all rights and consents required to record, upload, transcribe, synthesize, clone, generate, or use any person's voice, image, likeness, name, performance, or identity. Retailer must not use AI Features to impersonate a person, create deceptive endorsements, or suggest a person said or did something they did not say or do.

8. Prohibited AI Uses

Retailer must not use AI Features to deceive, manipulate, defraud, harass, or exploit consumers; generate phishing, malware, credential harvesting, or social engineering content; make unlawful or misleading jewelry, financing, appraisal, warranty, investment, or authenticity claims; generate discriminatory or unlawful decisions; infer sensitive personal traits where unlawful or inappropriate; create fake reviews, fake testimonials, fake endorsements, or undisclosed synthetic media where disclosure is required; violate intellectual property, privacy, publicity, or confidentiality rights; or violate the Acceptable Use Policy or applicable third-party AI provider policies.

9. Similar Outputs

AI systems may generate similar or identical outputs for different users. Retailer does not receive exclusive rights in general ideas, concepts, formats, suggestions, or outputs independently generated for others.

10. Suspension

Jewellink may suspend, limit, disable, or remove AI Features if Jewellink reasonably believes use creates legal, security, privacy, platform, vendor, operational, reputational, or consumer risk.

Jewellink Service Provider and Subprocessor List

This list identifies material service providers and subprocessors used or conditionally supported by Jewellink. Some providers may apply only when a retailer enables a feature, connects an integration, uses the mobile app, or participates in a migration.

Production and Core Providers

Google Cloud Platform: hosting, Cloud Run, build/deploy, runtime infrastructure, secret management; potential data categories include Retailer Data, account data, logs, and operational data.

PostgreSQL database provider: primary application database; potential data categories include CRM, user, customer, sales, training, messaging, settings, and integration data.

Twilio: SMS/MMS, OTP, messaging services, A2P 10DLC, webhooks; potential data categories include phone numbers, message content, delivery metadata, and brand/campaign data.

Stripe: billing, checkout, subscriptions, billing portal, payment webhooks; potential data categories include billing contacts, customer IDs, subscription metadata, and payment processor tokens.

Postmark: transactional email; potential data categories include recipient emails, system email content, and delivery metadata.

Cloudinary: media storage, image/video/file upload, media migration, tagging; potential data categories include images, videos, files, product media, course media, and metadata.

OpenAI: AI chat, reply suggestions, transcription, analysis, roleplay workflows; potential data categories include prompts, outputs, transcripts, CRM context, and sales/training context.

ElevenLabs: voice generation, text-to-speech, conversational roleplay; potential data categories include text, generated audio, voice/persona configuration, and usage metadata.

HeyGen: AI avatar/video generation; potential data categories include scripts, avatar/video settings, and generated video metadata.

Upstash: Redis, rate limiting, OTP/session support; potential data categories include auth/security metadata, rate limit keys, and temporary OTP/session signals.

SCORM Cloud: learning management, SCORM course launch and progress; potential data categories include learner names/emails, course IDs, registrations, progress, and scores.

Bubble: legacy data migration and legacy webhook forwarding; potential data categories include historic CRM, customer, company, user, training, message, and file data.

EDT / PlanetScale / sync.linkd.com: retail POS, customer, sales, transaction, inventory, wishlist, and media sync; potential data categories include POS data, customer data, sales data, inventory data, product images, and wishlist data.

Expo / EAS / Expo Push: mobile app builds, mobile runtime services, push notifications; potential data categories include device tokens, mobile app metadata, and push payload metadata.

Retailer-Enabled Integrations

Google Gmail: connected email sending, reading, and mailbox workflow features; potential data categories include email content, headers, recipients, and mailbox metadata.

Google Calendar: connected calendar features; potential data categories include calendar events, attendee data, and availability metadata.

Google Business Profile: business profile integration; potential data categories include business account, profile, location, user info, and OAuth token metadata.

Microsoft Azure / Microsoft Graph: Outlook email and calendar integration; potential data categories include email content, calendar data, user profile, and OAuth token metadata.

Fastmail: JMAP email and calendar integration; potential data categories include email content, calendar data, and API token metadata.

Meta / Facebook / Instagram: Messenger and Instagram DM integration; potential data categories include page data, IG account data, messages, participants, and access token metadata.

3CX: call, chat, and SMS webhook/transcription workflows where enabled; potential data categories include call metadata, phone numbers, chat/SMS transcript data, and raw webhook payloads.

Conditional or Future Providers

Vercel: scheduled cron configuration. Confirm whether production cron jobs run through Vercel or another scheduler.

Apple App Store / APNs: iOS app distribution and push notification delivery. Applies to production iOS mobile app distribution and push notifications.

Apple iCloud / CloudKit: native iOS shell has CloudKit entitlements. Confirm whether the native iOS shell is active. The Expo mobile app appears to be the active mobile product.

Google Fonts / font delivery providers: public web/mobile font loading where used. Usually low-risk, but include in cookie/privacy review if client-side calls occur.

Service Provider Change Process

Jewellink may update this list as providers change. Where required by an executed DPA or applicable law, Jewellink will provide notice of material subprocessor changes and an opportunity to object on reasonable data protection grounds.

Notes for Counsel

Confirm exact legal names and privacy/security URLs for each provider before publication. Split "subprocessor" from "integration provider" if counsel prefers a narrower public list. Mark providers as active, optional, or legacy before publishing. Confirm whether OpenAI, ElevenLabs, HeyGen, and Cloudinary processing terms support the AI and media commitments in the Master Terms and AI Addendum.

Jewellink Security Overview

This Security Overview summarizes Jewellink's general security practices. It is informational and does not replace the Master Terms, Data Processing Addendum, or any signed security addendum.

1. Security Program

Jewellink maintains commercially reasonable administrative, technical, and organizational safeguards designed to protect Retailer Data in Jewellink's possession. Security measures are designed based on the size and nature of the Services, the types of data processed, and the risks reasonably associated with CRM, sales analytics, messaging, training, AI, and retail jewelry data.

2. Hosting and Infrastructure

Jewellink is designed to run on managed cloud infrastructure. Production deployment artifacts indicate use of Google Cloud Run, containerized application deployment, Google Cloud build/deploy workflows, and runtime secret injection through cloud secret management.

3. Access Controls

Jewellink uses account-based access controls to restrict access to retailer workspaces and functionality. Retailers are responsible for assigning appropriate roles, removing former personnel, and maintaining secure credentials. Administrative access to production systems should be limited to personnel with a legitimate business need.

4. Encryption

Jewellink uses encrypted transport where supported for application traffic and third-party integrations. Secrets and tokens should be stored using appropriate secret management or encryption practices. Where supported by the hosting, database, and storage providers, data is encrypted at rest by the underlying service provider.

5. Secrets and Tokens

Production secrets should not be committed to source code. Deployment configuration indicates production secrets are intended to be injected at runtime from cloud secret management. OAuth tokens and connected account credentials should be encrypted or otherwise protected at rest.

6. Logging and Monitoring

Jewellink may maintain application logs, audit trails, webhook logs, message statuses, sync job records, error logs, and security signals to operate, debug, secure, and improve the Services. Logs may contain limited personal information depending on the feature and event. Access to logs should be restricted based on business need.

7. Tenant Separation

Jewellink is designed as a multi-tenant service with company, location, and user scoping in application logic. Retailer is responsible for accurate setup of company, location, user, role, and integration permissions.

8. Third-Party Providers

Jewellink uses third-party service providers for hosting, messaging, payments, email, media, AI, learning management, mobile services, and integrations. Jewellink reviews providers based on business need, security posture, service functionality, and contract terms appropriate to the provider's role. Third-party service providers may experience outages, security incidents, API changes, policy changes, or enforcement actions outside Jewellink's control.

9. Incident Response

Jewellink will investigate suspected security incidents affecting Jewellink systems and will provide legally required notices. Jewellink may notify affected retailers when Jewellink confirms a Security Incident affecting Retailer Data in Jewellink's possession. Retailer must promptly notify Jewellink of suspected unauthorized access, compromised credentials, phishing, suspicious messaging, or security incidents involving Retailer Systems or Authorized Users.

10. Retailer Responsibilities

Retailer is responsible for security outside Jewellink's control, including employee onboarding and offboarding; password and device security; email, calendar, social, POS, and third-party account security; network and endpoint security; physical store devices; user permissions and admin access; consumer consent records; phishing and social engineering prevention; and accuracy and legality of data imported or synced into Jewellink.

Retailer is also responsible for obtaining and maintaining all permissions, licenses, API rights, export rights, vendor approvals, and contractual rights required to connect POS systems, email accounts, social accounts, data sources, and other third-party systems to Jewellink.

Jewellink does not guarantee the accuracy or completeness of customer records, POS data, inventory data, transaction data, message data, usage data, dashboards, sales analytics, AI outputs, imports, exports, syncs, mappings, or integration results. Retailer is responsible for auditing, validating, reconciling, and correcting its data and outputs before relying on them.

Security incidents caused by retailer systems, retailer personnel, retailer credentials, retailer devices, connected third-party accounts, POS systems, unlawful data collection, misconfigured access, failure to offboard users, phishing, social engineering, or prohibited sensitive data submitted by the retailer are the retailer's responsibility under the Master Terms and DPA.

11. No Absolute Security

No service can guarantee absolute security, uninterrupted service, perfect deliverability, or prevention of every data loss, phishing event, credential compromise, vendor outage, or third-party attack. Jewellink's obligations are limited to those expressly stated in the applicable agreement.

12. No Certification Claim Unless Posted

Unless Jewellink separately publishes a current certification or audit report, this Security Overview should not be interpreted as claiming SOC 2, ISO 27001, PCI DSS, HIPAA, GLBA, or other formal certification.