JASS Query JASS Query
QueryVault
QueryVault
JASS Query
JASS Query
QueryForge
QueryForge

Privacy Policy

JASS Query and its products
Effective Date: April 23, 2026 Last Updated: June 25, 2026
JASS Query is the suite of tools for Amazon resellers working with Keepa, operated by JASS Pet Services LLC d/b/a JASS Query ("JASS Query," "we," "us"). This policy describes how we handle your information across the JASS Query website, QueryVault (our free browser extension), and QueryForge (our Keepa query automation service). Our philosophy is simple: collect only what the product needs, keep as much as possible on your own device or in your own cloud storage, and never sell or rent what we do collect.

01 What This Policy Covers

This single policy applies to three surfaces:

Where a section applies only to one surface, it is tagged with a colored pill at the top of that section.

02 The JASS Query Website Website

What we collect

Essentially nothing directly. We do not set advertising cookies, we do not run third-party analytics, and we do not embed tracking pixels or advertising scripts. The only information we actively collect on the marketing site is what you voluntarily submit through a form — for example, a product signup or a contact message.

Hosting and request logs

Our website is hosted by us on Microsoft Azure (see §09 for location). As part of normal web-server operation we maintain standard request logs (IP address, timestamp, user agent, requested URL) for security, abuse prevention, and basic traffic statistics. We do not access or analyze these logs for marketing purposes, and we do not share them with third parties except where required by law or to defend against an abuse incident.

Fonts

The site loads web fonts (Syne and DM Sans) from Google Fonts. When you view the site, your browser requests the font files from fonts.googleapis.com. Google may log these requests per its own privacy policy. No other data is sent to Google from the marketing site.

Cookies

The marketing site does not set tracking or advertising cookies. It may set a small number of strictly-necessary cookies required to remember your display preferences (for example, light/dark theme). These are stored in your browser only.

03 QueryVault (Browser Extension) QueryVault

What QueryVault stores locally in your browser

What QueryVault does NOT do

QueryVault does not collect, store, or transmit your browsing history, cookies, or activity on any website other than Keepa Product Finder pages that you actively interact with. It runs no analytics, no telemetry, and no usage tracking.

External network requests

QueryVault is local-first. The only outbound network requests the extension makes are:

We do not sell or rent any information transmitted to us, and we do not share it with third parties for advertising.

How the stored data is used

Your saved queries are used exclusively to:

Storage technology

Query definitions are stored locally in your browser using the browser's built-in Extension Storage API (chrome.storage.local). This data stays on your device; QueryVault does not write it to Chrome Sync or any other cross-device storage.

Chrome Web Store Limited Use disclosure. QueryVault's use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. We do not transfer or sell user data to third parties for advertising, analytics, or unrelated purposes; do not use user data to determine creditworthiness or for lending; and do not allow humans to read user data except as necessary for security, to comply with applicable law, for operations where we have user consent, or where data has been aggregated and de-identified.

04 QueryForge (SaaS Service) QueryForge

What QueryForge does

QueryForge is a subscription service that runs Keepa Product Finder queries on a schedule you define and delivers the resulting CSV files to a cloud storage location you own and control (Google Drive, Microsoft OneDrive, or Azure Blob Storage). Your account, queries, and run history are hosted by us in Microsoft Azure.

Account and authentication data

When you create a QueryForge account, we collect:

We do not receive or store your identity-provider password. We never see your Google/Amazon/Microsoft account password.

Query and run data

We do not retain a copy of your result CSVs on our servers once they have been delivered to your cloud storage. The authoritative copy of your results lives in your storage, not ours. Delivery logs contain metadata (file name, row count, delivery status) but not row-level content.

Keepa API credentials (BYOK tiers)

If you are on a "bring-your-own-key" (BYOK) tier, you provide your own Keepa API key. The key is stored encrypted at rest in Microsoft Azure Key Vault. It is used only to execute the queries you scheduled, and is decrypted in memory only at the moment a run executes. We never display the key back to you in plaintext after you submit it, and we never share it with any third party.

If you are on a bundled-credits tier, we use our own Keepa credentials to run your queries and deduct credits from your subscription allowance.

Results-storage integration (Google Drive, OneDrive, Azure Blob)

You configure exactly one results-storage channel:

In all three cases, you can disconnect the integration at any time from the QueryForge portal. Disconnecting revokes our stored credentials immediately on our side; you should also revoke the grant at the provider (Google Account permissions, Microsoft account permissions, or by rotating the SAS) to be fully thorough. Disconnecting does not delete CSVs that have already been delivered to your storage — those are yours and remain yours.

Billing data

Paid subscriptions are processed by Stripe. When you enter payment information, it is submitted directly to Stripe from your browser; we do not receive or store credit card numbers, CVV codes, or bank account numbers. We receive and store only the billing metadata Stripe returns to us: your customer ID, subscription ID, plan, status, and a token representing your payment method (used only to charge renewals through Stripe). Stripe's handling of your payment information is governed by Stripe's privacy policy.

Transactional email

We send transactional email (account confirmations, run-completion notices, billing receipts, and similar) through Resend. Resend receives your email address and the contents of the message in order to deliver it. Resend is used for transactional email only; any marketing email is governed by the Communications and Marketing section below (§07) and always carries an opt-out.

Diagnostics and logs

We maintain operational logs in Azure Application Insights and related Azure services to monitor the health of QueryForge and to debug issues. These logs may include your account ID, request paths, response codes, and error messages, but do not contain row-level query results or your Keepa API key. Operational logs are retained on a rolling 90-day window unless a longer retention is required to investigate a specific incident.

05 Google User Data (QueryForge + QueryVault) QueryForge

What Google data we access

QueryForge accesses Google user data only when you explicitly connect your Google Drive as your results-storage channel. When you do, you authorize QueryForge via Google OAuth using the drive.file scope. This is a per-file scope: QueryForge receives access only to files it creates in the folder you pick through Google's Drive Picker, plus the folder itself. We cannot see, download, or modify any other file in your Drive.

How we use it

We do not use Google user data for any purpose other than providing the user-facing features you asked for.

How we store it

The OAuth refresh token that lets us write to your Drive folder is stored encrypted at rest in Microsoft Azure Key Vault. Access to it is restricted to the QueryForge service workers that execute your scheduled queries. We do not copy or cache Drive file contents on our systems beyond what is strictly necessary to produce and upload the result CSV.

How we share it

We do not transfer Google user data to any third party, except as necessary to provide the QueryForge feature you requested (for example, the Azure infrastructure that runs the service), to comply with applicable law or legal process, or with your explicit consent.

How you remove it

You can disconnect QueryForge from your Google account at any time by (a) removing the integration from the QueryForge portal, which deletes our stored refresh token, and/or (b) revoking QueryForge's access from your Google Account permissions page. Revoking either way stops any further access. CSVs we have already delivered to your Drive folder remain in your Drive under your control — they are your files.

Google API Services User Data Policy — Limited Use disclosure. QueryForge's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we affirm that QueryForge does not:

  • transfer Google user data to third parties, except as necessary to provide or improve user-facing features of QueryForge that are prominent in the product's user interface, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with appropriate notice to users;
  • use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising;
  • use Google user data to determine creditworthiness or for lending purposes;
  • allow humans to read Google user data, except (i) with your explicit affirmative consent for specific messages, (ii) as necessary for security purposes (such as investigating abuse), (iii) to comply with applicable law, or (iv) where the data has been aggregated and de-identified for internal operations.

06 Microsoft User Data (Sign-in and OneDrive) QueryForge

What Microsoft data we access

QueryForge uses Microsoft services in two distinct places, and it is important to keep them separate:

How we use it

We do not use Microsoft data for advertising, for training machine-learning models, or for any purpose other than providing the user-facing features of QueryForge.

How we store it

The OAuth refresh token that lets us write to your OneDrive folder is stored encrypted at rest in Microsoft Azure Key Vault. Sign-in claims (name, email, identity-provider ID) are stored in your QueryForge account record in Azure Cosmos DB. We do not cache OneDrive file contents on our systems beyond what is strictly necessary to produce and upload a result CSV.

How we share it

We do not transfer Microsoft user data to any third party, except as necessary to provide the QueryForge feature you requested (for example, the Azure infrastructure that runs the service), to comply with applicable law or legal process, or with your explicit consent. Sharing Microsoft user data for advertising, resale, or unrelated analytics is not allowed and we do not do it.

How you remove it

You can disconnect QueryForge from your Microsoft account at any time by (a) removing the OneDrive integration from the QueryForge portal, which deletes our stored refresh token, and/or (b) revoking QueryForge's access from your Microsoft Account or, for Entra work/school accounts, your organization's admin "My Apps" page. Revoking either way stops any further access. CSVs we have already delivered to your OneDrive remain in your OneDrive under your control — they are your files. If you delete your QueryForge Account, your sign-in record and any stored tokens are deleted as described in §12.

Publisher identity and consent

QueryForge's Microsoft Entra application is registered under a publisher domain we control (jassquery.com). The consent screen Microsoft shows when you first authorize QueryForge identifies us as the publisher and links to this Privacy Policy and to our Terms of Service, so you can review how we handle your data before granting access.

07 Communications and Marketing

When you give us your contact details — by registering for a QueryVault tier, joining a list, creating a QueryForge account, or contacting us — we use them to operate the Services and to stay in touch with you about JASS Query.

Where the law requires consent for marketing email (for example, in parts of the European Economic Area and the United Kingdom), we rely on your consent or on the "soft opt-in" available for our own similar products, and you may withdraw consent at any time.

08 Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR / UK GDPR:

09 Subprocessors and Third-Party Services

We do not sell or rent your personal information. We use the following subprocessors to operate JASS Query, QueryVault, and QueryForge. Each has signed (or operates under) a data processing agreement or equivalent contractual terms where applicable.

Subprocessor Purpose Data category Location
Microsoft Azure Hosting, storage, compute, Key Vault, logging (QueryForge) All QueryForge account, query, run, credential, and log data United States
Microsoft Entra External ID Identity provider and authentication (QueryForge) Name, email, identity-provider ID, tokens United States
Stripe Subscription billing and payments (QueryForge) Name, email, billing address, payment method (held by Stripe; not by us) United States
Resend Transactional email delivery Email address, message contents United States
Keepa GmbH Executes the Product Finder queries you scheduled Query parameters and (on bundled-credit tiers) our own Keepa API key Germany
Google (Drive + OAuth) Delivers result CSVs to your Drive if you connect Google Drive; also powers Google Fonts on the website OAuth tokens; file metadata and contents we write to your folder United States
Microsoft (OneDrive + OAuth) Delivers result CSVs to your OneDrive if you connect OneDrive OAuth tokens; file metadata and contents we write to your folder United States

We will update this list as subprocessors change. Material changes will be reflected in the "Last Updated" date at the top of this page; subscribers on enterprise terms, if any, may also be notified directly.

10 International Data Transfers

JASS Query is operated from the United States and the primary QueryForge infrastructure runs in Microsoft Azure US regions. If you access our products from outside the United States, you acknowledge that your information is transferred to and processed in the United States, and that U.S. law may apply to it. Where required for transfers of personal data out of the European Economic Area, the United Kingdom, or Switzerland, we rely on the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent transfer mechanisms with our subprocessors.

11 Your Rights

Depending on where you live, you have some or all of the following rights regarding your personal information:

To exercise any of these rights, email privacy@jassquery.com. We will respond within the timeframes required by applicable law (for example, within 30 days under GDPR, or 45 days under CCPA, with extensions only as the law permits). We may need to verify your identity before acting on a request — typically by confirming control of the email address tied to your account.

Authorized agents may submit CCPA/CPRA requests on your behalf with written permission that we are allowed to verify.

12 Data Retention

We keep information only as long as we need it for the purpose it was collected for, or as required by law. In practice:

13 Security

We take the security of your information seriously, and in particular, of the OAuth tokens, SAS URLs, and Keepa API keys you entrust to us. We apply the following measures:

No system is perfectly secure. If we learn of a personal-data breach that affects you, we will notify you as soon as reasonably possible and in any event within the timeframes required by applicable law (for example, within 72 hours of awareness where GDPR applies).

14 Third-Party Sites and Integrations

Our products and website may link to third-party sites (for example, Keepa, Stripe's billing portal, or the Google and Microsoft account pages). We are not responsible for the privacy practices of those third parties. Once you leave our site or enter a third-party integration flow, that third party's privacy policy applies.

15 Children's Privacy

Our products and website are designed for Amazon resellers running a business. They are not directed to children. We do not knowingly collect personal information from children under 13 (or under the equivalent age in your jurisdiction — for example, 16 in parts of the EU). If you believe we have inadvertently collected information from a child, contact privacy@jassquery.com and we will delete it.

16 "Do Not Track" and Global Privacy Control

Because we do not engage in cross-context behavioral advertising and do not sell or share personal information for advertising purposes, we do not respond differently to browser Do-Not-Track signals. Where required, we honor the Global Privacy Control (GPC) signal as an opt-out request for California consumers.

17 Changes to This Policy

We may update this policy from time to time — for example, when we add or change a subprocessor, launch a new feature that handles data differently, or adapt to new legal requirements. Changes will be reflected in the "Last Updated" date at the top of this page. Material changes will be highlighted or emailed to account holders. Continued use of our products or website after the effective date of a change constitutes acceptance of the updated policy.

18 Jurisdiction

JASS Query is operated by JASS Pet Services LLC d/b/a JASS Query, a limited liability company organized in the United States. This policy is written to comply with applicable U.S. privacy laws and, where relevant, with the GDPR / UK GDPR. If you are accessing our products or website from outside the United States, you acknowledge that any information you provide is transmitted to and processed in the United States.

19 Contact

For privacy questions, data-access or deletion requests, or to exercise any of the rights described in §11: