How Jidenka handles your data
Plainly, up front. Jidenka is an early-stage platform. This page describes, in plain language, what data the service handles today and how the apps you connect are protected. It is written to be accurate to how the product actually works right now — not to make claims we can't stand behind. It is not legal advice, and we will publish a fuller, counsel-reviewed policy before Jidenka is generally available.
1. What Jidenka does
Jidenka is an agent toolkit platform. It lets a person connect their third-party applications once — through the provider's own OAuth screen or an API key — and grant AI agents permission to operate those applications through a single API. Jidenka holds the connected credentials in an encrypted vault, turns an agent's request into the real provider's action, returns a consistent result, and records an audit trail of what was done. The whole point is to let an agent do useful work in your apps without ever holding your raw passwords.
2. What this covers
This page covers the Jidenka website and the Jidenka platform and API (the "Service"). It does not cover the third-party apps you connect — those are governed by their own providers' terms and privacy policies. When Jidenka acts on your instruction against a connected provider, that provider handles your data under its own policy.
3. What we collect
- Account and identity data — your name, work email, organisation, and role, when you request access or create an account.
- Connected-app credentials and tokens — OAuth access and refresh tokens or API keys, plus connection metadata (provider, account label, granted scopes, token status) for the apps you connect. How these are handled is in Section 4.
- Agent and grant configuration — the agents you register, the hashed secrets they authenticate with, and the grants mapping which agent may use which connection.
- Execution and audit data — for each action: the tool invoked, the connected account used, who requested it, timestamps, the risk grade, and the outcome. Request and response payloads may be processed to complete an action and recorded in audit logs to the extent needed for security and accountability; we work to minimise and redact sensitive fields in logs.
- Technical and usage data — IP address, basic device or browser information, and error diagnostics used to operate and secure the Service.
- Communications — messages you send us.
We do not intentionally collect special-category personal data, and we ask that you not send it through free-text fields.
4. How we protect connected credentials
The credentials you connect are the most sensitive data we hold, and holding them safely is the core of the Service.
- Encrypted at rest. Each secret is envelope-encrypted with AES-256-GCM — a data key encrypts the secret, and that data key is itself wrapped by a key-encryption key. The encryption is bound to the secret's tenant, connection, and type, so a ciphertext cannot be moved to another record and decrypted out of context.
- Never exposed to agents. Agents never receive raw credentials. Jidenka uses the stored credential server-side to call the provider on the agent's behalf.
- Masked on read. Where a credential is shown to an authorised person, it is masked — a few leading characters, the remainder redacted.
- Decryption is isolated. Only the execution worker can decrypt a credential, and only while carrying out your action. The web and API tier holds no decryption capability.
- Isolated per tenant. Data is separated using database row-level security, and the tenant an action runs under is derived server-side from the authenticated caller — not from any value a client sends.
- Encrypted in transit. Connections to the Service use TLS.
- Kept healthy. OAuth tokens are refreshed as the provider permits, so connections stay working; expired or failed connections are surfaced to you.
5. How we use data
We use your data to operate and secure the Service: to authenticate users and agents and enforce grants; to execute the actions you and your agents request against connected providers; to keep an audit trail; to provide support; and to keep the Service reliable.
We do not sell your personal data. We do not use the content of your connected apps or your execution payloads to train machine-learning models.
6. How we share data
- Connected providers you choose — to perform the actions you request.
- Infrastructure providers that host and support the Service (for example, hosting and database services), under contract and confidentiality, and only as needed to run the Service.
- Your organisation — administrators and audit reviewers in your own tenant can see the audit records for actions taken under that tenant.
- Legal and safety — where required by law, or to protect the rights, safety, and integrity of the Service.
We do not share your connected-app content with anyone other than the provider you direct an action to, except as needed to run the Service or as required by law.
7. Retention and deletion
We keep data only as long as we need it to run and secure the Service, and no longer than the law requires. When you disconnect an app, we stop using that credential immediately, revoke the token with the provider where the provider supports it, and delete the stored secret. Audit records are retained for a limited period for security and accountability, then removed.
8. Your control
- Disconnect an app in Jidenka at any time — we stop using that credential right away and delete the stored secret.
- Revoke a grant to remove an agent's ability to use a connection.
- Revoke from the provider's side — you can also remove Jidenka's access from the third-party provider's own security settings; the connection will then show as failed and be removed.
- Delete your account by contacting us; we will delete or de-identify your personal data, subject to any legal retention requirements.
9. Security
We use technical and organisational safeguards including encryption in transit and at rest, envelope-encrypted credential storage, access controls and tenant isolation, audit logging, least-privilege operational roles, and secret and dependency scanning in our build pipeline. No method of transmission or storage is ever perfectly secure; we work to protect your data but cannot guarantee absolute security. If we become aware of a breach affecting your personal data, we will act to contain it and notify you and any regulators as required by law.
10. Children
Jidenka is intended for businesses and developers and is not directed to children. We do not knowingly collect personal data from children.
11. Changes
We may update this page as the Service evolves. Material changes will be posted here with a new "last updated" date, and a fuller, counsel-reviewed policy will be published before general availability.
12. Contact
Questions about privacy, or a request to access or delete your data, can be sent to olisa.okafor@wincofoam.com. If we handle your data on behalf of an organisation you belong to, we will refer your request to that organisation.