Skip to content

Privacy Policy

How we handle your information

Effective April 17, 2026 · legal@josh.one

Josh, LLC (“we”, “us”, “our”) operates the website at josh.one and associated subdomains. This Privacy Policy explains what information we collect when you use those properties, how we use it, and what rights you have. We try to be plain about it.

1. Who we are

Josh, LLC is a technology and consulting practice. Our website is at josh.one. Contact us for privacy matters at legal@josh.one.

2. Information we collect

2.1 Contact form submissions

When you submit the contact form on josh.one, we collect:

  • Name and email address — so we can respond to you.
  • Company name — optional; included if you provide it.
  • Interest area — the category you select (e.g., consulting, technology partnership).
  • Your message.
  • A pseudonymous identifier derived from your IP address — we apply a one-way SHA-256 hash with a site-specific salt before storing anything. We never store your raw IP address in connection with form submissions.
  • Timestamp.

This data is stored in Cloudflare D1 (our database, described in §4). We retain contact submissions until you request deletion or we wind down the service. To request deletion, email legal@josh.one from the address you submitted.

2.2 AI chat sessions

The AI assistant on josh.one is powered by Anthropic’s Claude (accessed via Cloudflare’s AI Gateway). When you use the chat feature:

  • Conversation content — your messages and our AI’s responses — are held in your browser session and in our database for the duration of that session. We do not permanently store individual chat transcripts unless you explicitly share them.
  • Shared conversations — if you use the “share” feature, the conversation is stored for seven days and then deleted automatically.
  • Your IP address is used by our rate-limiting infrastructure (Cloudflare Workers Rate Limiting) to prevent abuse. It is not stored in association with chat content.
  • Your messages are transmitted to Anthropic via Cloudflare AI Gateway for inference. Anthropic’s data handling is governed by their Privacy Policy. We do not use the API in a way that opts data into model training by default; per Anthropic’s commercial terms, API requests are not used to train models unless you separately opt in.

Do not share sensitive, confidential, or regulated information (including PHI, PII of third parties, trade secrets, or financial data) through the AI chat.

2.3 Infrastructure and server-side request data

This website runs on Cloudflare Workers. Cloudflare processes every HTTP request and may log standard request metadata (IP addresses, user-agent strings, URLs, timestamps) as part of operating the network. This is governed by Cloudflare’s Privacy Policy. We do not receive persistent server logs; we rely on Cloudflare’s analytics aggregates.

2.4 Cookies and local storage

We do not set advertising or analytics tracking cookies. We may use cookies or localStorage for:

  • Maintaining your chat session state within a browser tab.
  • Storing your preferences (e.g., theme, last-viewed content) locally in your browser.
  • Cloudflare security tokens (e.g., __cf_bm, cf_clearance) set automatically by Cloudflare’s bot-management system. These are necessary for the site to function and are governed by Cloudflare’s policy.

2.5 EDI Labs playground

The EDI Core playground (labs.josh.one/edi) processes EDI payloads entirely within your browser using WebAssembly. No EDI payload data is transmitted to our servers. See the EDI Labs Data Handling document for full details.

3. How we use your information

  • To respond to you — contact form submissions are read by a person and replied to by email.
  • To provide the AI assistant — messages are sent to Anthropic to generate responses.
  • To protect the service — IP-based rate limiting prevents abuse of the AI endpoint.
  • To operate the infrastructure — standard server-side request processing via Cloudflare.

We do not sell your information. We do not use your information for targeted advertising. We do not build behavioral profiles.

4. Data storage and sub-processors

We use the following third-party processors:

  • Cloudflare, Inc. (San Francisco, CA) — CDN, DNS, Cloudflare Workers (compute), D1 (database), R2 (object storage), Rate Limiting, AI Gateway. Privacy Policy ↗
  • Anthropic, PBC (San Francisco, CA) — AI inference for the chat assistant. Privacy Policy ↗

Our database (Cloudflare D1) stores data at rest in Cloudflare’s infrastructure. We do not currently use any marketing, advertising, or analytics platforms.

5. Data retention

  • Contact form submissions — retained until you request deletion or the service is wound down.
  • Chat sessions — cleared at end of browser session unless explicitly shared.
  • Shared conversations — deleted automatically after 7 days.
  • EDI payloads — never sent to our servers; retained only in your browser while the tab is open.

6. Your rights

Depending on where you are located, you may have the right to:

  • Access a copy of your personal data.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Object to or restrict certain processing.
  • Data portability (where applicable).

These rights apply under regulations including the EU/UK General Data Protection Regulation (GDPR/UK GDPR) and the California Consumer Privacy Act (CCPA/CPRA). To exercise any of these rights, email legal@josh.one. We will respond within 30 days.

Note: because contact form IP addresses are stored as one-way hashes, we cannot identify submissions from an IP address alone — please email from the address you submitted, or include identifying information you provided in the form.

7. Children’s privacy

This service is not directed at children under 13 (or 16 where applicable under GDPR). We do not knowingly collect personal data from children. If you believe a child has submitted information to us, please contact legal@josh.one.

8. HIPAA notice

Josh is not a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA). We do not execute Business Associate Agreements (BAAs). Do not submit Protected Health Information (PHI) through any part of josh.one.

9. Changes to this policy

We will update the effective date at the top of this page when we make material changes. We will not retroactively reduce your rights for data already collected without notice.

10. Contact

Privacy inquiries: legal@josh.one
Website: josh.one

← Back to Legal