Privacy Policy

The following policy applies to each user of the AI chatbot JESS ("you" or "User") and is intended to explain what types of information is gathered from Users and how that information is used. Users should also refer to the CUNY Digital Assets and Resources Policy which outlines CUNY's policy for all users of CUNY digital assets and resources.

The Craig Newmark School of Journalism at the City University of New York (CUNY) is committed to respecting your privacy. In order to use JESS, you must register and provide some personal information. We do not collect any personal information about you unless you provide that information voluntarily. Any personal information you choose to provide us will only be used by CUNY to conduct official CUNY business. CUNY does not sell, rent, loan, trade or lease personal information collected through JESS.

For purposes of this policy:

• "Personal Information" means any information concerning a natural person which, because of name, number, symbol, mark or other identifier, can be used to identify that natural person, including a User's name and email address.
• "Data" means Personal Information, User-entered prompts, User identity, User-uploaded files, usage statistics, login timestamps, security logs, and responses from JESS. Data may include Sensitive/Internal Data.
• "Sensitive/Internal Data" means information that, were an unauthorized disclosure, alteration, or destruction to occur, a moderate to low level of risk to CUNY could result. Sensitive/Internal Data includes all data that is not classified as Confidential Data or Public Data, such as IT system configurations and logs not containing Confidential Data.

Do not use JESS for Confidential Data. For a full description of what constitutes Sensitive/Internal Data and what constitutes Confidential Data, please refer to the CUNY Data Classification Standard.

To protect your privacy and prevent unauthorized use, please keep your log in information in a secure place. Also, whenever you use JESS from a public workstation, be sure to log out of JESS and close all web browser windows before you leave the public workstation.

Information Collected and Stored Automatically

Cookies

A cookie is a piece of text placed on your computer by a web server. We use access token cookies to authenticate your login and refresh token cookies to manage your session and maintain it across page navigations, not to perform analytics or behavioral tracking. These cookies are limited to those that are essential for the functionality of JESS. We do not use any third-party cookies.

Logs and Network Monitoring

We maintain log files of all access to JESS and also monitor network traffic for purposes of site management and security. We use this information to help diagnose problems with the server and to carry out other administrative tasks. We also use log analysis tools for such purposes as creating summary statistics to determine which information is of most interest to Users, identifying system problem areas, and determining technical requirements. The following information is typically collected in these files:

• the Internet Protocol address and domain name of your Internet Service Provider and/or computer, if your computer has an IP address assigned directly to it;
• the type of browser and operating system you use;
• the date and time you visited JESS;
• the amount of time spent using JESS; and
• the web page from which you accessed JESS and from which any page on this site was linked.

None of the foregoing information is deemed to constitute personal information by the New York State Internet Privacy and Security Act. Logs may also store the name, password, username, and email associated with your account on the server.

Information Collected and Stored If You Opt-In

JESS Conversation History

The default mode of JESS provides for all your chat conversations with JESS to be processed locally in your browser, not stored on servers. In this mode, all conversations are automatically deleted after 24 hours, at which time you will be automatically logged out.

If you opt-in to chat history mode in JESS, your chat conversations with JESS are stored on CUNY servers. You can permanently delete individual chats or your entire chat history with JESS at any time. No one, including administrators and developers, can view your chat history unless you explicitly share a specific chat conversation with CUNY for feedback. This mode enables JESS to store Data for the sole benefit of our Users, enabling a more personalized and useful experience on JESS.

Feedback on JESS

CUNY welcomes feedback from Users of JESS. If you have opted-in to chat history mode in JESS, you can choose to share the chat conversation for which you are providing feedback by checking the permission box to do so. If a chat conversation is shared for feedback, it will be temporarily accessible to a small, authorized team for review and improvement of JESS, then deleted.

[The information we collect is not limited to text characters and may include audio, video and graphic information formats included in the message or transaction.]

Disclosure of Information Collected Through JESS

We will not share your Data without your explicit consent, except as outlined below:

We may collect or disclose Personal Information without your consent if the collection or disclosure is: necessary to perform CUNY's statutory duties or necessary to operate a program authorized by law, or authorized by state or federal statute or regulation; made pursuant to a court order or by law; for the purpose of validating your identity; or of information to be used solely for statistical purposes that is in the form that cannot be used to identify any particular person.

Further, the disclosure of Data, including Personal Information, collected through JESS is subject to the provisions of the U.S. Family Educational Rights & Privacy Act and New York State's Freedom of Information Law.

We may also disclose Personal Information to federal or state law enforcement authorities to enforce CUNY's rights against unauthorized access or attempted unauthorized access to CUNY's information technology assets.

JESS is intended for Users who are professionals – journalists, editors, professors, and students in higher education training to be journalists and editors. We do not knowingly collect personal information from children under the age of 13. You are cautioned, however, that we will treat Personal Information entered into JESS as though it was entered by an adult, and it may, unless exempted from access by federal or state law, be subject to public access.

Retention of Information Collected through JESS

We retain the Data collected through JESS in accordance with the CUNY records retention and disposition policy. The retention period differs depending on the type of Data collected. Questions regarding the records retention and disposition policy should be addressed to:

Access to and Correction of Personal Information Collected through JESS

You may submit a request to the CUNY records access officer to determine whether Personal Information pertaining to you has been collected through JESS. Your request must be in made in writing and must be accompanied by reasonable proof of your identity. Reasonable proof of identity may include verification of a signature, inclusion of an identifier generally known only to you, or similar appropriate identification. The address of the records access officer is:

The records access officer will, within five business days of the receipt of a proper request, provide access to the Personal Information; deny access in writing, explaining the reasons therefore; or acknowledge the receipt of the request in writing, stating the approximate date when the request will be granted or denied, which date shall not be more than thirty days from the date of the acknowledgment.

If we have collected your Personal Information through JESS and that information is to be provided to you pursuant to your request, the records access officer will inform you of your right to request that the personal information be amended or corrected under the procedures set forth in Section 95 of the Public Officers Law.

Confidentiality and Integrity

We limit access to Data collected through JESS to only those who need access to this information. In addition, we have implemented procedures to safeguard the integrity of CUNY's information technology assets, including, but not limited to, authentication, authorization, password security, data encryption, input validation, rate limiting, security headers, database security, session management, OAuth (open authorization) security, error logging, API (application programming interface) security, infrastructure security, data access controls, token management, and auditing. These security procedures have been integrated into the design, implementation, and day-to-day operations of JESS as part of our continuing commitment to the security of electronic content as well as the electronic transmission of information.

For security purposes and to maintain the availability of JESS for all Users, we employ software to monitor traffic to identify unauthorized attempts to upload or change information or otherwise damage JESS.

Changes to Policy

We may change this policy and the JESS terms of use from time to time and reserve the right to do so without notice. The information provided in this privacy policy and in the JESS terms of use should not be construed as giving business, legal or other advice, or warranting as fail proof, the security of information provided through JESS.

Contact Information

For questions regarding this privacy policy, please contact: privacy@cuny.edu