Juno is designed to keep your work on your device. Rational Matter does not provide accounts or cloud storage for Juno, and using the app does not by itself upload your notebooks, scripts or projects to us. Some limited data leaves your device for product analytics and diagnostics, and when you use online services such as the AI coding assistant, package manager or a remote Jupyter server.
This policy explains how data is handled by Juno, Juno Institutional, Juno Connect and juno.sh. It was last updated on 16 July 2026.
Rational Matter Ltd is the controller for the personal data described in this policy:
Rational Matter Ltd (company number 11052630)
71–75 Shelton Street
London WC2H 9JQ
United Kingdom
You can contact us at [email protected].
Juno stores documents, projects, settings, REPL transcripts and other workspace data locally, in locations you choose. If you save a file to iCloud Drive or another provider available through the Files app, that provider may sync it under its own terms.
The AI coding assistant stores its conversations locally. API keys are stored in the iOS Keychain. Keychain items may remain after the app is removed, so delete a key in Juno before uninstalling if you do not want it retained on the device.
Juno can access device features such as photos, contacts, location or reminders only when your code requests them and you grant the relevant system permission. Juno does not send that data to Rational Matter. Your own code can, of course, send data to any service it connects to.
Juno uses limited telemetry to understand which features are useful, improve the app and diagnose failures.
The standard edition of Juno sends product-usage events to TelemetryDeck and Firebase Analytics. Juno Institutional sends product-usage events to TelemetryDeck only; Firebase is disabled in that edition.
These events can include:
Product analytics are designed not to include source code, document contents, API keys, file names, file paths or URLs. They are not completely anonymous, however: the analytics providers process technical identifiers and metadata associated with an app installation.
The standard edition also uses Firebase Crashlytics for crash and non-fatal error reporting. Diagnostic reports can include stack traces, app and device information, error descriptions, console output, file names or paths, and diagnostic breadcrumbs recorded shortly before a failure. We do not intentionally attach your documents or AI conversations, and known API-key and token patterns are redacted from AI error reports, but diagnostics can contain user-generated text when it forms part of an error or console message. Firebase Crashlytics is disabled in Juno Institutional.
Our UK GDPR lawful basis is our legitimate interest in understanding feature adoption and maintaining and improving the reliability of the apps.
The AI coding assistant is optional and uses your own API key. When you send a message, Juno makes an HTTPS request directly from your device to the provider and model you selected: OpenAI, Anthropic or Google Gemini. The request is not routed through a Rational Matter server.
The request contains your message and conversation history. Depending on where you opened the assistant, it may also contain relevant workspace context such as notebook cells and outputs, the current script, active project files, paths of open files, and console output. The provider returns its response directly to Juno.
Those requests are handled under your account and the provider’s terms, privacy policy, retention settings and data-use controls:
Provider practices vary by service, account and plan, and can change. Review them before sending personal, confidential or sensitive information. Rational Matter receives analytics about the provider, model and coarse outcome or usage categories, but not the prompt or response as part of the AI request. A related failure may still produce the diagnostic information described above.
Juno works offline for local development, but features you choose can make network requests:
Juno Connect connects directly to the Jupyter server or cloud service you configure. Connection addresses, credentials, code, notebooks, outputs and commands are sent to that service as needed to provide the connection, under the server operator’s or provider’s terms. Rational Matter does not proxy those connections.
The current App Store build of Juno Connect predates Juno’s newer telemetry stack. It includes Microsoft App Center for basic connection and notebook events, which can include the server category (not its address), Jupyter and kernel language versions, approximate country, and technical installation, app and device information. Crash reports can include crash details and a console log from the previous session. Juno Connect does not use TelemetryDeck or Firebase. Microsoft retired App Center Analytics and Diagnostics on 30 June 2026, but the current Juno Connect binary still contains the SDK; Microsoft’s privacy statement applies to data it processed.
The main juno.sh site does not use Google Analytics, advertising trackers or first-party analytics cookies. It is hosted by GitHub Pages and delivered through Cloudflare. GitHub and Cloudflare may process standard request and security information—such as IP address, requested URL, browser details and time of access—and Cloudflare may set security cookies when necessary.
The generated Python API reference loads fonts from Google Fonts. Visiting those pages therefore sends ordinary request information to Google under its privacy policy.
The newsletter link opens a Mailchimp-hosted subscription page. If you subscribe, Mailchimp processes your email address, consent and subscription activity on our behalf. We use that information only to send Juno news and updates. You can unsubscribe using the link in any message. Mailchimp’s legal and privacy information applies to its service and hosted page.
If you email us, we process your address, message and any information you choose to include so that we can respond and keep an appropriate support or business record. Please do not send secrets, API keys or documents that are not needed to resolve your question.
We do not sell personal data or use it for cross-app advertising. We share data only with the providers described above, when you direct the app to an external service, when required by law, or when necessary to protect our rights, users or services.
Depending on the purpose, we rely on:
We do not use personal data for automated decisions that have legal or similarly significant effects.
Local app data remains until you delete it, remove the app or erase the relevant Files, Keychain or iCloud data. Data held by Apple, an AI provider, a Jupyter service or another destination you choose is retained under that provider’s terms and your account settings.
Analytics and diagnostic data is retained according to our provider settings and only while it remains reasonably useful for product trends, release comparison, security and troubleshooting. Hosting and security logs are retained for the periods set by GitHub and Cloudflare. We keep support correspondence only while needed to resolve the request, maintain necessary business records or meet legal obligations.
Newsletter information is retained while you are subscribed. After you unsubscribe, we or Mailchimp may keep the minimum suppression record needed to honor the opt-out and comply with law.
Some providers process data outside the United Kingdom. Where we are responsible for an international transfer, we use an applicable UK adequacy regulation or approved contractual safeguards. Services you choose directly—such as an AI provider, Files provider or remote Jupyter service—handle international transfers under their own terms.
Depending on the circumstances, UK data-protection law gives you rights to ask for access to, correction of, deletion of, restriction of or a portable copy of your personal data, and to object to processing based on legitimate interests. You can withdraw consent at any time without affecting earlier processing.
Email [email protected] to exercise a right. We may need information that identifies the relevant subscription, correspondence or app installation. If you are unhappy with our response, you can complain to the UK Information Commissioner’s Office.
We use measures appropriate to the data involved, including system-protected storage for API keys, encrypted network connections and limits on telemetry content. No storage or transmission method is completely secure.
We may update this policy when Juno, our providers or legal requirements change. The date at the top will show the latest revision. Material changes will be highlighted where appropriate.