Legal Documents
Last updated
June 18, 2026

Legal

Privacy Policy

Jurisly Technologies, Inc. (“Jurisly”, “we”, “our”, “us”)
Effective date: 1 June 2026  ·  Last updated: 18 June 2026

This Privacy Policy explains how Jurisly collects, uses, discloses, and protects information about you when you use our platform. Please read it carefully. By using Jurisly you agree to the practices described in this policy.

1. Overview and scope

This Privacy Policy applies to all personal data processed by Jurisly Technologies, Inc. in connection with the Jurisly platform (the “Service”), including the web application at app.jurisly.com, the marketing website at jurisly.com, and any associated APIs.

Jurisly acts as a data controller for the personal data of its users and as a data processor for the document content and personal data that customers upload to the platform. For B2B customers, a separate Data Processing Agreement (DPA) governs our processing as data processor. The DPA is available at /legal/dpa.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your rights are governed by the General Data Protection Regulation (GDPR) and applicable national implementations.

2. Information we collect

2.1 Account and identity data

When you create an account, we collect your name, email address, and authentication credentials. If you sign in via OAuth (Google or Microsoft), we receive your profile information from the identity provider. We do not store your OAuth access tokens beyond the session duration.

2.2 Organization and billing data

For team accounts, we collect organization name, domain, team member email addresses, and billing information. Payment card data is processed entirely by Stripe, Inc.; Jurisly does not store card numbers, CVVs, or full bank account details. We retain transaction records (amount, date, plan) for legal and accounting purposes.

2.3 Document content

When you upload documents for analysis, the document files are stored in encrypted Supabase Storage. The extracted text content, analysis results, and vector embeddings are stored in encrypted PostgreSQL databases. Document content is used exclusively to generate AI analysis results for your account. It is never shared with other organizations and is not used to train AI models.

2.4 AI query content

When you submit queries to the AI (chat messages, research queries, generation requests), the query text is transmitted to our AI model providers (currently Anthropic and/or OpenAI) under their respective data processing agreements. Query content is logged in our systems for security auditing, product improvement, and dispute resolution. Logs are retained for 12 months.

2.5 Usage and technical data

We automatically collect: IP address, browser and device information, pages visited, features used, time and duration of sessions, error logs, and API call metadata. This data is used for security monitoring, product analytics, and improving the Service. We use Vercel Analytics for anonymized performance metrics.

2.6 Communications

If you contact our support team or send inquiries, we retain the content of those communications to resolve your request and improve our services. Support conversations are retained for 24 months.

2.7 Cookies and tracking

We use essential session cookies required for authentication. We do not use third-party advertising trackers or behavioral profiling cookies. See Section 9 for details.

3. How we use your information

We process your personal data for the following purposes:

  • Service delivery: Creating and managing your account, processing document uploads, generating AI analysis, enabling team collaboration.
  • Billing and payments: Processing subscriptions, issuing invoices, managing plan changes and refunds.
  • Security and fraud prevention: Detecting unauthorized access, monitoring for abuse, investigating incidents.
  • Product improvement: Analyzing aggregated usage patterns to improve features, fix bugs, and optimize performance. Individual document content is not used for this purpose.
  • Legal and regulatory compliance: Complying with applicable laws, responding to lawful legal processes, enforcing our Terms of Service.
  • Customer communications: Sending service notifications, responding to support requests, providing product updates (with your consent where required).

We do not sell, rent, or trade your personal data to third parties for marketing purposes. We do not use document content for AI model training.

5. How we share your information

5.1 Subprocessors

We use the following categories of subprocessors to deliver the Service. All subprocessors are bound by data processing agreements:

  • Supabase, Inc. — Database and file storage (EU West, Ireland)
  • Vercel, Inc. — Compute and edge delivery
  • Anthropic, PBC — AI model inference (query content only)
  • OpenAI, L.L.C. — AI model inference (query content only, optional)
  • Stripe, Inc. — Payment processing
  • Resend, Inc. — Transactional email delivery

We maintain a current list of subprocessors. Material changes to subprocessors are notified to customers with at least 14 days advance notice, allowing objection under the DPA.

5.2 Legal disclosures

We may disclose personal data if required by law, court order, or governmental authority. Where legally permitted, we will notify affected users prior to disclosure. We will challenge overly broad or legally insufficient requests.

5.3 Business transfers

In the event of a merger, acquisition, or sale of assets, customer data may be transferred to the acquiring entity. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

5.4 No sale of data

Jurisly does not sell personal data. We do not share personal data with advertisers or data brokers. We do not engage in behavioral advertising.

6. AI processing and document handling

Because Jurisly processes legal documents that may contain sensitive personal data, we want to be explicit about how this content is handled:

  • Document content is processed solely to generate analysis results for the requesting user’s organization.
  • Document content is not shared across organizations under any circumstances.
  • Document content is not used to train, fine-tune, or improve AI models, including models operated by third-party providers. Our AI provider agreements contractually prohibit this use.
  • AI query content is transmitted to model providers over encrypted channels. Providers process this data under their APIs, which prohibit use for model training.
  • Users are responsible for ensuring they have appropriate authority to upload documents containing third-party personal data and that doing so complies with applicable privacy laws.

7. Data retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Account data: Retained while your account is active and for 30 days after account deletion (to support recovery requests), then permanently deleted.
  • Uploaded documents and analyses: Retained while the document exists in your account. Deleted within 30 days of document deletion or account closure.
  • Vector embeddings (knowledge base): Deleted immediately upon removal of the associated knowledge base or document.
  • AI query logs: Retained for 12 months for security and quality purposes, then deleted.
  • Billing records: Retained for 7 years for tax and accounting compliance.
  • Support communications: Retained for 24 months.
  • Security logs: Retained for 12 months.

8. Your rights

Depending on your location, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): Request deletion of your personal data, subject to legal retention obligations.
  • Right to restriction: Request that we limit processing of your data in certain circumstances.
  • Right to data portability: Receive your data in a machine-readable format.
  • Right to object: Object to processing based on legitimate interests, including profiling.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting past processing.

To exercise these rights, email privacy@jurisly.com. We will respond within 30 days. We may request identity verification before fulfilling requests. If you believe we have violated your rights, you have the right to lodge a complaint with your local data protection authority.

9. Cookies and tracking

Jurisly uses the following types of cookies:

  • Essential session cookies: Required for authentication and maintaining your logged-in state. Cannot be disabled without breaking the Service.
  • Preference cookies: Store UI preferences such as sidebar state and model selection.
  • Analytics: We use Vercel Analytics for anonymized, aggregate performance metrics. No personal identifiers are transmitted to this service.

We do not use advertising cookies, cross-site tracking, or behavioral profiling. We do not use Google Analytics, Meta Pixel, or similar advertising trackers.

10. International data transfers

Jurisly stores data primarily in the European Union (EU West, Ireland). Where data is transferred to third parties located outside the EEA (including AI model providers in the United States), we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Binding data processing agreements with contractual obligations equivalent to GDPR requirements

Enterprise customers can request data residency in alternative regions to avoid cross-border transfers.

11. Security

Jurisly implements appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include AES-256 encryption at rest, TLS encryption in transit, role-based access control, audit logging, and regular security assessments. See our Security page for details.

Despite these measures, no security system is impenetrable. In the event of a data breach affecting your rights and freedoms, we will notify you within 72 hours of becoming aware, as required by GDPR.

12. Children

The Jurisly platform is intended for use by legal professionals and business users. It is not directed at individuals under the age of 18, and we do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a minor, we will promptly delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and/or a prominent notice on the platform at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

The version history of this policy is available upon request.

14. Contact

For privacy-related inquiries, data subject requests, or questions about this policy:

Jurisly Technologies, Inc.

Data Privacy Team

Email: privacy@jurisly.com

For DPA-related inquiries: legal@jurisly.com

Questions about this document? Write to legal@jurisly.com or visit our contact page.