Legal
Privacy Policy
Jurisly Technologies, Inc. (“Jurisly”, “we”, “our”, “us”)
Effective date: 1 June 2026 · Last updated: 18 June 2026
1. Overview and scope
This Privacy Policy applies to all personal data processed by Jurisly Technologies, Inc. in connection with the Jurisly platform (the “Service”), including the web application at app.jurisly.com, the marketing website at jurisly.com, and any associated APIs.
Jurisly acts as a data controller for the personal data of its users and as a data processor for the document content and personal data that customers upload to the platform. For B2B customers, a separate Data Processing Agreement (DPA) governs our processing as data processor. The DPA is available at /legal/dpa.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your rights are governed by the General Data Protection Regulation (GDPR) and applicable national implementations.
2. Information we collect
2.1 Account and identity data
When you create an account, we collect your name, email address, and authentication credentials. If you sign in via OAuth (Google or Microsoft), we receive your profile information from the identity provider. We do not store your OAuth access tokens beyond the session duration.
2.2 Organization and billing data
For team accounts, we collect organization name, domain, team member email addresses, and billing information. Payment card data is processed entirely by Stripe, Inc.; Jurisly does not store card numbers, CVVs, or full bank account details. We retain transaction records (amount, date, plan) for legal and accounting purposes.
2.3 Document content
When you upload documents for analysis, the document files are stored in encrypted Supabase Storage. The extracted text content, analysis results, and vector embeddings are stored in encrypted PostgreSQL databases. Document content is used exclusively to generate AI analysis results for your account. It is never shared with other organizations and is not used to train AI models.
2.4 AI query content
When you submit queries to the AI (chat messages, research queries, generation requests), the query text is transmitted to our AI model providers (currently Anthropic and/or OpenAI) under their respective data processing agreements. Query content is logged in our systems for security auditing, product improvement, and dispute resolution. Logs are retained for 12 months.
2.5 Usage and technical data
We automatically collect: IP address, browser and device information, pages visited, features used, time and duration of sessions, error logs, and API call metadata. This data is used for security monitoring, product analytics, and improving the Service. We use Vercel Analytics for anonymized performance metrics.
2.6 Communications
If you contact our support team or send inquiries, we retain the content of those communications to resolve your request and improve our services. Support conversations are retained for 24 months.
2.7 Cookies and tracking
We use essential session cookies required for authentication. We do not use third-party advertising trackers or behavioral profiling cookies. See Section 9 for details.
3. How we use your information
We process your personal data for the following purposes:
- Service delivery: Creating and managing your account, processing document uploads, generating AI analysis, enabling team collaboration.
- Billing and payments: Processing subscriptions, issuing invoices, managing plan changes and refunds.
- Security and fraud prevention: Detecting unauthorized access, monitoring for abuse, investigating incidents.
- Product improvement: Analyzing aggregated usage patterns to improve features, fix bugs, and optimize performance. Individual document content is not used for this purpose.
- Legal and regulatory compliance: Complying with applicable laws, responding to lawful legal processes, enforcing our Terms of Service.
- Customer communications: Sending service notifications, responding to support requests, providing product updates (with your consent where required).
We do not sell, rent, or trade your personal data to third parties for marketing purposes. We do not use document content for AI model training.
4. Legal bases for processing (GDPR)
For users in the EEA, UK, or Switzerland, we process personal data under the following legal bases:
- Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service as described in our Terms of Service — account management, document processing, AI analysis.
- Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud detection, aggregated analytics, improving our products. We have assessed that these interests are not overridden by your rights.
- Legal obligation (Art. 6(1)(c)): Retaining billing records, responding to lawful legal requests, VAT compliance.
- Consent (Art. 6(1)(a)): Marketing emails and non-essential cookies (where applicable). You may withdraw consent at any time.
6. AI processing and document handling
Because Jurisly processes legal documents that may contain sensitive personal data, we want to be explicit about how this content is handled:
- Document content is processed solely to generate analysis results for the requesting user’s organization.
- Document content is not shared across organizations under any circumstances.
- Document content is not used to train, fine-tune, or improve AI models, including models operated by third-party providers. Our AI provider agreements contractually prohibit this use.
- AI query content is transmitted to model providers over encrypted channels. Providers process this data under their APIs, which prohibit use for model training.
- Users are responsible for ensuring they have appropriate authority to upload documents containing third-party personal data and that doing so complies with applicable privacy laws.
7. Data retention
We retain personal data only as long as necessary for the purposes described in this policy:
- Account data: Retained while your account is active and for 30 days after account deletion (to support recovery requests), then permanently deleted.
- Uploaded documents and analyses: Retained while the document exists in your account. Deleted within 30 days of document deletion or account closure.
- Vector embeddings (knowledge base): Deleted immediately upon removal of the associated knowledge base or document.
- AI query logs: Retained for 12 months for security and quality purposes, then deleted.
- Billing records: Retained for 7 years for tax and accounting compliance.
- Support communications: Retained for 24 months.
- Security logs: Retained for 12 months.
8. Your rights
Depending on your location, you have the following rights regarding your personal data:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure (“right to be forgotten”): Request deletion of your personal data, subject to legal retention obligations.
- Right to restriction: Request that we limit processing of your data in certain circumstances.
- Right to data portability: Receive your data in a machine-readable format.
- Right to object: Object to processing based on legitimate interests, including profiling.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting past processing.
To exercise these rights, email privacy@jurisly.com. We will respond within 30 days. We may request identity verification before fulfilling requests. If you believe we have violated your rights, you have the right to lodge a complaint with your local data protection authority.
10. International data transfers
Jurisly stores data primarily in the European Union (EU West, Ireland). Where data is transferred to third parties located outside the EEA (including AI model providers in the United States), we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Binding data processing agreements with contractual obligations equivalent to GDPR requirements
Enterprise customers can request data residency in alternative regions to avoid cross-border transfers.
11. Security
Jurisly implements appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include AES-256 encryption at rest, TLS encryption in transit, role-based access control, audit logging, and regular security assessments. See our Security page for details.
Despite these measures, no security system is impenetrable. In the event of a data breach affecting your rights and freedoms, we will notify you within 72 hours of becoming aware, as required by GDPR.
12. Children
The Jurisly platform is intended for use by legal professionals and business users. It is not directed at individuals under the age of 18, and we do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a minor, we will promptly delete it.
13. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and/or a prominent notice on the platform at least 14 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
The version history of this policy is available upon request.
14. Contact
For privacy-related inquiries, data subject requests, or questions about this policy:
Jurisly Technologies, Inc.
Data Privacy Team
Email: privacy@jurisly.com
For DPA-related inquiries: legal@jurisly.com