Legal

Privacy Policy

Effective date: 17 May 2026

Juriva Ltd ("Juriva", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our platform. It applies to users in all jurisdictions, with specific sections addressing UK/EU GDPR rights and US state privacy rights.

1. Data Controller

Juriva Ltd is the data controller for personal data processed through the Service. We are registered under the UK Data Protection Act 2018 and comply with the UK General Data Protection Regulation (UK GDPR) and, where applicable, the EU GDPR.

Juriva Ltd

Data Protection Officer: dpo@juriva-ai.com

General enquiries: privacy@juriva-ai.com

2. Data We Collect

We collect the following categories of personal data:

Account data

  • Email address, name, and password (hashed) on registration;
  • Profile information you voluntarily provide: age, nationality, country of residence;
  • Subscription and billing information (processed by Stripe — we do not store card details).

Usage data

  • Chat messages and conversation history you create within the Service;
  • Documents you upload for analysis;
  • Feature usage patterns, session duration, and clicks (aggregated and anonymised where possible);
  • IP address, browser type, operating system, and device identifiers.

AI interaction data

  • The queries you submit to our AI, which are processed by Groq to generate responses;
  • AI-generated responses returned to you.

Data we do NOT collect

  • We do not collect special category data (health, biometric, political opinions, etc.) unless you voluntarily include such information in a query;
  • We do not knowingly collect data from persons under 18.

3. How We Use Your Data

We use your personal data to:

  • Provide the Service — process your queries, return AI responses, and maintain your conversation history;
  • Personalise responses — use your profile data (age, country, nationality) to tailor legal information to your jurisdiction;
  • Manage your account — authenticate you, process payments, and send transactional emails;
  • Improve the Service — analyse aggregated usage patterns to identify bugs, improve accuracy, and develop new features;
  • Legal compliance — comply with applicable law, respond to lawful requests, and enforce our Terms;
  • Security — detect and prevent fraud, abuse, and unauthorised access.

We do not use your personal conversation data to train AI models without your explicit opt-in consent. Aggregate, de-identified usage analytics may be used for model evaluation and product improvement.

5. Data Sharing

We do not sell your personal data. We share data only with the following categories of third parties, and only to the extent necessary for the stated purpose:

  • Groq Inc. — AI inference provider. Your queries are transmitted to Groq servers to generate responses. Groq's privacy policy applies to this processing.
  • Pinecone Systems Inc. — vector database used for document search. Embedded representations of queries (not raw text) are sent to Pinecone.
  • Supabase Inc. — database and authentication. Your account data and conversation history are stored on Supabase infrastructure.
  • Stripe Inc. — payment processor. Billing data is processed directly by Stripe; we receive only a customer reference token.
  • Law enforcement / regulators — where required by applicable law or court order.

All sub-processors are required to maintain appropriate data protection standards and are bound by data processing agreements compliant with UK/EU requirements.

6. International Data Transfers

Some of our sub-processors (Groq, Pinecone, Supabase, Stripe) are based in the United States. Where we transfer personal data from the UK or EEA to the US, we rely on:

  • The UK International Data Transfer Agreement (IDTA) and/or Standard Contractual Clauses (SCCs) approved by the European Commission; and/or
  • An adequacy decision where applicable.

Copies of applicable transfer mechanisms are available on request by emailing dpo@juriva-ai.com.

7. Data Retention

We retain your personal data for as long as necessary to provide the Service and comply with legal obligations:

  • Account data — retained for the duration of your account and for 3 years after account closure, unless a longer period is required by law;
  • Conversation history — retained for the duration of your subscription. You can delete individual conversations at any time within the app;
  • Billing records — retained for 7 years for tax and accounting purposes;
  • Usage logs — retained for 12 months in identifiable form, then anonymised.

When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.

8. Security

We implement industry-standard technical and organisational security measures, including:

  • TLS 1.2+ encryption for all data in transit;
  • AES-256 encryption for data at rest;
  • Bcrypt password hashing — we never store plaintext passwords;
  • Access controls limiting staff access to personal data on a need-to-know basis;
  • Regular security reviews and penetration testing.

No method of transmission over the internet is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. You should use a strong, unique password and enable any multi-factor authentication options we offer.

In the event of a data breach that is likely to result in high risk to your rights and freedoms, we will notify you and the relevant supervisory authority within the timeframes required by law.

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

UK & EU rights (UK GDPR / EU GDPR)

  • Access — request a copy of the personal data we hold about you;
  • Rectification — request correction of inaccurate or incomplete data;
  • Erasure — request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations;
  • Restriction — request that we restrict processing of your data in certain circumstances;
  • Portability — receive your data in a structured, machine-readable format;
  • Objection — object to processing based on legitimate interests;
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise these rights, email privacy@juriva-ai.com. We will respond within 30 days (extendable by a further two months for complex requests, with notice). We may request identity verification before processing your request.

If you are unsatisfied with our response, you have the right to lodge a complaint with:

  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • EU: Your national data protection authority.

10. Cookies & Tracking

We use essential cookies and browser local storage to operate the Service. We do not use third-party advertising cookies or cross-site tracking.

  • Authentication cookies — maintain your logged-in session (essential);
  • Preference storage — save your theme, language, and chat settings in browser localStorage (essential);
  • Analytics — anonymised page-level analytics to understand feature usage (no personal identifiers are tracked).

You can clear cookies and localStorage through your browser settings. Doing so will log you out and reset your preferences.

11. Children's Privacy

The Service is not directed to persons under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us at privacy@juriva-ai.com and we will delete it promptly.

12. AI Processing & Your Data

When you submit a query, your message is sent to Groq's API to generate an AI response. This processing occurs in real time; Groq does not store your queries after the response is returned, pursuant to our data processing agreement.

Your queries are also used to generate a vector embedding (a mathematical representation) via Ollama running locally on our servers — this embedding is used to retrieve relevant legal passages from Pinecone but is not stored beyond the request lifecycle.

We do not use your personal conversations to train AI models. De-identified, aggregated usage data (e.g., categories of questions asked) may be used to evaluate and improve our retrieval and ranking systems.

13. US State Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, or another US state with applicable privacy legislation, you may have additional rights:

California (CCPA / CPRA)

  • Right to know what personal information we collect and how it is used;
  • Right to delete your personal information;
  • Right to opt out of the "sale" or "sharing" of personal information — we do not sell or share your data for cross-context advertising;
  • Right to non-discrimination for exercising your privacy rights.

California residents may submit requests by emailing privacy@juriva-ai.com with the subject line "California Privacy Request".

Other states

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and similar states have comparable rights to access, correction, deletion, and portability. Contact us at privacy@juriva-ai.comto exercise these rights.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or by displaying a notice in the Service at least 14 days before changes take effect. The "Effective date" at the top of this page reflects the most recent revision.

15. Contact & Complaints

For any privacy enquiries, data subject requests, or complaints, please contact:

Juriva Ltd — Data Protection

Email: privacy@juriva-ai.com

DPO: dpo@juriva-ai.com

We aim to acknowledge all data subject requests within 72 hours and respond in full within 30 days.