Privacy Policy

Juris is operated by Kwata Team Inc., a corporation incorporated under the Canada Business Corporations Act (CBCA) and registered extra-provincially in Alberta. References to "Juris," "we," "us," or "our" in this policy mean Kwata Team Inc.

Our privacy practices are governed by the Personal Information Protection and Electronic Documents Act (PIPEDA), the Alberta Personal Information Protection Act (PIPA), and, for users in the European Economic Area, the General Data Protection Regulation (GDPR).

Our servers are located in the European Union (Contabo GmbH, Germany). Your data is not subject to the US CLOUD Act, FISA, the USA PATRIOT Act, or any equivalent US-government access regime.

We collect the following categories of personal information:

• ·Account data: name, email address, law firm name, professional role, and (if provided) bar number.
• ·Authentication data: hashed password, TOTP two-factor authentication data, session tokens. Plaintext passwords are never stored.
• ·Case and matter data: case titles, client names, matter numbers, notes, and metadata you enter into Juris.
• ·Documents: PDFs and other files you upload. These are stored in encrypted EU-hosted object storage (MinIO) and are used to power AI analysis features you explicitly activate.
• ·Usage data: pages visited, features used, session timestamps — collected via self-hosted Umami analytics (see Section 7).
• ·Billing data: subscription plan, payment history. Actual payment card data is processed by DodoPayments and is never stored on our servers.
• ·Communications: emails you send to our support address.
• ·Technical data: IP address (used for onboarding consent logging required by professional standards), browser type, and device type.

We use your personal information for the following purposes:

• ·To provide and maintain the Juris platform, including AI research, document processing, and case management features.
• ·To authenticate your identity and secure your account.
• ·To send transactional emails (account confirmation, password reset, case view access notifications, billing receipts).
• ·To provide customer support.
• ·To comply with our obligations under applicable law, including professional responsibility rules that may apply to us as a service provider to legal professionals.
• ·To improve the platform using aggregated, anonymized usage data.

We do not use your data for advertising. We do not sell personal information to third parties. We do not use your case data to train AI models.

For users in Canada, our legal basis for processing is your consent (provided during account registration and the mandatory onboarding flow), the performance of a contract (providing the Juris service to you), and legitimate interests (security, fraud prevention, platform improvement).

For users in the EEA under GDPR, our legal bases are: Article 6(1)(b) — performance of a contract; Article 6(1)(a) — consent (for AI processing of documents); Article 6(1)(f) — legitimate interests.

We share personal information only in the following circumstances:

• ·Anthropic (USA): powers the Joe AI research engine. Only non-privileged document excerpts and research queries are shared, and only when you use AI features.
• ·DodoPayments: processes subscription payments. Card data never touches our servers.
• ·Self-hosted infrastructure (EU): all core data (accounts, cases, documents, audit logs) is stored on servers we operate in the EU. No third-party SaaS has access to this data.
• ·Legal obligation: we may disclose data if required by Canadian law, a court order, or to protect the rights or safety of our users or the public.
• ·Business transfer: if Kwata Team Inc. is acquired, your data may be transferred to the acquiring entity subject to the same privacy commitments.

We do not share your data with advertising networks, data brokers, social media platforms, or analytics companies (our analytics are self-hosted on EU infrastructure using Umami).

We use Umami, a self-hosted, open-source web analytics tool, to understand how users interact with Juris. Umami is hosted on our own EU servers — no data is sent to any third-party analytics company.

Umami collects: page URL, referrer URL, browser name, operating system, device type, and country (derived from IP address — the IP itself is not stored). This data is fully anonymized and aggregated. Umami does not use cookies for tracking. It cannot identify individual users across sessions or sites.

All data is stored on EU-based servers (Contabo GmbH, Germany). Our security measures include:

• ·AES-256 encryption at rest for all stored data.
• ·TLS 1.3+ for all data in transit.
• ·Schema-per-tenant database architecture — your firm's data is stored in a dedicated schema, logically separated from all other firms.
• ·Mandatory two-factor authentication (TOTP) available to all users.
• ·JWT session tokens with cryptographic signing and server-side revocation capability.
• ·Audit logs for all significant actions (document access, AI processing, case creation) — retained for 7 years.

We retain your account data for as long as your subscription is active, plus 90 days following termination to allow for account recovery. Case data (documents, notes, AI sessions, audit logs) is retained for 7 years from the date of last activity on the matter, consistent with typical professional retention obligations for legal files. You may request earlier deletion subject to any applicable legal or professional holds.

Under PIPEDA, Alberta PIPA, and GDPR (where applicable), you have the right to:

• ·Access: request a copy of the personal information we hold about you.
• ·Correction: request that we correct inaccurate or incomplete information.
• ·Deletion: request deletion of your personal information, subject to applicable retention obligations.
• ·Data portability: receive your data in a structured, machine-readable format.
• ·Withdraw consent: withdraw consent to AI processing at any time (this does not affect processing that occurred before withdrawal).
• ·Complaint: file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.

To exercise any of these rights, contact us at privacy@kwatateam.com. We respond to requests within 30 days.

Juris uses only essential cookies required to operate the platform. See our Cookie Policy for the full list. We do not use advertising cookies or third-party tracking cookies.

Juris is a professional platform for licensed legal practitioners. It is not directed at persons under 18 years of age. We do not knowingly collect personal information from minors.

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users by email at least 14 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision.

Privacy inquiries: privacy@kwatateam.com
General support: hello@kwatateam.com
Kwata Team Inc. · Incorporated under the Canada Business Corporations Act