← Back to Juris

Privacy Policy

Last updated: June 1, 2026

Summary

Juris is operated by Kwata Team. Your data is encrypted, isolated per firm, never used to train AI, and never sold. Case documents are processed by AI solely to provide the service you requested. You have the right to access, correct, export, and delete your data. For questions: juris@kwatateam.com.

1. Who We Are

Juris is operated by Kwata Team, based in Alberta, Canada. References to "Juris," "we," "us," or "our" in this policy mean Kwata Team.

Our privacy practices are governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Alberta Personal Information Protection Act (PIPA).

Our servers are operated by us directly, not on third-party SaaS. Your data is never used to train AI, never sold, and is yours to export or delete at any time.

2. Data We Collect

We collect the following categories of personal information:

  • ·Account data: name, email address, law firm name, professional role, and (if provided) bar number.
  • ·Authentication data: hashed password, TOTP two-factor authentication data, session tokens. Plaintext passwords are never stored.
  • ·Case and matter data: case titles, client names, matter numbers, notes, and metadata you enter into Juris.
  • ·Documents: PDFs and other files you upload. Each file is encrypted at rest under a key unique to your firm.
  • ·Usage data: pages visited, features used, session timestamps — collected via self-hosted Umami analytics (see Section 7).
  • ·Billing data: subscription plan, payment history. Actual payment card data is processed by our PCI-compliant payment processor and is never stored on our servers.
  • ·Communications: emails you send to our support address.
  • ·Technical data: IP address (used for onboarding consent logging required by professional standards), browser type, and device type.

3. How We Use Your Data

We use your personal information for the following purposes:

  • ·To provide and maintain the Juris platform, including AI research, document processing, and case management features.
  • ·To authenticate your identity and secure your account.
  • ·To send transactional emails (account confirmation, password reset, case view access notifications, billing receipts).
  • ·To provide customer support.
  • ·To comply with our obligations under applicable law, including professional responsibility rules that may apply to us as a service provider to legal professionals.
  • ·To improve the platform using aggregated, anonymized usage data.

We do not use your data for advertising. We do not sell personal information to third parties. We do not use your case data to train AI models.

4. AI Processing — Specific Disclosure

This section is important. Please read it carefully.

Juris uses a third-party AI provider to power the Sage AI research companion and document analysis features. When you submit a research query or ask Sage to analyze a document, relevant excerpts from your case materials may be transmitted to our AI processing provider to generate a response.

Privilege-flagged documents are excluded from all AI processing at the database query level. If you have flagged a document as privileged in Juris, that document will never be transmitted to any AI provider.

Our AI provider processes data only to return a response, under a data-processing agreement that prohibits training on your data; it does not retain your content beyond what is needed to serve the request.

AI features can be enabled or disabled on a per-case basis. Any document you mark as privileged is excluded from all AI processing — it is filtered out at the database-query level and is never embedded for search or sent to our AI provider.

5. Legal Basis for Processing

For users in Canada, our legal basis for processing is your consent (provided during account registration and the mandatory onboarding flow), the performance of a contract (providing the Juris service to you), and legitimate interests (security, fraud prevention, platform improvement).

6. Data Sharing

We share personal information only in the following circumstances:

  • ·Our AI processing provider: powers the Sage AI research engine. Only non-privileged document excerpts and research queries are shared, and only when you use AI features.
  • ·Our PCI-compliant payment processor (Merchant of Record): processes subscription payments; card data never touches our servers (its name may appear on your card statement).
  • ·Self-hosted infrastructure: all core data (accounts, cases, documents, audit logs) is stored on servers we operate directly. No third-party SaaS has access to this data.
  • ·Legal obligation: we may disclose data if required by Canadian law, a court order, or to protect the rights or safety of our users or the public.
  • ·Business transfer: if Kwata Team is acquired, your data may be transferred to the acquiring entity subject to the same privacy commitments.

A current list of the specific service providers we use is available on request — contact juris@kwatateam.com.

We do not share your data with advertising networks, data brokers, social media platforms, or analytics companies (our analytics are self-hosted using Umami).

7. Analytics — Umami

We use Umami, a self-hosted, open-source web analytics tool, to understand how users interact with Juris. Umami is hosted on our own servers, so no data is sent to any third-party analytics company.

Umami collects: page URL, referrer URL, browser name, operating system, device type, and country (derived from IP address — the IP itself is not stored). This data is fully anonymized and aggregated. Umami does not use cookies for tracking. It cannot identify individual users across sessions or sites.

8. Data Storage, Security, and Retention

All data is stored on servers we operate directly. Our security measures include:

  • ·TLS 1.2+/1.3 encryption for all data in transit. Documents, their extracted text, and search-index entries are encrypted at rest under a key unique to your firm — held as ciphertext.
  • ·Schema-per-tenant database architecture — your firm's data is stored in a dedicated schema, logically separated from all other firms.
  • ·Mandatory two-factor authentication (TOTP) available to all users.
  • ·JWT session tokens with cryptographic signing and server-side revocation capability.
  • ·Audit logs for all significant actions (document access, AI processing, case creation) — retained while your account exists and removed with your data on deletion.

We retain your account and case data (documents, notes, AI sessions) for as long as your account exists — you control deletion at any time, and cancelling your subscription simply downgrades you to the free tier (your data stays). We only permanently delete an account after 24 months of inactivity (we email warnings first), or when you explicitly request deletion. Before then, export a complete copy yourself anytime (Settings → Data). Long-term retention of closed legal files is your firm's responsibility under your law society's rules, met by exporting and keeping your own copy — Juris is a custodian, not your system of record.

Breach notification. If we become aware of a breach of security safeguards involving your personal information that creates a real risk of significant harm, we will notify affected firms and users without undue delay, and report to the Office of the Privacy Commissioner of Canada (and any other regulator as required), in accordance with PIPEDA and Alberta PIPA. Notifications will describe the nature of the breach, the information involved, and the steps you can take to protect yourself.

9. Your Rights

Under PIPEDA and Alberta PIPA, you have the right to:

  • ·Access: request a copy of the personal information we hold about you.
  • ·Correction: request that we correct inaccurate or incomplete information.
  • ·Deletion: request deletion of your personal information, subject to applicable retention obligations.
  • ·Data portability: receive your data in a structured, machine-readable format.
  • ·Withdraw consent: withdraw consent to AI processing at any time (this does not affect processing that occurred before withdrawal).
  • ·Complaint: file a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca.

To exercise any of these rights, contact us at juris@kwatateam.com. We respond to requests within 30 days.

10. Cookies

Juris uses only essential cookies required to operate the platform. See our Cookie Policy for the full list. We do not use advertising cookies or third-party tracking cookies.

11. Children

Juris is a professional platform for licensed legal practitioners. It is not directed at persons under 18 years of age. We do not knowingly collect personal information from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users by email at least 14 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision.

13. Contact

Privacy inquiries: juris@kwatateam.com
General support: juris@kwatateam.com
Kwata Team