1. Juristic
  2. Security and Trust Center

Data and Sub-Processors

Data and Sub-Processors

Juristic uses purposefully selected vendors and sub processors. When you use our platform, the following sub processors may process personal data. Please note that Enterprise customers have the option to choose or request implementation of other vendors, depending on their needs. Specific data processing agreements can be agreed to.

Juristic processes data on behalf of our customers, including personal data, and also for own purposes (only statistical data). We process the following types of personal data:
 
Key Type
A: End User Information This type of information regards the end user, for example an attorney working at a customer law firm. We process email addresses, employment information (such as place of employment), names and statistical data (such as activity timestamps and IP addresses, although most customers use a VPN with a fixed IP address) and use this information to log the user in and provide access to the platform, including necessary functionality
B: Client or Case Data This type of information regards the client of the law firm, such as names or other personal information. It depends on what the end user uploads but may include sensitive or special categories of personal data, such as health information or criminal records. We refer to Privacy Principles.


For the provision of access to the Juristic platform, Juristic uses these sub-processors of personal data - for a full overview, see the link below:

Name Location HQ Sub processors Purpose and types of personal data processed Comments DPA
3DS Outscale SAS France France N/A 3DS Outscale stores our data at rest, which is done in a relational format in a MySQL database. As such, 3DS Outscale processes both End User Information and Client or Case Data - Yes
Auth0, Inc. Germany or Ireland USA AWS Auth0 provides secure authentification of end users and only processes emails and names of the customer end users (End User Information). This data is most often publicly available EU SCCs. Risk assessment has been performed and is available per request. Yes
Compaya A/S Denmark Denmark Team.blue Denmark A/S, Rackhosting ApS Compaya provides part of our sharing functionality and may - as such - process End User Information and Client or Case Data, but only the telephone number of the person the workspaces are shared with - Yes
Cloudflare, Inc. Germany or Ireland USA AWS Cloudflare provides security measures to protect the platform from attacks. It processes only IP addresses of the customer end users (End User Information). This data is most often fixed via VPNs EU SCCs. Risk assessment has been performed and is available per request. Yes
Crisp IM SAS France France Digital Ocean Crisp IM is our support chat software and may process both End User Information and Client or Case Data, however, only the latter when such data is provided to support agents manually - Yes
Scaleway S.A.S. France France N/A Scaleway processes both End User Information and Client or Case Data in order to provide intelligent document processing for Juristic Timeline. - Yes
Scalingo SAS France France 3DS Outscale SAS Scalingo is our PaaS and processes data in transit, essential for our development. Scalingo processes both End User Information and Client or Case Data. - Yes
ScanSpan SL (Mandaa) Denmark Spain N/A ScanSpan provides part of our sharing functionality and may - as such - process End User Information and Client or Case Data, but only the email address and name of the person the workspaces are shared with - Yes
OpenAI US US Microsoft OpenAI provides part of our AI functionality, if the customer has not opted to use their own AI or solution hosted by Juristic. OpenAI may process End User Information and Client or Case Data, but no data will be used for training of OpenAIs models. Risk assessment has been performed and is available per request. Yes
Posthog  Germany US AWS (Germany) We use PostHog for product analytics and development. It may process End User Information, such as Performance Data, Device Data, and Activity Data. Risk assessment has been performed and is available per request. Yes
Microsoft Corporation (Azure OpenAI) France US N/A Microsoft provides the large language model for use in JuristIQ functionality if this has been chosen by the customer. Both End User Information and Client or Case Data may be processed, if the functionality is used. Risk assessment has been performed and is available per request. Yes

 

 

We have created risk assessments of each vendor which are available for our customers per request. If you are interested in becoming a customer and need this information, please contact Christian Hjortshøj via ch@juristic.io.


Most sub-processors can be disabled for customers per request.

No ownership rights of data are transferred and Juristic is responsible for data processed by our suppliers. However, sub-processors may use metadata and statistical data for their own purposes. This data is limited to End User Information - and only if the services are used. For example, if the sharing functionality is not used, then ScanSpan SL or Compaya A/S will not receive any information. The information will be used for development, optimisation and support - and is covered by the agreement between Juristic and our customers.