Data and Sub-Processors
Juristic works with carefully selected vendors and sub-processors to ensure the secure and reliable operation of our platform. When using our services, certain sub-processors may process personal data on our behalf.
💡 Enterprise customers have the flexibility to request the use of alternative vendors where their specific needs require it, and tailored Data Processing Agreements (DPAs) can be put in place as needed.
In our role as a service provider, Juristic processes personal data on behalf of our customers. In addition, we may process statistical data for our own purposes, but this is always limited to aggregated or non-identifiable information.
Types of Personal Data Processed
| Key | Type | Description |
|---|---|---|
| A: End User Information | Personal data of end users (e.g. an attorney at a customer law firm). | Includes email addresses, employment information (such as place of employment), names, and statistical data (e.g. activity timestamps, IP addresses). This information is used to log the user in and provide access to the platform. Note: most customers use a VPN with a fixed IP address. |
| B: Client or Case Data | Personal data of law firm clients. | Depends on what the end user uploads but may include sensitive or special categories of personal data (e.g. health information or criminal records). |
Sub-Processors
| Name | Location | Purpose & Data Types |
|---|---|---|
| 3DS Outscale SAS | France | Stores data at rest in a relational MySQL database. Processes End User Information and Client/Case Data. |
| Auth0, Inc. | Germany or Ireland | Provides secure authentication of end users. Processes only emails and names (End User Information). Most often publicly available. |
| Compaya A/S | Denmark | Provides part of our sharing functionality. Processes telephone numbers of recipients (End User Information and Client/Case Data). |
| Cloudflare, Inc. | Germany or Ireland | Provides security measures to protect the platform from attacks. Processes only IP addresses (End User Information). Data is often fixed via VPNs. |
| Crisp IM SAS | France | Provides support chat software. May process End User Information and Client/Case Data, but only the latter if manually provided to support agents. |
| Scaleway S.A.S. | France | Processes both End User Information and Client/Case Data to provide intelligent document processing (Juristic Timeline). |
| Scalingo SAS | France | Platform-as-a-Service. Processes data in transit, essential for development. Both End User Information and Client/Case Data. |
| ScanSpan SL (Mandaa) | Denmark | Provides part of our sharing functionality. Processes only email address and name of recipients (End User Information and Client/Case Data). |
| OpenAI | US | Provides AI functionality (if customer has not opted to use their own AI or Juristic-hosted AI). May process End User Information and Client/Case Data. No data used for model training. |
| Microsoft Corporation (Azure OpenAI) | France | Provides LLM functionality for JuristIQ (if chosen by customer). May process End User Information and Client/Case Data. |
| Mixpanel, Inc. | EU | Provides product analytics to measure feature usage and customer engagement. Processes End User Information such as email, activity timestamps, device information, and statistical data. |
| PostHog, Inc. | EU | Provides product analytics and event tracking. Processes End User Information such as email, activity timestamps, device information, and statistical data. |
Additional Information
Risk assessments for each vendor are available upon request, and most sub-processors can be disabled if a customer chooses (this may impact performance of the platform).
No ownership rights in the data are transferred at any point. Juristic remains fully responsible for the personal data processed by our suppliers. Sub-processors may, however, use metadata and statistical information for their own purposes. This is strictly limited to End User Information, and only when the relevant services are actually used. For example, if the sharing functionality is not enabled, providers such as ScanSpan SL or Compaya A/S will not receive any information.
When metadata is processed, it is used exclusively for development, optimisation, and support. Such processing is fully covered by the agreement between Juristic and our customers. For a general overview of our approach to risk assessments, we refer to our Application Security and Testing.
If you have any questions or require further information, please contact Christian Hjortshøj at ch@juristic.io.