GDPR information.

For general website visits, demo requests, marketing communication, billing, account administration, and platform security, Jurono acts as controller. For customer content processed inside a firm account on behalf of a law firm, Jurono generally acts as processor under Art. 28 GDPR. Business customers receive a data processing agreement before production use where Jurono processes personal data on their behalf. The agreement defines subject matter, duration, data categories, data subject categories, instructions, confidentiality, subprocessors, deletion, return, and audit support.

Jurono can process firm profile data, user account data, client contact data, intake form content, documents, communication metadata, billing data, support data, audit logs, and security logs. Special category data or confidential legal matter data can appear when customers or clients submit case-related information. Customers must configure intake flows and access rights according to their legal and professional duties.

Jurono aims to host production services in Germany or the European Economic Area. Subprocessors are selected based on security, reliability, contractual safeguards, and GDPR readiness. Before launch, this section must list the active production subprocessors, their purpose, location, and transfer mechanism. Typical categories can include hosting, database infrastructure, email delivery, payment processing, support tooling, monitoring, and analytics where enabled.

Jurono applies technical and organisational measures appropriate to the risk of the processing. Measures include access control, role-based permissions, encryption in transit, password hashing, logging, backup processes, environment separation, least-privilege administration, and security review of production changes. Measures are reviewed as the product and risk profile evolve. Customer-specific security requirements can be addressed during onboarding or in an individual agreement where needed.

Where Jurono acts as controller, data subjects can contact Jurono directly to exercise GDPR rights. Where Jurono acts as processor, Jurono supports the customer in responding to access, correction, deletion, restriction, portability, objection, and related requests. Export and deletion workflows are designed to help firms retrieve data and end processing when a contract ends, subject to statutory retention duties, security needs, and third-party rights.

Jurono maintains internal procedures to assess, contain, document, and communicate personal data breaches. Where Jurono acts as processor, customers are informed without undue delay after Jurono becomes aware of a breach affecting their processed data. Where Jurono acts as controller, notification duties to supervisory authorities and affected persons are assessed under Art. 33 and 34 GDPR.

Jurono uses EEA-based providers where practical. If a subprocessor or service creates a transfer outside the EEA, Jurono relies on a recognised transfer mechanism such as an adequacy decision or EU Standard Contractual Clauses and reviews supplementary safeguards where required. Customers can request information about relevant transfer mechanisms for the subprocessors used in their account.

Law firms remain responsible for their own controller duties, including lawful basis, professional secrecy, client information notices, internal access permissions, retention policies, staff training, and configuration of intake or publication workflows. Jurono supports these duties with product controls, documentation, export options, and onboarding guidance, but does not replace a firm's own legal, professional, or data protection assessment.