Privacy Policy
Last updated: 17 July 2026
This policy explains what data Juratify ("we", "us") processes, why, and how it is protected. Juratify is built around client-side, zero-knowledge encryption, so for most of the content you send us we hold only ciphertext we cannot read.
1. Data we process
- Account data: your email address and authentication data, handled through Supabase Auth, plus workspace membership.
- Client-sealed event payloads: stored as ciphertext only. They are encrypted in your environment with a data key we never receive, so we cannot read them.
- Server-sealed event payloads: for events ingested through the OTLP door, we process the payload transiently at ingestion and store it encrypted at rest with a per-workspace key.
- Integrity metadata: timestamps, event types, hash chains, signatures, and checkpoints, which make records tamper-evident.
- API keys: stored only as a hash.
2. What we cannot see
For client-sealed events, the plaintext never reaches us and the data key is never transmitted. This is a structural property of the Service, not a policy promise: we cannot decrypt what we do not hold the key for.
3. Hosting and location
Data is hosted on Supabase infrastructure in the European Union, region eu-central-1 (Frankfurt, Germany). Storage is append-only.
4. Sub-processors
- Supabase: database, authentication, and hosting of customer data in the EU.
- Vercel: hosting of the application, served from the EU (Frankfurt) region.
- Paddle: payment processing and merchant of record for purchases.
5. Retention
Records are retained for at least six months, reflecting the Article 26(6) minimum, and longer depending on your plan or configuration. Because the store is append-only and retention is a floor, records become deletable only after their retention period expires.
6. Your rights
Subject to applicable law, you may request access to, correction of, or deletion of your personal data. Deletion of evidence records is constrained by the append-only design and the retention period above. You can export your evidence at any time through the evidence pack, which supports data portability.
7. International transfers
Customer data is stored in the EU (Frankfurt). Where any processing involves a transfer outside the EU, we rely on appropriate safeguards as required by applicable data protection law.
8. Security
Content is encrypted, records are hash-chained and signed, and checkpoints anchor the chain so tampering is detectable. Access to customer data through the dashboard is scoped to workspace members.
9. Cookies
We use only the cookies and local storage needed to keep you signed in and to operate the Service. We do not use advertising cookies.
10. Contact
Privacy questions and data requests can be sent to juratify@gmail.com.