Privacy Policy

This Privacy Policy describes how Juron Labs, Inc. ("Juron", "we", "us") collects, uses, shares, and protects information when you visit our website, submit a request, or use the Juron product ("Service"). By using the Service, you agree to the terms of this Policy.

1.Scope

This Policy applies to the Juron marketing website, the get-started request form, the Juron Command Center product, and any communications related to onboarding or support. It does not apply to third-party services you connect to Juron, which are governed by their own privacy policies.

2.Information We Collect

We collect only the information necessary to operate the Service and respond to you.

2.1 Request data

When you submit a get-started request, we collect your name, work email, company, and your written description of the operational problem you would like Juron to address.

2.2 Account data

For active customers, we collect email address, hashed password, two-factor authentication secret, role assignment within your organization, and billing information.

2.3 Connector metadata

When you connect a third-party system (Stripe, HubSpot, Google Ads, etc.), we record the name of the integration, the time of connection, and the scope of the access token granted. Access tokens are encrypted at rest and never stored in plaintext.

2.4 Operational records

The Service generates and stores a record of every action taken by Juron agents on your behalf, including reasoning, confidence score, inputs, and outcome. These records constitute your audit trail and are isolated to your tenant.

2.5 Telemetry

We collect aggregated, anonymized usage telemetry — page views, feature engagement, error reports, and performance metrics — solely to identify defects and improve the Service.

We do not collect content from your customers' inboxes, internal messaging tools, source code repositories, or any data category you have not explicitly connected.

3.Bring Your Own Key (BYOK) & Data Residency

Juron operates on a BYOK model. Customers provision API keys for the large-language-model provider of their choice. Inference requests for your tenant pass through that provider under your contractual terms with them.

• No training on customer data. We do not use customer data to train, fine-tune, or evaluate any model, internal or external. Provider-level "no-training" settings are enabled by default in our reference deployments.
• Regional hosting. Customer tenants are deployed in either the United States (us-east-1) or the European Union (eu-west-1), selected by the customer at onboarding. Data does not cross region boundaries for processing or storage.

4.Use of Information

We use the information described above for the following purposes only:

1. To operate the Service, including executing actions proposed by your agents and writing to your connected systems within the scopes you have granted;
2. To respond to your requests, support tickets, and onboarding inquiries;
3. To improve the Service using aggregated, anonymized telemetry; and
4. To comply with applicable legal, tax, and accounting obligations.

We do not sell customer data. We do not share customer data with advertising networks. We do not use customer data for marketing communications outside the Service, and you may opt out of product communications at any time.

5.Sharing & Sub-Processors

We share information only with sub-processors strictly necessary to operate the Service. Our current sub-processors are:

• Amazon Web Services — infrastructure hosting (US/EU regions)
• Stripe — billing and payment processing
• Anthropic / OpenAI — only via your BYOK provider, under your contract
• Plaid / Persona — identity verification, where applicable
• Postmark — transactional email delivery

The current and historical list of sub-processors is published at juron.ai/subprocessors. Material changes are notified to customer administrators by email at least fourteen (14) days before they take effect.

6.Security

• Encryption. TLS 1.3 in transit; AES-256 at rest for stored data and backups.
• Tenant isolation. Each customer's data resides in a logically isolated tenant with its own encryption keys.
• Access control. Production access is restricted, gated by hardware security keys, and audited. Engineering personnel do not have standing access to customer tenants.
• Audit logs. All actions executed by Juron on your behalf are cryptographically signed and persisted with full reasoning, inputs, and outcome.
• Certifications. SOC 2 Type II audit window opens Q3 2026. HIPAA and ISO 27001 are planned.

7.Retention

• Request data — retained for twelve (12) months from submission, then deleted (or sooner on request).
• Operational records — retained for the life of the subscription plus thirty (30) days, then permanently deleted. Export available at any time.
• Audit trail — retained for seven (7) years to meet common compliance requirements; may be reduced to the statutory minimum on customer request.
• Telemetry — aggregated and anonymized at ninety (90) days; raw events older than ninety days are not retained.
• Billing records — retained as required by applicable tax and accounting law.

8.Your Rights

Subject to applicable law (including the GDPR and CCPA), you have the right to:

1. Access the personal data we hold about you;
2. Correct any inaccurate data;
3. Request deletion of your data, subject to the retention exceptions in Section 7;
4. Export your operational records in a portable format (JSON or CSV);
5. Object to specific processing or withdraw consent at any time; and
6. Lodge a complaint with your local data protection authority.

To exercise any of these rights, email privacy@juron.ai. We acknowledge requests within seven (7) business days and complete most within thirty (30) days.

9.Cookies & Tracking

The marketing website uses only essential cookies (session, CSRF, and user-preference). We do not deploy advertising pixels or third-party tracking scripts. Product telemetry is captured server-side from authenticated sessions only. We honor Do-Not-Track signals where reasonably possible.

10.Children

The Service is a business-to-business product intended for company founders and operators. We do not knowingly collect personal information from any individual under the age of sixteen (16). If you become aware that a child has provided us with personal information, please contact us and we will delete it.

11.International Transfers

If you are located in the European Economic Area, the United Kingdom, or Switzerland and your tenant is hosted in the United States, data transfers are conducted under the EU-US Data Privacy Framework and the Standard Contractual Clauses. You may elect EU residency at onboarding to keep all processing within EU borders.

12.Changes to This Policy

We update this Policy from time to time. Material changes are notified to customer administrators by email at least fourteen (14) days before they take effect, accompanied by a redline summary. Prior versions are available at juron.ai/privacy/history.

13.Contact

For privacy or data-related inquiries: privacy@juron.ai
For security disclosures: security@juron.ai
For our Data Protection Officer: dpo@juron.ai