Last updated: April 2026
This Privacy Policy explains how Jurisly.ai ("we", "us", or "our") collects, uses, and protects personal data when you use our AI-powered legal receptionist platform.
When you register for Jurisly.ai, we collect your name, email address, law firm name, bar admission number, and billing information. This information is necessary to provide the Service and process payments.
We collect the settings and configurations you provide, including practice areas, consultation fees, business hours, AI agent instructions, and any custom content you upload (such as your firm logo).
When end-users (your clients and prospective clients) interact with your AI legal receptionist, we collect the content of those conversations, contact details voluntarily provided (name, phone number, email address), and metadata such as timestamps and session identifiers.
We automatically collect information about how you interact with the Service, including log data, IP addresses, browser type, pages viewed, and features used. This data is used solely for service improvement and security purposes.
If you connect your Facebook Page or Instagram Business account, we collect and store the Page access token, Page ID, Instagram account ID, and username. We process messages received through these channels to provide automated responses.
We use collected information to operate, maintain, and improve the Jurisly.ai platform, including generating AI responses to client enquiries, capturing leads, and facilitating appointment bookings.
We may use your email address to send service-related notifications, lead alerts, billing notices, and important updates about the platform. You may opt out of non-essential communications at any time.
Aggregated and anonymised usage data is used to understand how the Service is used and to improve our AI models and platform features. We do not sell individual user data to third parties.
We may use or disclose your information as required by applicable law, court order, or governmental authority, including the Personal Data Protection Act 2012 (PDPA) of Singapore.
Your data is stored on servers provided by Supabase (PostgreSQL database) and may be located in data centres across the United States, European Union, or Asia-Pacific regions. We take all reasonable steps to ensure data is handled in accordance with applicable data protection laws.
We implement industry-standard security measures including encryption in transit (TLS/HTTPS), encryption at rest, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
Access to your firm's data is restricted to authenticated users with valid credentials. Law firm data is isolated by firm ID, and our team only accesses individual firm data where necessary for support or legal compliance.
If you connect Facebook Messenger or Instagram DM, your data is subject to Meta Platforms Inc.'s privacy policy. Page access tokens are stored securely and used solely to send and receive messages on your behalf. We request only the minimum permissions required: pages_manage_metadata and pages_messaging.
If you connect Google Calendar, we access your calendar availability to offer booking slots to clients. We request read and write access to your primary calendar only. Google Calendar data is subject to Google LLC's privacy policy.
Billing and payment processing is handled by Stripe, Inc. We do not store your full credit card details on our servers. All payment data is handled directly by Stripe in accordance with PCI-DSS standards.
Our database and authentication infrastructure is provided by Supabase Inc. User credentials, firm data, and conversation records are stored within Supabase-managed databases.
AI-generated responses are powered by OpenAI's API (GPT-4o). Client messages are transmitted to OpenAI for processing. OpenAI's API data usage policy applies; as of the date of this policy, OpenAI does not train on data submitted via the API. However, you should not input highly sensitive personal data into the chat widget.
We retain your account and firm configuration data for the duration of your subscription and for up to 90 days after account closure, after which it is permanently deleted.
Chat sessions and messages are retained for up to 12 months from the date of the conversation to allow you to review leads and conversation history. You may request earlier deletion.
To request deletion of your data or your clients' data, contact us at support@cvidsproductions.net. We will process deletion requests within 30 days, subject to any legal retention requirements.
You have the right to access the personal data we hold about you and to receive it in a portable format. You may request a copy of your data by contacting us.
You may update your account information at any time through the dashboard. If you need assistance correcting inaccurate data, please contact us.
Where processing is based on consent, you may withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.
If you believe your personal data has been mishandled, you may lodge a complaint with the Personal Data Protection Commission (PDPC) of Singapore at pdpc.gov.sg.
We use essential cookies for authentication and session management. We do not use third-party advertising cookies. By using the Service, you consent to our use of essential cookies. You may disable cookies in your browser settings, but this may affect the functionality of the Service.
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or a notice within the dashboard. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: support@cvidsproductions.net. We aim to respond to all enquiries within 5 business days.
Jurisly.ai uses Google API Services to provide calendar-based consultation booking for our law firm customers. When you connect your Google account, we request the following OAuth scopes:
- https://www.googleapis.com/auth/calendar — to read upcoming events for availability checks, and to create, update, and cancel consultation events on your behalf.
- https://www.googleapis.com/auth/userinfo.email and https://www.googleapis.com/auth/userinfo.profile — to identify the connected Google account.
How we use Google user data:
- We read calendar events only to determine which time slots are free when a client requests a consultation.
- We create, update, and delete calendar events that we ourselves originate through bookings made via our AI assistant.
- We store OAuth access tokens, refresh tokens, the connected email address, and the calendar ID in our encrypted Supabase Postgres database (AES-256 at rest, TLS 1.2+ in transit).
- We do NOT copy, cache, or persist the contents of calendar events beyond the event IDs of events we ourselves create.
How we protect Google user data:
- We do NOT sell, rent, trade, or otherwise transfer Google user data to any third party for advertising or any other purpose.
- We do NOT use Google user data to develop, improve, or train generalized artificial intelligence or machine learning models.
- Access to production databases is strictly limited to authorised engineering personnel.
- Users may disconnect Google Calendar at any time from their dashboard. On disconnection, OAuth tokens are revoked and deleted from our systems within 24 hours.
- On account deletion, all associated Google user data is deleted within 30 days.
Compliance statement: Jurisly.ai's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy (link: https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.
Contact: For data access, correction, or deletion requests related to Google user data, contact support@cvidsproductions.net. We respond within 30 days.
This Privacy Policy is governed by and construed in accordance with the laws of Singapore, including the Personal Data Protection Act 2012 (PDPA). For questions, contact support@cvidsproductions.net.