Privacy policy
How we collect, use, and protect your personal data.
Last updated: March 2026
1. Introduction
Caribbean JURIST (“we”, “us”, “our”) is committed to protecting the privacy and personal data of users of the JURIST platform (“Platform”).
This Privacy Policy is drafted in compliance with the Jamaica Data Protection Act 2020 (“DPA 2020”) and, where applicable, other Caribbean data protection legislation.
Caribbean JURIST is the data controller in respect of your account and usage data. Where you submit queries containing personal data of third parties, we act as a data processor on your behalf.
2. Personal data we collect
Account registration data
| Category | Examples |
|---|---|
| Identity data | Full name, professional title |
| Contact data | Email address, phone number |
| Professional data | Firm name, jurisdiction of practice, bar admission status |
| Authentication data | Password (hashed), MFA configuration |
Subscription and billing data
We collect subscription tier, start/renewal dates, and payment metadata (last 4 digits, card type, Stripe customer ID). We do not store your full card number, CVV, or expiration date. All payment processing is handled by Stripe, Inc.
Usage data
We collect query data (searches and prompts submitted), response data (AI-generated outputs), session data (login timestamps, IP address, browser/device type), and feature usage data.
Data you provide in queries
You may submit queries containing personal data relating to third parties. We process such data solely to deliver the Platform's research services and do not use it for any other purpose.
3. How we use your personal data
- Providing the Platform and processing your queries
- Managing your subscription and processing payments
- Authenticating your identity and securing your account
- Communicating with you about your account
- Detecting and preventing fraud, abuse, and security threats
- Complying with legal and regulatory obligations
- Improving the Platform using aggregated, anonymised data
We do not use your personal data for profiling for marketing purposes, selling to third parties, training third-party AI models, or targeted advertising.
4. Lawful bases for processing
- Contract performance: Processing necessary to deliver the Platform and manage your subscription.
- Legitimate interest: Security monitoring, fraud prevention, service improvement using anonymised data.
- Legal obligation: Maintaining records required by law, responding to court orders.
- Consent: Where you have given specific consent (e.g., Google OAuth). You may withdraw consent at any time.
5. Data sharing
We do not sell your personal data. We share data only with trusted service providers who process it on our behalf:
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | USA |
| Anthropic | AI model inference | USA |
| Voyage AI | Text embedding | USA |
| Resend | Transactional email | USA |
We may also disclose data where required by law, court order, or regulatory authority, or in the event of a business transfer.
6. International data transfers
Where personal data is transferred outside Jamaica, we implement appropriate safeguards including contractual clauses and selection of providers with recognised data protection certifications.
7. Data retention
| Category | Retention period |
|---|---|
| Account and query data | Duration of subscription + 30 days |
| Billing records | 7 years from transaction date |
| Security and audit logs | 3 years |
| Support tickets | 2 years from resolution |
| Anonymised data | Indefinitely |
8. Data security
We implement appropriate technical and organisational measures including encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, Row-Level Security for tenant isolation, bcrypt password hashing, MFA support, account lockout, CSRF protection, and security event monitoring.
9. Your rights
Under the DPA 2020, you have the right to:
- Access — request a copy of data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your data
- Restriction — request that we restrict processing
- Data portability — receive your data in a machine-readable format
- Objection — object to processing based on legitimate interest
- Withdrawal of consent — withdraw consent at any time
To exercise any of these rights, contact us at admin@juristpro.ai. We will respond within thirty (30) days.
If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Information Commissioner (Jamaica) at www.oic.gov.jm.
10. AI-specific data processing
When you submit a query, the text is transmitted to our AI model provider for inference. Queries are processed in real time and are not retained by the AI model provider for training purposes. We have opted out of any training data usage by our embedding provider. We do not use your queries, responses, or personal data to train AI models.
The Platform's multi-tenant architecture enforces strict data isolation between Subscribers at the database level using Row-Level Security (RLS).
11. Data breach notification
In the event of a personal data breach, we will notify the Office of the Information Commissioner within seventy-two (72) hours and notify affected Subscribers without undue delay.
12. Cookies
Our use of cookies is described in our Cookie Policy.
13. Changes to this policy
Material changes will be notified to active Subscribers by email at least thirty (30) days before taking effect.
14. Contact
For questions about this Privacy Policy, contact us at admin@juristpro.ai.