JURIXA v1.1
JURIXA Data Governance

Privacy Policy

Return to landing page

Effective date: May 13, 2026.

This notice explains how Intelitive processes personal data in connection with JURIXA, including organization signup, client procedures, provider and agent workspaces, JURIXA Direct workflows, billing automation, support tickets, communications, and AI-assisted operational features.

JURIXA follows data minimization, role-scoped access, auditability, and good-faith handling of client, agent, provider, and internal-department information. Users should only submit personal data that is necessary for the procedure, subscription, support request, billing action, or platform function being used.

1. Scope and roles

Depending on context, Intelitive may act as controller for account registration, billing, security, product administration, support tickets, platform analytics, and JURIXA Direct administration; as processor for organization-managed procedure data; or as joint or independent controller where a specific agreement or law defines that role.

Providers, agents, and client organizations remain responsible for their own lawful basis, professional secrecy, client notices, conflict checks, regulator duties, and records they choose to upload or generate in the platform.

2. Data categories we process

  • Account and organization data: name, email, role, permissions, organization identity, domain settings, professional profile, and subscription seat data.
  • Identity and professional data: certification status, provider or agent profile details, practice areas, credentials, ownership or administrator status, and assignment eligibility.
  • Client and procedure data: client contact details, procedure type, status, scope, milestones, documents, signatures, required actions, deliverables, and definition-of-done confirmations.
  • Communication data: in-app messages, mediated communication records, support tickets, dispute notes, refund requests, attachments, audit markers, and notification delivery state.
  • Billing data: quote inputs, procedure prices, JURIXA fees, taxes, milestone payments, subscription status, ledger entries, refunds, payouts, Stripe identifiers, chargebacks, and invoice status.
  • Security and technical data: IP address, device and browser metadata, login events, rate-limit events, audit logs, error logs, consent records, and system diagnostics.
  • AI and automation data: prompts, outputs, summaries, routing labels, document-draft metadata, and human review events where AI-assisted features are used.

3. Sensitive, legal, and professional data

Legal procedures may involve identity data, financial data, tax data, immigration data, family data, criminal-record references, health references, or other sensitive information. Users must avoid uploading unnecessary sensitive data and must use the correct procedure, document, support, and communication channels so access controls and audit records match the intended purpose.

JURIXA is not a substitute for each provider's or agent's professional secrecy obligations. Where a provider, solicitor, lawyer, accountant, tax representative, or other regulated professional is involved, that professional remains responsible for the confidentiality, privilege, legal basis, retention, and disclosure rules that apply to their work.

4. Cookies and similar technologies

JURIXA uses cookies/local storage to operate securely and improve usability.

  • Strictly necessary cookies: authentication/session integrity, CSRF protection, account security, and organization context
  • Preference storage: language preference, interface settings, and role-aware navigation state
  • Operational telemetry (if enabled): service-quality, reliability, fraud prevention, and product diagnostics using minimized identifiers where practical

You can control browser cookie settings, but blocking essential cookies may affect login, security, billing, support, and procedure workflow behavior.

3.1 Cache and local browser storage policy

To avoid users seeing stale content, JURIXA sends explicit browser cache headers for all authenticated and dashboard-facing pages and similar app pages. This disables local reuse of those pages after navigation and helps prevent outdated legal, support, billing, and procedure information from being kept in browser cache.

  • HTML application pages use short-term cache directives: no-store, no-cache, must-revalidate.
  • Static files such as images, JavaScript, CSS, and fonts follow normal static asset caching.
  • Essential authentication, organization, billing, support, and procedure pages are prioritized for fresh response headers after login, payment, or role changes.

If needed, users do not need manual cache clearing for normal operation: each visit gets a fresh secure response from the app, while assets are refreshed on deployment through standard static updates.

5. GDPR legal bases

Where GDPR applies, legal bases may include contract performance, legitimate interests, legal obligations, consent, vital interests in limited emergency contexts, and establishment, exercise, or defense of legal claims where applicable.

  • Contract performance: account access, procedure agreements, subscription services, billing, support, and client-facing workflow delivery.
  • Legitimate interests: security, fraud prevention, dispute evidence, platform reliability, product improvement, and controlled operational analytics.
  • Legal obligations: tax, accounting, consumer, anti-fraud, data protection, court, regulator, and professional-record obligations where they apply.
  • Consent: optional communications, certain cookies or analytics where required, and any specific consent-driven procedure feature.

6. How we use data

We use personal data to create accounts, verify role permissions, manage procedure agreements, route clients to agents and providers, support JURIXA Direct internal paths, collect client payments, maintain the platform ledger, process refunds and payouts, run subscriptions, send notifications, maintain support tickets, investigate disputes, protect security, and improve platform reliability.

For disputes, refunds, failed procedures, force majeure claims, or completion confirmation, JURIXA may use communication-line records, support tickets, billing ledger entries, acceptance timestamps, and relevant attached documents to coordinate the platform workflow. This coordination does not replace a court, professional regulator, payment-network decision, or mandatory dispute body.

7. Sharing and subprocessors

Data may be shared with the client, assigned provider, assigned agent, JURIXA Direct internal department, or support personnel according to role permissions and procedure context. Data may also be processed by vetted service providers needed for hosting, payments, email, notifications, analytics, security, document handling, identity checks, and AI-assisted features.

Stripe or another payment processor may receive billing identifiers, payment amounts, invoices, refund data, subscription data, chargeback data, and payout or transfer information. Payment-card details are handled by the payment processor and are not intended to be stored directly by JURIXA.

8. International transfers

Where data is transferred outside the European Economic Area, Intelitive applies appropriate safeguards required by applicable data protection law, such as adequacy decisions, standard contractual clauses, transfer risk assessments, and contractual or technical controls where relevant.

9. Retention and minimization

We keep personal data only for as long as needed for the platform purpose, active procedure, billing record, legal obligation, professional record, security record, dispute evidence, tax record, or audit requirement. Retention periods may differ for account data, procedure data, billing records, support tickets, audit logs, and backups.

When data is no longer needed, it is deleted, anonymized, aggregated, or retained in restricted form where law, security, billing, or dispute needs require continued storage.

10. Security measures

JURIXA uses role-based access controls, session security, CSRF protection, rate limiting, audit logging, encrypted transport, controlled admin access, billing-webhook verification, and environment-separated configuration. Some workflows may include additional encryption or document controls depending on the feature and organization settings.

No online platform can guarantee absolute security. Users must protect credentials, avoid shared accounts, keep role assignments current, and report suspected incidents through the support ticket or incident channel.

11. Data subject rights (GDPR)

Where applicable, data subjects may request:

  • Access to personal data
  • Rectification of inaccurate data
  • Erasure, subject to legal, professional, billing, dispute, and record-retention limits
  • Restriction or objection to processing
  • Data portability where technically feasible and legally required
  • Withdrawal of consent where processing is consent-based
  • Review of automated or AI-assisted processing where applicable law grants such rights

Requests should be submitted through the support ticket line or official Intelitive contact point. We may need to verify identity and may route organization-controlled procedure data requests to the relevant organization, provider, or agent where they are the responsible party.

You may also lodge a complaint with the competent data protection authority. In Portugal, the national authority is the CNPD.

12. Organization responsibilities

Organizations using JURIXA must maintain accurate user roles, remove access when no longer needed, ensure agents and providers are correctly assigned, use the support ticket line when JURIXA action is required, and keep their own client notices, professional records, and lawful-basis documentation current.

13. AI and automation data

AI-assisted features may process prompts, documents, summaries, messages, and metadata to produce drafts, classifications, search results, or workflow suggestions. Outputs should be reviewed by a responsible human before being used for legal, tax, financial, immigration, court, or public-authority purposes.

14. Children and vulnerable persons

JURIXA is not directed to children. Where a procedure lawfully involves a minor or vulnerable person, the responsible client, provider, or agent must ensure the correct legal representative, authorization, notice, and protection measures are in place.

15. Updates

We may update this notice to reflect product, billing, legal, security, or operational changes. Material updates take effect on the posted effective date, subject to any notice or consent required by law or contract.

16. Official references

This notice was structured with reference to official European and Portuguese data-protection sources, including:

17. Contact and requests

Privacy, data-rights, security, billing-data, and support-related requests should be submitted through your organizational support channel or the official Intelitive contact point made available to your organization.