ATTORNEY-ONLY PLATFORM: Juridion AI is a professional tool designed exclusively for licensed attorneys. Use of this platform does not constitute the practice of law. All AI-generated content must be independently reviewed by a licensed attorney before filing or reliance.
Data Processing Agreement
Template for Enterprise Customers
Last Updated: June 24, 2026
Note: This is a template DPA for enterprise customers who require a formal data processing agreement. Contact legal@juridionai.com to execute a customized DPA for your organization.
1. Definitions
"Data Controller" means the Customer who determines the purposes and means of processing Personal Data.
"Data Processor" means Juridion AI / JuridionAI, which processes Personal Data on behalf of the Data Controller.
"Personal Data" means any information relating to an identified or identifiable natural person.
"Processing" means any operation performed on Personal Data.
2. Scope of Processing
The Data Processor shall process Personal Data only:
- To provide the legal drafting services as described in the Terms of Service
- In accordance with documented instructions from the Data Controller
- In compliance with applicable data protection laws
3. Categories of Data
The following categories of data may be processed:
- User account information (email, authentication data)
- Legal documents uploaded by the Customer
- AI-generated content and drafts
- TOC/TOA processed documents (not retained after processing)
- Subscription and token usage records
- Usage and audit logs
4. Security Measures
The Data Processor implements the following security measures:
- Encryption in transit (TLS 1.3)
- Encryption at rest (AES-256)
- Access controls and authentication
- Regular security assessments
- Incident response procedures
5. Sub-processors
The Data Processor uses the following sub-processors:
| Sub-processor | Purpose | Location |
|---|---|---|
| Anthropic | AI Processing | USA |
| Google/Firebase | Authentication | USA |
| Modal | Cloud Infrastructure | USA |
| Vercel | Frontend Hosting | USA |
| Stripe | Payment Processing | USA |
6. Data Retention
- Uploaded documents: Deleted within 24 hours
- Generated exports: Deleted within 24 hours
- TOC/TOA documents: Not retained (returned immediately)
- Account data: Retained while account is active
- Purchase records: Retained for 7 years (tax compliance)
- Audit logs: Retained for 90 days
7. Data Subject Rights
The Data Processor shall assist the Data Controller in responding to requests from data subjects to exercise their rights under applicable law, including:
- Right of access
- Right to rectification
- Right to erasure
- Right to data portability
8. Breach Notification
In the event of a personal data breach, the Data Processor shall notify the Data Controller without undue delay and in any event within 72 hours of becoming aware of the breach.
9. Audit Rights
The Data Controller may audit the Data Processor's compliance with this DPA upon reasonable notice. The Data Processor shall make available all information necessary to demonstrate compliance.
10. Contact
For DPA execution or inquiries: legal@juridionai.com