Articles on: Compliance and Security

Privacy Principles

Lawful basis



Juristic acts as a data processor for its customers and end users. The end users will give their explicit consent when signing up for the platform.

Juristic only processes data when it is strictly necessary and when the platform is used - unless such processing is prohibited by the customer. See Sub Processors for a list of data types and and overview of how Juristic processes data both as a data processor and controller. Please note that Enterprise customers may have their own services, vendors and sub-processors enabled or disabled, which may incur changes to the diagrams and lists.

In relation to data, where Juristic acts as a data controller, i.e. telemetry and statistical data used for own purposes: such data will only be processed when it is necessary for legitimate interests, hereunder business interests and for the purpose of providing access to the platform, including maintaining the platform's functionality.

Juristic allows its users and customers to submit their own data in an automated way.


Data Minimisation



Juristic never asks for more data than what is necessary. Not only that: with the way Juristic's data structure is designed, the user decides what data to provide as we - technically - only need very little data to provide the service. For example, when using Juristic Structure, it is possible to use the platform without providing any names or other data. Instead, the user can use the platform fully by just providing entity types.


Privacy by Design and Default



Here at Juristic, we believe in privacy - so much that our entire platform was built around key principles and technologies to enhance privacy for our users and their clients. As mentioned in
Application Security and Testing, we are using industry standard technical measures to ensure the highest level of security when processing data.

Juristic has implemented a variety of default settings to ensure privacy, even inside organisations. In a recent update, we rolled out a rights management system within the platform. This means that - while cases, documents, etc. are sharable - they are, by default, not visible to anyone else than the relevant people in the organisation.

Juristic has implemented the following measures to ensure privacy by design and default:

Dynamic rights management inside organisations
No automatic publication of data or information, unless the user actively shares it
Industry standard data security safeguards are enabled on all processing activities - read more here.
Organisational measures ensure that no employee or user can access data they are not permitted to
Data minimisation principles are strictly enforced


Data Breaches



Juristic monitors any system access, including any unauthorised system access. We have designed and adopted strict policies for access control and monitoring, including measures that reduce risk of any attacks. In almost 2 years, Juristic has had no breaches.

Security researchers or users are welcome to submit reports to our CTO, Kean Ottesen, via kno@juristic.io. We process such reports in 1 day. We refer to Application Security and Testing for more information on privacy and security enhancing measures.

Updated on: 20/08/2024