Data Protection

GDPR Compliance

Last updated: May 22, 2026

At Jurilia, we prioritize the confidentiality and security of your personal data. This data protection policy describes how we collect, use, and protect your information in compliance with the General Data Protection Regulation (GDPR - Regulation EU 2016/679).

1. Data Controller

Personal data collected during the use of the Jurilia application is processed by:

Thibaud Moretto EI (TMLabs)
Sole Proprietorship (SIRET pending registration)
Registered Office: 172 chemin des prillets, 74140 EXCENEVEX, France
Contact Email: contact@jurilia.fr

2. Collected Data

We only collect the information necessary for the operation of our platform and the provision of our services. This includes:

  • Identification Data: First name, last name, email address, password (encrypted).
  • Professional Data (Lawyers only): Law firm name, legal specialties, city of practice, credentials and bar admission records.
  • Usage & Content Data: Questions asked to the AI, legal documents uploaded for analysis, and generated synthesis dossiers. These data are heavily encrypted.
  • Transaction Data: Transaction records of token recharges and subscription plans. (Note: Your credit card information is processed securely by Stripe and never transits through our servers).

3. Purposes of Processing

Your personal data is processed for the following purposes:

  1. Account Management: Registration, login, and managing your user space (Client or Lawyer).
  2. AI Analysis Service: Processing queries through our RAG engine to provide simplified legal explanations and reference the corresponding official laws.
  3. Connecting with Professionals: Transmitting your synthesis dossiers to partner lawyers whom you select or who practice in your geographical sector.
  4. Billing & Credits: Tracking and managing token credits or professional subscription plans.
  5. Technical Improvements: Security diagnostics, performance monitoring, and bug resolution. (Note: Your conversation data is not used to train public AI models).

4. Data Retention

We ensure that your data is only retained for as long as strictly necessary for the stated purposes:

  • Account Data: Retained for the active lifetime of your account. If the account remains inactive for 3 years, it will be automatically deleted.
  • Conversation History & Files: Retained as long as your account is active. You can delete individual conversations or your entire history at any time from your personal settings.
  • Financial & Billing Data: Retained for 10 years in compliance with French commercial law legal requirements.

5. Security & Encryption

Jurilia implements rigorous technical and organizational security measures to protect your data from unauthorized access, alteration, or destruction:

  • Encryption in Transit: All communications between your browser and our application are encrypted using TLS (HTTPS).
  • Encryption at Rest: Sensitive data in your dossiers and chat history are encrypted in our PostgreSQL databases hosted on Supabase (servers located in the European Union - Frankfurt).
  • Access Control: Access to transmitted dossiers is restricted exclusively to the emitting user (Client) and the designated lawyer.

6. Your Rights under the GDPR

In compliance with European data protection regulations, you have the following rights regarding your personal data:

  • Right of Access (Article 15): Obtain confirmation that your data is being processed and receive a copy.
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete information.
  • Right to Erasure (Article 17): Request the permanent deletion of your data.
  • Right to Restriction of Processing (Article 18): Temporarily suspend the processing of your data.
  • Right to Data Portability (Article 20): Retrieve your data in a structured, commonly used format.
  • Right to Object (Article 21): Object to the processing of your data based on reasons relating to your specific situation.

You may exercise any of these rights at any time by emailing your signed request to: contact@jurilia.fr. If you believe your rights have not been respected, you can file a complaint with the CNIL (cnil.fr).

7. Recipients & Data Transfers

Your personal data is confidential and is never sold or rented to third parties. The only recipients of your data are:

  • The account owner.
  • The partner lawyer or pool of local lawyers to whom you voluntarily decide to send a synthesis dossier.
  • Our trusted technical subprocessors required to operate the service (Supabase for database hosting, Vercel for website hosting, Stripe for secure payment processing). All partners are bound by strict confidentiality agreements.

All our primary application data is stored on servers located within the European Union.

8. Cookie Management

The Jurilia website uses cookies solely to ensure the correct functioning of its services. This includes authentication session cookies (Supabase) and remembering language preferences (next-intl).

We do not use any tracking or cross-site advertising cookies. You can block or delete these functional cookies through your browser settings, which may impact your session status and overall site usability.