Industry AI Limited ("JurisHub", "we", "our") operates the legal AI platform at jurishub.africa. We are a data controller under the Kenya Data Protection Act 2019 (KDPA). If you have questions about this policy, contact us at support@jurishub.africa.
We collect the following categories of personal data: - Account data: full name, email address, and hashed password when you register. - Subscription and billing data: payment status, plan type, M-Pesa phone number (where provided), and Paystack transaction references. We do not store full card numbers. - Usage data: queries submitted to the legal AI, documents uploaded to your personal library, research history, and workflow outputs generated during your session. - Technical data: IP address, browser type, session tokens, and server logs for security and troubleshooting purposes.
We process your personal data for the following purposes: - To provide and operate the JurisHub platform, including AI-assisted legal research, document generation, and workflow outputs. - To manage your account and subscription, including billing, payment processing, and access control. - To send transactional emails: email verification, password resets, payment receipts, and subscription confirmations. - To ensure platform security, prevent fraud, and enforce our Terms of Service. - To comply with our legal obligations under Kenyan law. We do not use your data for advertising, and we do not sell your personal data to any third party.
Under the KDPA 2019, we rely on the following legal bases: - Contract: processing is necessary to perform the services you have subscribed to. - Legitimate interests: security monitoring, fraud prevention, and platform integrity. - Legal obligation: where Kenyan law requires us to retain or disclose records. - Consent: for any optional communications beyond transactional emails (you may withdraw consent at any time).
We share your data with the following sub-processors who assist in delivering the platform: - Supabase (Ireland/AWS) — authentication and user account storage. - Resend (USA) — transactional email delivery. - Paystack (Nigeria/USA) — card payment processing. Paystack is PCI-DSS compliant. - Anthropic (USA) — AI language model processing. Queries are processed via Anthropic's API. - DigitalOcean (USA) — cloud server and file storage hosting. - AnythingLLM (self-hosted) — retrieval-augmented generation against the JurisHub legal corpus. This component runs on JurisHub's own infrastructure and does not send data to third parties. Each processor is bound by data processing agreements and applicable data protection law. Data transferred outside Kenya is subject to appropriate safeguards.
We retain your data for as long as your account is active. If you close your account: - Account and billing records are retained for 7 years to meet financial record-keeping requirements under Kenyan law. - Uploaded documents and research history are deleted within 30 days of account closure unless a longer retention period is required by law. - Server logs are retained for 90 days and then deleted.
As a data subject under the Kenya Data Protection Act 2019, you have the following rights: - Right of access: you may request a copy of the personal data we hold about you. - Right to rectification: you may request correction of inaccurate data. - Right to erasure: you may request deletion of your data, subject to our legal retention obligations. - Right to data portability: you may request your data in a structured, machine-readable format. - Right to object: you may object to processing based on legitimate interests. - Right to withdraw consent: where processing is based on consent, you may withdraw it at any time. To exercise any of these rights, email support@jurishub.africa. We will respond within 21 days as required by the KDPA.
JurisHub uses browser localStorage to store your session preferences (theme selection, dismissed notifications) and session tokens issued by Supabase for authentication. We do not use third-party advertising cookies. A cookie consent notice is displayed on first visit.
We implement appropriate technical and organisational measures to protect your personal data, including encrypted HTTPS connections, hashed password storage via Supabase, HMAC-signed webhook verification for payment events, and role-based access controls. No system is completely secure; in the event of a breach affecting your rights, we will notify you as required by the KDPA.
JurisHub is a professional platform for licensed advocates. We do not knowingly collect data from persons under 18 years of age. If you believe a minor has submitted data to us, contact support@jurishub.africa and we will delete it promptly.
We may update this policy from time to time. Material changes will be communicated by email to registered users at least 14 days before taking effect. The "last updated" date at the top of this page will always reflect the current version.
For any privacy questions or to exercise your rights: support@jurishub.africa. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya at www.odpc.go.ke.