The data controller for AI Jury is AI Jury, operated by Igor Ruvinskii (sole proprietor). For any privacy inquiry, contact hello@askaijury.com.
2.Data We Collect
Account data: your email address only. We use passwordless magic-link authentication and do not store passwords.
Subscription data: your current plan and billing status. Payment instruments (card numbers, etc.) are stored by LemonSqueezy, not by us.
Usage data: aggregate counts of queries per billing period, with timestamps, used to enforce plan limits and to detect abuse.
Query content: processed in flight to the AI provider you select. We do not permanently store the content of your queries on our servers (see Retention, Section 5).
Technical data: your IP address (used solely for rate limiting and abuse prevention) and user-agent string (used for browser-compatibility decisions).
3.How We Use Data
To provide and operate the Service.
To process subscription payments via our Merchant of Record, LemonSqueezy.
To enforce plan limits and detect or prevent abuse.
To send transactional communications (sign-in links, security notices, billing notices, material changes to Terms or this Policy).
To respond to your support requests.
We do not use your data for advertising or sell your data to third parties.
4.Third-Party Processors
We rely on the following processors. Each operates under its own privacy policy:
LemonSqueezy (with Stripe as the underlying payment processor) — payment processing and Merchant of Record.
Cloudflare — hosting, edge delivery, and infrastructure.
AI providers — when you submit a query, the content of that query is forwarded to the AI providers you have selected: Anthropic, OpenAI, Google, xAI, or DeepSeek. Each provider has its own privacy policy.
5.Data Retention
Account email: retained until you delete your account.
Usage counters: retained for the current and the immediately preceding billing period.
Query content: not stored beyond request processing (typically less than 60 seconds end-to-end).
Backups: standard cloud-provider backup retention (typically 30 days). After expiry of the backup window, deleted data is no longer recoverable from any source we control.
6.Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data. Under GDPR, all of these apply to EU/EEA residents:
Access: request a copy of the data we hold about you.
Deletion: request that we delete your account and associated data.
Portability: request export of your data in a machine-readable format.
Rectification: request correction of inaccurate data.
Objection: object to specific processing activities.
Lodge a complaint with your local supervisory authority.
To exercise any of these rights, contact hello@askaijury.com from the email address associated with your account. We will respond within 30 days.
7.Cookies
We use exactly one cookie: an essential session cookie used for authentication, set with the HttpOnly, Secure, and SameSite attributes. We do not use analytics, advertising, or other tracking cookies. We do not set third-party cookies.
8.Data Security
HTTPS everywhere.
Session cookies marked HttpOnly, Secure, and SameSite.
JWT sessions with rotation.
Industry-standard hashing for sensitive tokens.
No system can guarantee absolute security. We take reasonable steps and follow industry practice; we cannot warrant that data transmitted to us will never be intercepted or accessed without authorisation.
9.Children
The Service is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, contact hello@askaijury.com and we will delete it.
10.International Data Transfers
The Service operates globally through Cloudflare's edge network. Your data may be processed in regions outside your country of residence. Where required by GDPR, transfers outside the EEA are protected by appropriate safeguards (Standard Contractual Clauses or equivalent).
11.Changes to This Policy
We may update this Privacy Policy. Material changes will be communicated by email to registered users at least 30 days before they take effect. Continued use of the Service after the notice period constitutes acceptance of the updated Policy.