AI Assistant is a powerful tool that lives within Juro's contract collaboration platform. It helps you to draft, review and summarize contracts and clauses using generative AI. This guide sets out some data protection considerations in using the AI Assistant.

As a controller, you need to demonstrate your compliance with data protection laws.

Juro’s AI Assistant was built with EU and UK privacy laws in mind, and operates on servers located in the EEA and managed by Microsoft.

We’re also providing the information in this guide to help you understand how to deploy our AI Assistant responsibly in your organisation.

You might choose to conduct a data protection impact assessment before using any AI tool. We can provide a template for you to use, pre-filled with information about Juro’s AI Assistant.

It’s important that you make clear to individuals how their personal data is processed.

When you start using Juro’s AI Assistant, make sure you update your fair processing notices to tell people that you use Juro to process their personal data, and that it includes AI capabilities.

You can find out more information about exactly how and where Juro processes personal data in our award-winning privacy policy. This also includes information about all of the sub-processors we use to provide and maintain our platform, including our AI Assistant.

You must have a lawful basis to process personal data.

This basis shouldn’t change by using Juro’s AI Assistant - you’re using personal data for the same reason, enhanced by a powerful, AI-enabled contract collaboration tool to make your processes more efficient.

Unlike some other AI-enabled contract platforms, we don’t use your data to train models for anyone else. So you don’t have to worry about Juro or its technology partners repurposing your personal data for anything else.

You have an obligation to keep personal data you process accurate and up to date.

Generative AI is probabilistic. This means that the output you get is based on a statistical model, which predicts the most likely output based on your inputs and the model that powers it. AI can ‘hallucinate’ and produce inaccurate outputs. As a responsible controller, you must review the output of our AI Assistant before using it, and correct any inaccuracies you identify.

Juro’s AI Assistant is powered by GPT, one of the world’s most sophisticated large language models, significantly enhancing the quality of output from our AI Assistant.

You must process individuals’ personal data fairly.

That means protecting data subjects against unfair outcomes that might result from your processing, and making sure you’re using personal data in ways people expect.

Unlike some other AI-enabled contract platforms, we don’t use your data to train models for anyone else. So you can reassure people that their personal data isn’t being used by Juro or its technology providers to build or train open models.

Remember that our AI Assistant isn’t designed to help you make significant decisions about people or to process personal data about children - those things aren’t permitted under our terms.

You’ll want to know that Juro is taking appropriate steps to keep your data secure.

Contracts govern your most valuable relationships, and Juro has processed more than 1 million contracts in its browser-native platform. With our new AI Assistant, we maintain that reputation for uncompromising security.

Juro is SOC 2 Type 2 and cyber essentials certified. We use powerful encryption for data at rest (256-bit advanced encryption standard) and in transit (TLS) to help keep your contracts safe.

Our AI Assistant operates on highly secure Azure servers located in the EEA and managed by Microsoft, with data sent via our zero retention API.

As a controller, you need to trust that you can respond quickly and effectively to requests from individuals to exercise their data rights.

Our AI Assistant enhances your ability to find personal data in your contracts quickly and efficiently using natural language search. You can download or delete documents in Juro at the touch of a button.

Juro and its technology providers operate short retention periods for data running through our AI Assistant. Unless a policy violation is identified, we’ll delete your prompts and outputs from our systems within 30 days.

You need to be sure that any international transfers of personal data are compliant.

Your contracts and our AI Assistant are EEA-native, operating on highly secure cloud servers operated by AWS and Microsoft.

Where our features require international transfers, we clearly document this in our privacy policy. We don’t rely on short-lived safe harbour schemes - instead we have in place the latest EU Standard Contractual Clauses supplemented by the UK addendum, and supported by rigorous international transfer risk assessments. This ensures strict compliance with UK and EU rules on international transfers, and the requirements laid down by the Court of Justice of the European Union in the Schrems II judgment.