Privacy Policy
Last updated: July 5, 2026
1. Data Controller
XPROFIT OÜ ("we", "us") operates the Justivo application. We are the data controller for your personal data under the GDPR.
2. Data We Collect
- Account data: Email address, name, language preference
- Profile data (optional, for document generation): Address, phone number, personal identification code, company details
- Consultation data: Legal questions, AI responses, uploaded documents and photos
- Payment data: Processed by Stripe. We store transaction IDs but NOT credit card numbers
- Device data: Push notification tokens, device platform
- Usage data: Message counts, subscription status, technical logs
3. How and Why We Use Your Data (Legal Bases)
- To provide AI-powered legal information and generate documents — performance of our contract with you (GDPR Art. 6(1)(b))
- To process payments via Stripe — performance of contract (Art. 6(1)(b))
- To send login codes and service notifications — performance of contract (Art. 6(1)(b))
- To keep technical logs and backups for security and reliability — our legitimate interest (Art. 6(1)(f))
- To send optional email notifications — your consent, revocable in Profile settings (Art. 6(1)(a))
4. AI Processing and Third-Party Services
Justivo uses artificial intelligence. When you use the service, you are interacting with an AI system, and generated analyses and documents are AI-generated content.
- OpenAI (USA): Your questions, uploaded documents and profile data used in generated documents are processed by OpenAI under a Data Processing Agreement incorporating the EU Standard Contractual Clauses. OpenAI does not use this data for model training.
- Moonshot AI (Singapore) and DeepSeek (China): These providers receive ONLY a pseudonymized version of your case: before anything is sent to them, we remove names, contact details, personal identification codes, exact addresses, license plates and reference numbers through an automated multi-layer filter. They do not receive your identity, your uploaded files or your photos.
- Stripe (payments), Firebase (push notifications), Tavily (legal web research): supporting services under their respective data processing terms.
5. Data Retention
- Account and consultation data: retained while your account is active; deleted upon account deletion
- Technical logs: up to 90 days
- Backups: rotated within 14 days
- Payment records: retained as required by Estonian accounting law
You can request deletion at any time through the app (Profile → Delete Account) or by contacting us.
6. Your Rights (GDPR)
You have the right to:
- Access your data (Profile → Export Data)
- Rectify your data (Profile → Edit Profile)
- Delete your data (Profile → Delete Account)
- Port your data (export in JSON format)
- Object to or restrict processing
- Lodge a complaint with a supervisory authority — in Estonia: Andmekaitse Inspektsioon (AKI), www.aki.ee, or the authority of your EU country of residence
7. Data Security
We use industry-standard security measures: encrypted connections (TLS), secure token authentication, access-controlled file storage, pseudonymization filters before non-EU AI providers, daily encrypted-at-rest backups, and audit logging of AI processing.
8. Children
Justivo is not intended for use by children under 16. We do not knowingly collect data from children.
9. Changes
We may update this policy. Significant changes will be communicated through the app.
10. Contact
For privacy inquiries: info@justivo.app
XPROFIT OÜ
Registry code: 16942616
Estonia
Contact: info@justivo.app