JusticeX — Trust Center (Privacy & Information Security)

Privacy Policy

How JusticeX collects, uses, and protects personal information.

What we collect

Account information — name, email, mobile number, and the role you select (client, mediator, or attorney), entered once at sign-up.
Matter information — the documents, figures, and positions you submit for objective comparison.
Usage information — limited technical logs needed to operate and secure the service. Personal-identifier fields are never written to logs; logs are scrubbed at ingest.

How we use it

Solely to provide the objective comparison you request, operate and secure the platform, and meet legal obligations. JusticeX produces objective, mathematical analysis only — it does not interpret law or render advice. We do not sell personal information, and we do not share your contacts.

Your choices & rights

Granular consent

Separate toggles for (a) AI analysis, (b) legal-precedent retrieval, (c) product communications, and (d) research/improvement (off by default).

Access & portability

Request a copy of your data, exported as structured JSON, on a self-service basis (fulfilled within 30 days).

Deletion

Request erasure; data is cryptographically destroyed (key-shredding), subject to any legal-hold exception.

Age

The service is for adults (18+). Minor parties require a verified guardian co-account with appropriate controls.

Retention & location

Matter data is retained for the life of the matter plus the period required by law, then destroyed. Data may be processed in U.S. or EU regions depending on your residency.

Consent & sign-off

At sign-up you review and accept this Policy, the Information Security Policy, and the Legal & UPL Disclaimer. Each consent is recorded with a timestamp so you and JusticeX have a clear record of what was agreed.

Information Security Policy

The safeguards that protect your information. No system can guarantee absolute security, but these controls reflect leading practice.

Protecting your data

Encryption — AES-256 at rest and TLS 1.3 in transit; customer-managed keys where applicable.
Access control — multi-factor authentication required; least-privilege, attribute-based access; a user only ever sees matters they are explicitly authorized to.
Tenant & matter isolation — each organization and each matter is logically separated; cross-matter access is blocked, and the AI is prevented from mixing information across matters.
Audit trail — security-relevant events are logged to a tamper-evident record.

Privilege & redaction

Attorney work product can be designated privileged and clawed back; sensitive identifiers are redacted before symmetric comparison so neither side sees the other's unredacted materials.

Governance & compliance roadmap

SOC 2 Type II

Targeted as the platform scales to production.

ISO 27001 / 27701

On the compliance roadmap.

HIPAA

Business-Associate-ready posture for health-adjacent data.

GDPR / CCPA

Data-subject rights supported (access, portability, deletion).

If something goes wrong

We maintain an incident-response process, including rapid containment of any privilege or tenant-boundary issue and timely notification to affected users as required by law.

Draft for attorney review. These policies are drafted for executive review; final language is pending sign-off by JusticeX.ai outside counsel. Part of a synthetic demonstration — no real personal data is processed.