Privacy Notice
Who we are
Jurocompliant is operated by Juro Compliance Ltd. We build non-custodial compliance scanning tools. Our contact is help@jurocompliant.com.
What this notice covers
This notice explains what personal data we collect when you use jurocompliant.com, why we collect it, and your rights. It does not cover data collected by the scanner about third-party websites — the scanner processes URLs you submit but does not store or transmit the content of those websites beyond the active scan session.
What we collect and why
| Data | When | Purpose | Lawful basis |
|---|---|---|---|
| Email address | When you submit the email form after a scan or self-assessment | To send you remediation guidance for the gaps found | Consent |
| Name (optional) | When you submit the email form | To personalise our response | Consent |
| Referrer and UTM parameters | Captured automatically with form submission | To understand which channel brought you to the form | Consent |
| Hashed IP address | Captured automatically with form submission and with pageview beacon | Spam and abuse prevention. Stored only as a daily-salted SHA-256 hash — the raw IP is never written to disk, and yesterday's hash cannot be linked to today's. | Legitimate interests |
| Pageview beacon | On each page load, one request is sent to our own API recording the path visited, the referring URL, UTM parameters, a daily-salted hash of your IP, and a daily-salted hash of your User-Agent string. | To understand which content and channels are working without running third-party analytics. Used for aggregate traffic counts only — no individual profile is built and no cross-site tracking occurs. | Legitimate interests |
| Scan submission record | When you press "Scan now" with a valid domain, we store the domain you entered alongside a daily-salted hash of your IP and User-Agent string and the page that referred you to the scanner. | To understand which domains prospects ask us to scan and how the scanner is being used. Used for aggregate funnel measurement only — no individual profile is built. | Legitimate interests |
| Scan result cache | When a scan completes, we store its findings (the rule violations observed, severity ratings, and remediation guidance) keyed on the domain you submitted. Subsequent visits within 18 minutes — including yours, after a refresh — are served this cached result instead of re-running the scanner. | To return results instantly when the same domain is viewed again, without spinning up the headless browser repeatedly. The cache contains only analysis output describing the public site's compliance posture — no page content, no cookies, no third-party visitor data. | Legitimate interests |
We do not use third-party analytics, advertising pixels, or tracking cookies. We do not set any cookies on this site, and we do not write to your browser's localStorage or sessionStorage for tracking purposes. The pageview beacon described above sends one request to our own API (api.jurocompliant.com) and stores no identifiers on your device — because nothing is written to your device, the ePrivacy Directive Article 5(3) consent requirement does not apply to this mechanism. The only other third-party request made on page load is for self-hosted fonts served from this domain.
Who we share data with
Email submissions are received and stored directly on infrastructure we operate — we do not use a third-party form handler. We do not sell personal data, and we do not share it with any other party.
How long we keep data
Email submissions are kept for up to 24 months from the date you last interacted with us, then hard-deleted. You can request earlier deletion at any time — see "Your rights" below. When you request erasure, we mark the record deleted immediately and hard-purge it within 30 days.
Pageview beacon records, scan submission records, and scan result cache entries are kept for 90 days, then hard-deleted. Because the stored identifiers are daily-salted hashes that rotate at UTC midnight, rows older than the current day are effectively unlinkable to any individual. The scan result cache holds no identifier at all — only the domain and the findings.
Your rights
Under GDPR (if you are in the EU/EEA/UK) and DPDP Act 2023 (if you are in India), you have the right to:
| Right | How to exercise it |
|---|---|
| Access the data we hold about you | Email help@jurocompliant.com. We will respond within 48 hours. |
| Correct inaccurate data | |
| Request erasure of your data | |
| Withdraw consent at any time | |
| Lodge a complaint with a supervisory authority |
Scanner data
When you submit a URL for scanning, the scanner visits that URL using a headless browser. The fetched page content, cookies, and network requests observed during the scan are processed in memory to generate findings, then discarded — they are never stored or logged. The findings themselves (rule violations and remediation text describing the public site's compliance posture) are cached for 90 days; see "Scan result cache" in the data table above. We do not retain a copy of any page content, user data belonging to third-party website visitors, or infrastructure details of the scanned site.
By submitting a URL, you confirm that you are authorised to scan that domain. Scanning a domain you do not own or have permission to scan may violate the target site's terms of service and applicable law.
Changes to this notice
We will update this notice if our data practices change. The "last updated" date at the top will reflect any changes. Material changes will be announced at help@jurocompliant.com to anyone who has submitted their email.
Questions or requests?
Email us at help@jurocompliant.com. We respond to all data-related requests within 48 hours.