Privacy Policy

1.1 Personal Information You Provide

• Account Information: Name, email address, password, profile photo, job title, company name, and other information you provide when creating or updating your account on junior.so.
• Billing Information: Payment method details, billing address, and transaction history processed through our third-party payment processors.
• Communications: Information you provide when you contact us for support, submit feedback, or otherwise communicate with us.

1.2 Workspace Data

• Organization and Team Data: Workspace names, team structures, member roles, permissions, and organizational settings.
• User-Generated Content: Instructions, prompts, task descriptions, documents, messages, and other content you create or upload within the Services.

1.3 AI Interaction Data

• Prompts and Instructions: Text, commands, and instructions you provide to AI employees (agents) within the platform.
• Agent Outputs: Responses, content, deliverables, and actions generated by AI employees on your behalf.
• Conversation Histories: Logs of interactions between you and AI employees, including chat histories, task threads, and feedback.
• Agent Action Logs: Records of actions taken by AI employees, including tool usage, decision-making steps, API calls, and execution traces.

1.4 Connected Tool Data

When you authorize AI employees to access third-party services on your behalf, we may collect and process data from those connected tools, including but not limited to:

• Communication Platforms (e.g., Slack, Microsoft Teams): Messages, channel information, user mentions, and workspace metadata.
• Email Services (e.g., Gmail, Outlook): Email content, subject lines, sender/recipient information, and attachments as necessary to perform authorized tasks.
• Calendar Services (e.g., Google Calendar, Outlook Calendar): Event details, attendee information, scheduling data, and availability.
• Project Management Tools (e.g., Jira, Asana, Linear): Task details, project data, assignments, and status information.
• Code Repositories (e.g., GitHub, GitLab): Repository data, code content, pull requests, issues, and commit information.
• Document Storage (e.g., Google Drive, Notion): Document content, file metadata, and sharing permissions.

The scope of data accessed from connected tools depends on the permissions you grant and the tasks you assign to AI employees.

1.5 Automatically Collected Information

• Device and Browser Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
• Usage Data: Pages visited on junior.so, features used, click patterns, session duration, referring URLs, and interaction patterns.
• Log Data: Server logs, error reports, access times, and diagnostic data.
• Location Data: Approximate geographic location inferred from your IP address.

3.1 European Economic Area (EEA), United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, we process your personal information based on the following legal grounds under the General Data Protection Regulation (GDPR) or equivalent legislation:

• Performance of a Contract: Processing necessary to perform our contract with you (e.g., providing the Services, managing your account, executing AI employee tasks).
• Legitimate Interests: Processing necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include improving the Services, ensuring security, preventing fraud, and conducting analytics.
• Consent: Where you have provided explicit consent for specific processing activities (e.g., marketing communications, optional data sharing, certain AI data processing activities).
• Legal Obligation: Processing necessary to comply with legal obligations to which we are subject.

3.2 Canada

If you are located in Canada, we rely on the following bases under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation:

• Consent: We obtain your express or implied consent for the collection, use, and disclosure of your personal information, except where permitted or required by law without consent.
• Legitimate Business Purposes: We process information for purposes that a reasonable person would consider appropriate in the circumstances.
• Legal Requirements: We may process information without consent where required or permitted by law.

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Cloud hosting and infrastructure providers
• Payment processors
• Analytics providers
• Customer support tools
• Email delivery services

4.2 AI Model Providers

To power the AI employee capabilities of the Services, we transmit data to third-party AI model providers, including but not limited to Anthropic, OpenAI, and other large language model (LLM) providers. This data may include your prompts, instructions, workspace context, and connected tool data necessary for AI employees to perform their tasks. See Section 7 for detailed information about AI data processing.

4.3 Connected Third-Party Services

When you authorize integrations, AI employees may transmit data to and from third-party services (e.g., Slack, Gmail, GitHub) as necessary to perform the tasks you assign.

4.4 Business Transfers

In connection with any merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred to the acquiring or successor entity.

4.5 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.

4.6 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4.7 Aggregated or De-Identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for research, analytics, and other purposes.

5.1 Types of Cookies

• Strictly Necessary Cookies: Essential for the operation of the Services, such as authentication and security cookies. These cannot be disabled.
• Analytics Cookies: Help us understand how users interact with junior.so by collecting usage data in an aggregated or pseudonymized form.
• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.
• Marketing Cookies: Used to deliver relevant advertisements and track the effectiveness of our marketing campaigns.

5.2 Your Cookie Choices

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all or some cookies, or to alert you when cookies are being sent. Please note that disabling cookies may affect the functionality of the Services.

7.1 LLM Processing

The core functionality of junior.so involves processing your data through large language models (LLMs) and other AI systems. When you interact with AI employees, assign tasks, or enable automated workflows, your prompts, instructions, contextual data, and relevant workspace information are transmitted to and processed by AI systems to generate responses, take actions, and complete tasks.

7.2 Third-Party AI Providers

We utilize third-party AI model providers to power our AI employees, including but not limited to:

• Anthropic (Claude models)
• OpenAI (GPT models)
• Other LLM and AI service providers as needed

Data transmitted to these providers may include your prompts, conversation history, workspace context, and data from connected services necessary for task execution. We maintain data processing agreements with these providers that restrict their use of your data. However, we encourage you to review the privacy policies of these providers for complete information about their data handling practices.

7.3 Connected Services Access

When you grant AI employees access to connected third-party services (such as Slack, Gmail, Google Calendar, GitHub, or other integrations), the AI employees may read, process, and act upon data within those services to the extent necessary to perform your assigned tasks. This may include:

• Reading and composing emails
• Accessing and creating calendar events
• Reading and posting messages in communication channels
• Accessing and modifying code repositories
• Reading and editing documents
• Performing other actions within the scope of granted permissions

You are responsible for ensuring that you have the authority to grant AI employees access to data in connected services, particularly data that may belong to or affect other individuals.

7.4 Sensitive Data Warning

Please exercise caution when sharing sensitive personal information with AI employees. The Services are not specifically designed to process special categories of personal data (as defined under the GDPR) or sensitive personal information, including but not limited to:

• Racial or ethnic origin
• Political opinions or religious beliefs
• Health or biometric data
• Financial account numbers, Social Security numbers, or government-issued identifiers
• Trade secrets or highly confidential business information

While we implement security measures to protect all data processed through the Services, we recommend that you avoid sharing sensitive personal information with AI employees unless strictly necessary and you have evaluated the associated risks.

7.5 Retention of AI Logs

AI interaction data, including prompts, responses, agent action logs, and conversation histories, is retained in accordance with the retention periods described in Section 9. You may request deletion of your AI interaction data at any time, subject to our legal obligations and legitimate business needs.

7.6 Deletion Rights

You have the right to request deletion of your AI interaction data, including:

• Conversation and chat histories with AI employees
• Agent action logs and execution traces
• Prompts and instructions provided to AI employees
• Outputs generated by AI employees on your behalf

To exercise your deletion rights, please contact us at support@kuse.ai or use the account settings available on junior.so. Please note that deletion requests are subject to certain exceptions, including data we are required to retain for legal compliance purposes.

7.7 De-Identified Data for Improvement

We may use de-identified, aggregated, or anonymized data derived from your interactions with AI employees to improve our AI systems, models, algorithms, and the overall quality of the Services. De-identified data is data that has been processed so that it cannot reasonably be used to identify you or any other individual. This use of de-identified data is consistent with applicable data protection laws and does not constitute a sale of your personal information.

8.1 EEA, UK, and Switzerland Transfers

If you are located in the EEA, UK, or Switzerland, we ensure that transfers of your personal information to countries outside these regions are subject to appropriate safeguards, including:

• Standard Contractual Clauses (SCCs): As approved by the European Commission and/or the UK Information Commissioner's Office.
• Adequacy Decisions: Transfers to countries that the European Commission has determined provide an adequate level of data protection.
• Other Lawful Mechanisms: Any other transfer mechanism recognized under applicable data protection laws.

8.2 AI Provider Transfers

Data transmitted to third-party AI model providers (as described in Section 7) may be processed in jurisdictions outside your home country. We ensure that such transfers are subject to appropriate contractual protections and data processing agreements.

By using the Services, you acknowledge that your information may be transferred to and processed in jurisdictions outside your own.

11.1 European Economic Area (EEA), United Kingdom, and Switzerland

If you are located in the EEA, UK, or Switzerland, you have the following rights under the GDPR or equivalent legislation:

• Right of Access: The right to request a copy of the personal information we hold about you.
• Right to Rectification: The right to request that we correct inaccurate or incomplete personal information.
• Right to Erasure: The right to request that we delete your personal information, subject to certain exceptions.
• Right to Restriction of Processing: The right to request that we restrict the processing of your personal information in certain circumstances.
• Right to Data Portability: The right to receive your personal information in a structured, commonly used, and machine-readable format.
• Right to Object: The right to object to the processing of your personal information based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, the right to withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Right to Lodge a Complaint: The right to lodge a complaint with a supervisory authority in your jurisdiction.

To exercise any of these rights, please contact us at support@kuse.ai.

11.2 United States — State Privacy Rights

Residents of certain U.S. states have specific privacy rights under applicable state laws, including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), and the Texas Data Privacy and Security Act (TDPSA).

Depending on your state of residence, you may have the following rights:

• Right to Know / Access: The right to know what personal information we collect, use, disclose, and sell or share, and to request access to your specific personal information.
• Right to Delete: The right to request deletion of your personal information.
• Right to Correct: The right to request correction of inaccurate personal information.
• Right to Opt Out: The right to opt out of the sale or sharing of your personal information, and the right to opt out of targeted advertising or profiling.
• Right to Non-Discrimination: The right not to be discriminated against for exercising your privacy rights.
• Right to Data Portability: The right to obtain your personal information in a portable and readily usable format.

11.3 CCPA Categories of Personal Information

The following table describes the categories of personal information we have collected from consumers in the preceding twelve (12) months, as defined by the CCPA:

We do not sell your personal information. We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA.

To exercise your rights, please contact us at support@kuse.ai. We may need to verify your identity before fulfilling your request. You may also designate an authorized agent to submit a request on your behalf.