Privacy Policy

Last updated: 14 July 2026

This Privacy Policy is a single, suite-wide policy. It applies to the JuhiAI website and AI interviewer, to the JuhiAI platform (accounts, companies and billing), and to the JuhiAI agents: CEO Agent, AI Product Owner, AI Accountant and Qualifier Agent (each a “Service”, together the “Services”). The sections below apply to every Service.

1. Who We Are (Data Controller)

The Services are operated by JuhiAI OÜ, a private limited company (osaühing) registered in Estonia under registry code 17527651, with its registered office at Hundimäe tee 2, Rosma küla, Põlva vald, Põlva maakond 63221, Estonia (“JuhiAI”, “we”, “our” or “us”). We are established in the European Union and process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Estonian law.

For privacy questions or to exercise your rights, email help@juhiai.com.

2. Our Role: Controller and Processor

Our role depends on the data and the Service:

  • As a controller. For our website, marketing, the AI interviewer, account administration and our own billing, we decide why and how data is processed. This policy is our controller notice for that data.
  • As a processor.When a business customer uploads or connects data about their own contacts, suppliers or customers — for example invoices and vendor details in AI Accountant, CRM contacts and customer signals in AI Product Owner, or visitor conversations, contact details and qualification summaries collected through a customer's Qualifier Agent widget — that customer is the controller and we act as their processor, processing the data only on their documented instructions. If your data was provided to a Service by your employer or a provider you use, please direct privacy requests to them as the controller; we will support them in responding.

3. Information We Collect

Information you provide or submit through a Service

  • Account and contact details (name, work email, phone, role)
  • Company information (name, website, industry, VAT number)
  • Billing and invoicing details processed through our payment provider and the accounting system JuhiAI uses to issue invoices (paid Services)
  • Content submitted, uploaded or connected through a Service (chat messages, uploaded invoices and documents, imported CRM data, and Qualifier visitor conversations, contact details and qualification summaries)
  • Support and other communications you send us

Information from public sources

When you provide a company website during onboarding, we fetch and process publicly available pages from that site. We store the crawl results with your company profile and use them to create the initial business profile and agent context.

Information collected automatically

  • IP address (used for rate limiting and abuse prevention) and approximate location
  • Browser, device and usage information (pages viewed, actions taken)
  • Cookieless, aggregate website analytics
  • Technical error reports when something goes wrong — the error message and stack trace, the page address, your browser, and, where you are signed in, your user and workspace identifiers. These are stored in the EU. Chat messages, prompts, uploaded documents, secrets and access tokens are removed before an error report leaves our systems.

Information from integrations you authorise

When you connect a third-party system, we receive data from it to provide the Service — for example contacts and signals from HubSpot, or feature requests and issues from Linear. We process this on your instructions as described in Section 2.

4. How We Use Information and Legal Bases

We process personal data for the purposes below, relying on the following GDPR legal bases:

PurposeLegal basis
Providing, operating and securing your account and the ServicesPerformance of a contract (Art. 6(1)(b))
Researching a company’s public website during onboarding to create its business profile and seed agent contextContract; legitimate interests in configuring the Services from public business information
Processing your inputs, documents and connected data through AI providers to deliver featuresContract; for the public website interviewer, consent and/or legitimate interests; for customer widgets, the customer’s documented instructions
Billing, invoicing, payments, credits and fraud prevention (paid Services)Contract; legal obligation; legitimate interests in preventing fraud
Security, rate limiting and abuse prevention (including IP address)Legitimate interests (Art. 6(1)(f))
Cookieless website analytics and product improvementLegitimate interests; consent where required
Lead qualification, notifications, sales and marketing follow-up (public interviewer and Qualifier widget)Consent and/or legitimate interests where JuhiAI is controller; the customer’s documented instructions where JuhiAI is processor
Keeping accounting, tax and transaction recordsLegal obligation (Art. 6(1)(c))
Responding to enquiries and providing supportContract; legitimate interests

5. AI Processing

By default, our Services use Vercel AI Gateway to route requests to AI models that deliver core features. The content you submit — chat messages, uploaded documents, or connected data — is sent through the gateway to the provider that performs inference for the chosen AI model. That AI inference provider acts as our subprocessor for the request.

  • Depending on the AI model selected, different AI inference providers may process your content. The provider can therefore vary between Services, features and requests.
  • If a signed-in CEO Agent user enables a connected Codex subscription, content for the selected Codex model is sent through that user-authorized Codex connection directly to the Codex service instead of Vercel AI Gateway. The provider's terms and settings for that subscription apply.
  • For the default gateway path, we use Vercel AI Gateway and AI inference providers under their business / API terms, which (at the time of writing) do not use your data to train their models.
  • Vercel AI Gateway routes prompts to the selected model's inference provider; we do not use a separate tracing service.
  • AI outputs can be inaccurate or incomplete and are not a substitute for professional advice. See our Terms of Service.

The subprocessor table identifies Vercel AI Gateway, user-authorized AI subscription services and AI inference providers as categories because the route and provider depend on the user's configuration and the AI model selected.

6. Automated Decision-Making and Profiling

The public website interviewer and Qualifier Agent score and qualify leads (for example, estimating need and priority), and AI Product Owner ranks and prioritises product signals. This involves automated profiling. These processes assist human decisions; they do not produce legal or similarly significant effects about you without human involvement. For a Qualifier Agent embedded on a customer's website, that customer determines the purpose and means of the profiling. You may object to this profiling or request human review by contacting the relevant controller.

7. Subprocessors

Your data might be shared with following service providers depending on used services and features in JuhiAI AI Agents suite.

We use vetted service providers who process data on our behalf under written contracts. We do not sell your personal data, and we do not share it for cross-context behavioural advertising.

SubprocessorPurposeLocation
WorkOS, Inc.Authentication and sign-in (AuthKit / SSO)USA
Vercel Inc.Application hosting, serverless compute, CDN and file storageEU / USA
Neon, Inc.Managed serverless PostgreSQL database hostingEU
Vercel AI GatewayLLM gateway routing prompts to underlying model providersUSA
AI inference providersAI inference for the model selected for a Service, feature or requestVaries by provider
User-authorized AI subscription servicesDirect AI transport and inference when a user enables a connected subscriptionVaries by provider
StripePayment processing, billing and subscription managementEU / USA
ResendTransactional email and Qualifier lead notification deliveryUSA
HubSpot, Inc.CRM integration you authorise to import customer signalsEU / USA
LinearIssue tracker integration you authorise to sync feature requestsUSA
UmamiPrivacy-friendly, cookieless website analyticsEU
Functional Software, Inc. (Sentry)Application error monitoring and crash reportingEU (Germany)

We give business customers reasonable prior notice of changes to this list. Locations and processing terms may be confirmed against each provider's current documentation.

8. Other Sharing and Disclosure

We may also disclose information:

  • To third-party systems you choose to connect (e.g. HubSpot, Linear, the Estonian Tax and Customs Board), at your direction
  • To the accounting system JuhiAI uses to issue invoices and maintain legally required accounting records
  • To comply with the law, a court order, or a lawful request from authorities
  • To establish, exercise or defend legal claims, and to protect our rights, users and the public
  • In connection with a merger, acquisition or sale of assets, subject to this policy

9. International Data Transfers

We aim to store and process personal data within the European Economic Area. Some subprocessors are located in the United States or operate globally. Where data is transferred outside the EEA, we rely on an adequacy decision or on the European Commission's Standard Contractual Clauses (2021/914) together with supplementary measures, as applicable.

10. Data Retention

We keep personal data only as long as necessary for the purpose it was collected, and then delete or anonymise it. Where the law requires longer retention (notably accounting and tax records), that obligation overrides deletion requests for the affected records.

DataRetention
Account, company profile, website research and agent workspace content (business profiles, plans, tasks, agent chat context)Life of the account, then up to 12 months
Website and Qualifier lead/interview data (transcripts, contact details, qualification summaries and scoring)Up to 24 months from last contact, then deleted or anonymised
Invoices, accounting and tax records (AI Accountant)7 years (Estonian Accounting Act § 12)
Billing, payment and VAT records (JuhiAI platform)7 years (accounting and tax law)
Customer data we process as a processorPer your instructions; deleted or returned on termination, subject to legal retention
Security and operational logsUp to 12 months

11. Data Security

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls and authentication, tenant isolation, rate limiting, and least-privilege access for staff. The Qualifier widget also uses origin allow-listing, signed session tokens and usage limits. No method of transmission or storage is completely secure, but we work to protect your information and to review our safeguards.

12. Your Rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data corrected and incomplete data completed
  • Have your data erased (“right to be forgotten”), subject to legal retention
  • Restrict or object to processing, including profiling and direct marketing
  • Receive your data in a portable format
  • Withdraw consent at any time, without affecting prior processing

To exercise these rights, contact us at help@juhiai.com. Where we act as a processor, we will refer your request to the relevant controller. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, aki.ee) or your local supervisory authority.

13. Cookies and Analytics

Our website uses Umami for analytics, which is cookieless and does not track you across sites or use your data for advertising. Authenticated areas use strictly necessary cookies for sign-in and security (via WorkOS). We do not use advertising or cross-site tracking cookies.

14. Children’s Privacy

The Services are intended for business use by adults and are not directed to children. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

15. Changes to This Policy

We may update this policy from time to time. We will post the updated version here and revise the “Last updated” date, and for material changes we will provide reasonable notice (for example by email or in-product notice).

16. Contact Us

Questions about this policy or your data? Contact:

help@juhiai.com