Juro's compliance with the CCPA

Compliance
Privacy
April 2, 2024
5
min
At Juro, we take our responsibility to protect the data we handle on behalf of our customers extremely seriously.

The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) apply to any business that collects, receives or sells the personal information of consumers in California.

The CCPA also imposes requirements on service providers like Juro, which process personal information on behalf of another business.

We work every day with businesses subject to the California consumer privacy regime, and we’re here to support you as a reliable, trustworthy service provider if you use Juro to process personal information about consumers in California.

Keep reading to find out more about our CCPA compliance.

Consumer rights

Right to know / access

Under the CCPA (§ 1798.110), consumers have rights to know certain information about how your business is using their personal information. This includes:

  • The kind of information your business has and why
  • The sources of that information
  • The categories of third parties to whom your business discloses that information

Additionally, consumers have the right to access information that your business holds about them.

With Juro, you can use features in the platform for most routine requests. Juro’s OCR functionality allows users to find and retrieve personal information from contracts easily - an essential step when responding to a request from a consumer exercising the right to know or right to access.

For more complex requests that you can’t serve using existing functionality in the platform, just contact support@juro.com and we’ll be happy to help.

Right to delete

Consumers in California also have the right to request that your business delete any personal information you've collected about them - § 1798.105.

You can easily use Juro’s powerful search bar to find consumers’ information and delete it all from within the platform itself.

For any complex request that you can’t serve using existing functionality in the platform, just contact support@juro.com and we’ll be happy to help.

Right to opt out of sale

California consumers have a right to opt out of the sale or sharing of their personal information - § 1798.120.

Juro doesn’t sell your consumer personal information. This means you can start using Juro straight away without needing to add further complexity to your compliance processes.

General duties

Information

At Juro, we’re experienced in helping customers who are subject to California privacy laws. We’re clear about our status as a service provider, and we’re clear that we don’t sell any consumer personal information you put in Juro.

This clarity means that you can confidently inform your California consumers about whether their personal information will be sold or shared.

Service provider written agreement

Our data processing agreement contains all of the mandatory provisions and certifications required for service providers under the CCPA. You can read more about this below.

Security procedures and practices

When you collect consumer personal information in California, you have a duty to implement reasonable security procedures and practices to protect personal information from unauthorized or illegal access, destruction, use, modification, or disclosure. More on this here - § 1798.104(f).

Juro is SOC 2 Type II certified. Alongside this, Juro has implemented a comprehensive security programme designed to protect personal information in our custody.

You can find out more about the specific measures we have in place in our article on application security.

We update these measures from time to time to reflect updated security practices and to respond to emerging threats.

Juro as a service provider under the CCPA

If your business uses Juro to process personal information about California consumers, then Juro is a service provider under the CCPA.

Juro has this status because it meets the following conditions set out in the CCPA - § 1798.140(ag)(1):

  • Juro processes personal information on behalf of your business
  • Juro does so under a written contract with your business

Juro’s written contract with your business prohibits Juro from:

  • Selling or sharing the personal information
  • Retaining, using or disclosing the personal information for any purpose other than the purpose set out in Juro’s contract with your business
  • Retaining, using or disclosing the personal information outside of the direct relationship between Juro and your business
  • Combining the personal information with other information

No sale

As a Juro customer, your data is your data. Juro does not sell consumer personal information contained in your contracts to anyone, including in the way that “sell” is defined in the CCPA - § 1798.140(ad).

If you use our AI Assistant, you can also rest assured that consumer personal information isn’t used to train any foundation models. We've made deliberate choices to prioritize privacy in our platform and ensure that this information stays confidential to your business.

Juro’s approach to privacy

Juro was founded in the UK and Europe in one of the most stringent regulatory environments for personal privacy and data protection worldwide.

We're experienced in operating to demanding regulatory standards and Juro is built with privacy at its core.

We have a significant customer base in the US, and have a strong track record of helping US-based customers meet their obligations under the CCPA.

We have US investors and work closely with our US counsel to ensure that we remain on top of the latest regulatory and legislative developments.

We take privacy extremely seriously. We know that our customers entrust us with their most sensitive business information, and it is our responsibility to handle personal information within that sensitive data with care.

We have implemented an extensive privacy compliance programme that has incorporated privacy into our product development, documentation, contractual agreements, security policies, and organizational practices. Privacy is at the heart of how we build, maintain and develop Juro.

Juro’s data processing agreement

Juro offers customers a US-specific data processing agreement (US DPA) that supplements the master services agreement. Our DPA includes the provisions required by the CCPA.

Below we detail how Juro’s US DPA meets the requirements of the CCPA. Click on each collapsible menu to read more.

CCPA reference: § 1798.100(d)(1)

US DPA reference: 1.2 - 1.5 (inclusive)

Juro agrees not to use the personal information disclosed by you for any purpose other than providing, managing and securing the services Juro is providing to you.

CCPA reference: § 1798.100(d)(2)

US DPA reference: 1.6

Juro commits to comply with all applicable sections of the CCPA and CPRA.

CCPA reference: § 1798.100(d)(3)

US DPA reference: 1.7

Juro allows you to take reasonable and appropriate steps to ensure Juro’s compliance with the US DPA.

CCPA reference: § 1798.100(d)(4)

US DPA reference: 1.8

Juro commits to notifying you if it can no longer meet its obligations under the CCPA or CPRA.

CCPA reference: § 1798.100(d)(5))

US DPA reference: 1.9

Juro allows you to take reasonable and appropriate steps to stop and remediate any unauthorized use by Juro of relevant personal information.

Disclaimer: this article is for general information only - it is not legal advice, so you should not rely on it.

Want to find out more? Contact your sales representative, or get in touch below.

Instantly book a personalized demo

  • Schedule a live, interactive demo with a Juro specialist

  • See in-depth analysis of your contract process - and tailored solutions

  • Find out what all-in-one contract automation can do for your business

4.8
4.8

Schedule a demo

To learn more about the use of your personal data, please consult our readable Privacy Policy.