Privacy Policy
Effective Date: March 25, 2026 · Last Updated: March 25, 2026
This Privacy Policy describes how Juno ("we," "us," or "our"), operated at heyjuno.online, collects, uses, shares, and protects information in connection with our AI-powered product demonstration and lead qualification platform (the "Service"). By using the Service, you agree to the collection and use of information as described in this policy.
Juno operates as a business-to-business ("B2B") SaaS platform. Our customers ("Customers") embed Juno's widget on their websites to engage with their website visitors ("Visitors"). This policy applies to both Customers and Visitors.
1. Information We Collect
1.1 Visitor Data
When a Visitor interacts with the Juno widget embedded on a Customer's website, we may collect:
- Name, email address, and company name (if voluntarily provided during a demo conversation)
- Job title, phone number, and other professional contact details shared in conversation
- IP address (anonymized for analytics; full IP is not stored long-term)
- Browser type, operating system, device type, and screen resolution
- Referring URL and pages visited on the Customer's website
- Conversation transcripts, including all messages exchanged with the AI agent
- Behavioral signals such as session duration, message count, and interaction patterns
1.2 Customer Data
When a Customer registers for and uses the Juno dashboard, we collect:
- Account registration details: name, email address, company name, and password (hashed)
- Billing information: processed and stored by Razorpay; we do not store full card numbers
- Knowledge base content: product descriptions, FAQs, and documentation uploaded to train the AI
- Widget configuration preferences and customization settings
- Usage data: login timestamps, feature usage patterns, and API call volumes
1.3 Payment Data
Payment processing is handled by Razorpay. We receive transaction confirmations, subscription status, and invoice details. We never receive or store full credit card numbers, CVVs, or banking credentials. Razorpay's handling of payment data is governed by their own privacy policy and PCI-DSS compliance.
1.4 Usage and Technical Data
We automatically collect:
- Server logs including request timestamps, endpoints accessed, and response codes
- Performance metrics: page load times, API latency, and error rates
- Aggregated analytics on conversation volumes, lead scores, and conversion rates
2. How We Use Your Information
2.1 AI-Powered Conversations
Visitor messages are processed by artificial intelligence models (see Section 4) to generate contextual, real-time responses during product demonstrations. Conversation content is analyzed to understand product questions, handle objections, and guide Visitors through relevant demos.
2.2 Lead Qualification
We use AI to perform automated lead qualification based on the BANT framework (Budget, Authority, Need, Timeline). Information shared during conversations is scored and categorized to help Customers prioritize sales follow-ups. Lead scores are derived algorithmically; no fully automated decisions with legal effects are made without human review.
2.3 Analytics and Reporting
We aggregate and analyze conversation data, visitor behavior, and engagement metrics to provide Customers with dashboards, reports, and insights about their demo performance and lead pipeline.
2.4 Service Improvement
We use anonymized and aggregated data to improve our AI models, refine response quality, enhance platform features, and fix bugs. Individual conversation data is not used to train third-party AI models (see Section 4 for details on third-party AI providers).
2.5 Transactional Communications
We send transactional emails including session follow-up summaries, weekly performance reports, account notifications, and billing receipts. These are sent via Resend and are not marketing communications.
3. Data Sharing and Third-Party Processors
We do not sell personal data. We share information only with the following categories of service providers, each acting as a data processor on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude API) | AI conversation generation and response synthesis | Conversation messages, knowledge base context for retrieval-augmented generation |
| OpenAI (Embeddings API) | Text embedding generation for semantic search and knowledge retrieval | Knowledge base text chunks for vectorization |
| Razorpay | Payment processing and subscription management | Billing name, email, transaction amounts, subscription details |
| Resend | Transactional email delivery | Recipient email address, email content (session summaries, reports) |
| Vercel | Application hosting, edge network, and serverless function execution | HTTP request data, server logs, application telemetry |
| Supabase | Database hosting (PostgreSQL with pgvector) | All persistent application data (encrypted at rest) |
Each provider processes data in accordance with their own privacy policies and data processing agreements. We do not authorize any provider to use your data for purposes beyond providing services to Juno.
We may also disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of Juno, our Customers, or the public.
4. Data Retention
- Conversation transcripts: Retained for the duration of the Customer's active subscription plus 90 days after account termination, after which they are permanently deleted.
- Lead and visitor data: Retained for the duration of the Customer's subscription. Customers may delete individual visitor records at any time via the dashboard.
- Knowledge base content: Retained until deleted by the Customer or for 30 days after account termination.
- Account data: Retained for the duration of the account plus 90 days post- termination for operational continuity and dispute resolution.
- Billing records: Retained for 7 years to comply with applicable tax and financial regulations.
- Server logs: Retained for 30 days, then automatically purged.
5. Data Security
We implement industry-standard security measures to protect your data:
- Encryption in transit: All data transmitted between clients and our servers is encrypted using TLS 1.2 or higher. API communications with third-party providers (Anthropic, OpenAI, Razorpay, Resend) are exclusively over HTTPS.
- Encryption at rest: Database storage on Supabase PostgreSQL uses AES-256 encryption at rest. Backups are similarly encrypted.
- Access controls: Dashboard access is authenticated via session tokens (JWT). Widget API access is restricted to valid API keys scoped to each Customer. Internal database access is limited to essential service accounts with least-privilege permissions.
- Password security: Customer passwords are hashed using bcrypt with a minimum cost factor of 10. We never store plaintext passwords.
- Security headers: We enforce Strict-Transport-Security (HSTS with preload), X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy headers on all responses.
- Cross-origin widget isolation: The Juno widget renders inside a Shadow DOM, isolating its execution context from the host page. Widget-to-server communication is authenticated per-request.
6. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at hello@lore.surf.
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
- Right to data portability: Request an export of your data in a structured, machine-readable format (JSON or CSV).
- Right to object: Object to processing of your data for specific purposes, including automated lead qualification.
- Right to restrict processing: Request that we limit how we process your data while a complaint or correction request is pending.
For Visitors: If your data was collected through a Customer's website, we recommend contacting that Customer directly. We will cooperate with Customers to fulfill data subject requests.
We will respond to all valid requests within 30 days. We may need to verify your identity before processing a request.
7. Cookies and Tracking
The Juno widget does not use cookies. Widget session state is maintained in-memory for the duration of the conversation and is not persisted in the Visitor's browser storage.
The Juno dashboard (heyjuno.online) uses the following:
- Authentication cookies: Secure, HttpOnly session cookies to maintain login state. These are strictly necessary and cannot be disabled.
- Local storage: Used for non-sensitive UI preferences (theme, sidebar state).
We do not use third-party tracking cookies, advertising pixels, or fingerprinting techniques.
8. Third-Party Services
Our Service integrates with third-party services as described in Section 3. Each of these services has its own privacy policy governing their handling of data:
- Anthropic: anthropic.com/privacy
- OpenAI: openai.com/privacy
- Razorpay: razorpay.com/privacy
- Resend: resend.com/legal/privacy-policy
- Vercel: vercel.com/legal/privacy-policy
- Supabase: supabase.com/privacy
We encourage you to review these policies. We are not responsible for the privacy practices of third-party services.
9. Children's Privacy
Juno is a B2B SaaS platform designed for business use. Our Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age. If we become aware that we have collected data from a minor, we will promptly delete it. If you believe a minor has provided us with personal data, contact us at hello@lore.surf.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify registered Customers via email at least 15 days before changes take effect
- Post a prominent notice on our dashboard for active users
Continued use of the Service after changes become effective constitutes acceptance of the revised policy.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:
- Email: hello@lore.surf
- Website: heyjuno.online
We aim to respond to all inquiries within 5 business days.