Data Processing Agreement
Last updated: January 2025
1. Introduction and Scope
This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Data Controller" or "Customer") and Juno ("Data Processor" or "we") regarding the processing of personal data in connection with our AI-powered content summarization services.
This DPA applies to all personal data processing activities performed by Juno on behalf of the Customer in the course of providing our services through getjuno.app.
This DPA is designed to meet the requirements of the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Definitions
For the purposes of this DPA, the following definitions apply:
Key Terms
Personal Data: Any information relating to an identified or identifiable natural person contained in content processed through our services.
Processing: Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.
Data Subject: The identified or identifiable natural person to whom personal data relates.
Data Controller: The natural or legal person who determines the purposes and means of processing personal data (the Customer).
Data Processor: The natural or legal person who processes personal data on behalf of the Data Controller (Juno).
3. Nature and Purpose of Processing
3.1 Processing Activities
Juno processes personal data solely for the purpose of providing our AI-powered content summarization services, which may include:
- Analyzing and summarizing uploaded documents and content
- Generating interactive insights and Q&A features
- Storing processed content and generated summaries
- Providing personalized learning recommendations
- Maintaining user accounts and service functionality
3.2 Categories of Personal Data
The types of personal data that may be processed include:
- Names and contact information contained in uploaded documents
- Professional or educational information in processed content
- Any other personal data contained in user-uploaded materials
- Account information and usage data
3.3 Categories of Data Subjects
Data subjects may include:
- The Customer (account holder)
- Individuals mentioned in uploaded content or documents
- Authors and contributors of processed materials
4. Data Processor Obligations
4.1 Processing Instructions
Juno shall process personal data only on documented instructions from the Customer, including:
- Processing personal data contained in uploaded content
- Generating summaries and insights from such data
- Storing and retrieving processed data as part of our services
- Any additional instructions provided through our platform interface
4.2 Confidentiality
Juno ensures that persons authorized to process personal data:
- Are bound by confidentiality obligations
- Have received appropriate training on data protection
- Process personal data only as necessary for service provision
4.3 Security Measures
We implement appropriate technical and organizational measures to ensure data security, including:
- Encryption of data in transit and at rest
- Access controls and authentication mechanisms
- Regular security assessments and monitoring
- Incident response and breach notification procedures
- Secure data deletion and destruction processes
5. Sub-Processing
5.1 Authorization
The Customer authorizes Juno to engage sub-processors for specific processing activities, provided that:
- Sub-processors are bound by data protection obligations equivalent to this DPA
- Juno remains fully liable for sub-processor performance
- Customers are notified of any changes to sub-processors
5.2 Current Sub-Processors
Our current sub-processors include:
- Cloud infrastructure providers for secure data storage and processing
- AI service providers for content analysis and summarization
- Security monitoring and backup service providers
6. Data Subject Rights
6.1 Assistance with Rights Requests
Juno shall assist the Customer in fulfilling data subject rights requests, including:
- Access: Providing access to personal data being processed
- Rectification: Correcting inaccurate personal data
- Erasure: Deleting personal data when required
- Restriction: Limiting processing activities
- Portability: Providing data in a structured format
- Objection: Ceasing processing when objected to
6.2 Response Timeframe
We will respond to data subject rights requests within 30 days of receiving a valid request from the Customer.
7. Data Breach Notification
7.1 Notification Procedure
In the event of a personal data breach, Juno shall:
- Notify the Customer without undue delay and within 72 hours of becoming aware
- Provide all relevant information about the nature and scope of the breach
- Describe measures taken to address the breach and mitigate its effects
- Assist the Customer in notifying supervisory authorities if required
7.2 Breach Response
Upon discovering a breach, we will immediately:
- Contain and assess the scope of the incident
- Implement measures to prevent further unauthorized access
- Document the incident and response actions taken
- Cooperate with any regulatory investigations
8. International Data Transfers
8.1 Transfer Safeguards
When personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards through:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for countries with adequate protection levels
- Additional technical and organizational measures as required
8.2 Transfer Locations
Personal data may be transferred to and processed in countries where our service providers operate, including the United States and other jurisdictions with appropriate safeguards in place.
9. Data Retention and Deletion
9.1 Retention Period
Personal data will be retained only for as long as necessary to provide our services or as required by law. Upon termination of services:
- Data will be deleted within 90 days unless legally required to retain
- Customers may request earlier deletion of their data
- Backup copies will be securely deleted according to our retention schedule
9.2 Deletion Procedures
We employ secure deletion methods to ensure personal data cannot be recovered or reconstructed after deletion.
10. Audits and Compliance
10.1 Compliance Monitoring
Juno maintains records of processing activities and regularly reviews compliance with data protection obligations.
10.2 Audit Rights
Customers have the right to audit our compliance with this DPA, subject to:
- Reasonable advance notice and scheduling
- Confidentiality obligations regarding our systems and processes
- Cost-sharing arrangements for extensive audit activities
11. Term and Termination
11.1 Agreement Duration
This DPA remains in effect for the duration of our service agreement and continues until all personal data has been deleted or returned.
11.2 Data Return or Deletion
Upon termination, Juno shall, at the Customer's choice:
- Return all personal data to the Customer in a commonly used format
- Securely delete all personal data and provide confirmation
- Continue to store data if required by applicable law
12. Liability and Indemnification
12.1 Mutual Liability
Each party shall be liable for its own compliance with applicable data protection laws and this DPA.
12.2 Indemnification
Juno shall indemnify the Customer against claims arising from our breach of this DPA, subject to the limitations set forth in our Terms of Service.
Data Protection Contact
For all data protection inquiries, requests, or concerns related to this DPA, please contact us:
Email: hello@getjuno.app
Subject Line: "Data Protection Inquiry"
Website: getjuno.app
We will respond to all data protection inquiries within 30 days of receipt.