Privacy Policy

The short version: We collect only what we need to run Adjurn. We do not sell your data. We do not share it with advertisers. Your client data is yours. You can delete everything at any time.

The sections below provide the full detail required under UK GDPR and EU GDPR. Please read them carefully.

Table of Contents

01Who We Are 02What Data We Collect 03How We Collect Data 04How We Use Your Data 05Legal Bases for Processing 06Data Retention 07Data Sharing & Third Parties 08International Data Transfers 09Security Measures 10Cookies & Tracking 11Your Rights (GDPR) 12Children's Privacy 13Turkish Users (KVKK) 14Changes to This Policy 15Contact & Complaints

Who We Are — Data Controller

Adjurn ("Adjurn", "we", "us", "our") is the data controller responsible for your personal data as described in this Privacy Policy. We operate the Adjurn web application and platform accessible at adjurn.app and associated subdomains.

Contact: info@adjurn.app | Governing law: England and Wales | Applicable frameworks: UK GDPR, EU GDPR, KVKK (Turkey), Data Protection Act 2018

What Data We Collect

We collect the following categories of personal data:

Account & Registration Data

Data	Purpose	Required
Name, Email	Account identification and login	Yes
Password (hashed)	Authentication — secure bcrypt hash, never plaintext	Yes
Phone number	2FA verification and account security	Optional
Firm name, Profile photo	Profile display and personalisation	Optional
Jurisdiction & practice area	Personalised legal news and content	Optional

Usage & App Data

Tasks and deadlines you create
Billing entries including time logs, rates, and client references
Invoice data including firm details, VAT numbers, and amounts
Income records and disbursements tracked
Uploaded files such as receipts and attachments
App preferences including language, theme, and settings

Technical Data

Browser, OS, and device type
IP address (for security, not tracking)
Session and authentication tokens
Request logs (retained 90 days for security)

How We Collect Your Data

Directly: Registration, profile completion, creating tasks, uploading files
Automatically: Technical data collected when you access the Service
Via Google OAuth: When you sign in with Google
Via 2FA providers: Phone number passed to OTP service for verification codes only

How We Use Your Data

Purpose	Data Used
Account management & authentication	Account data, passwords, 2FA tokens
Providing core Service features	All app data you enter
Personalisation (news, terms, court directory)	Jurisdiction, practice area, language
Transactional communications	Email, phone, OTP codes
Push notifications & reminders	Device tokens, reminder content
Payment processing	Handled by Apple/Google — we don't process cards
Security & fraud prevention	IP address, request logs, technical data
Service improvement (anonymised only)	Aggregated patterns — never individual data

We do NOT use your data for advertising, profiling, or selling to third parties.

Legal Bases for Processing (UK & EU GDPR)

Contract performance: Providing the Service you contracted for
Legal obligation: Compliance with UK/EU law
Legitimate interests: Security, fraud prevention, service improvement (balanced against your rights)
Consent: Optional features and communications (you can withdraw anytime)

Data Retention

Data Category	Retention Period
Account & profile data	Life of account + 30 days, then permanently erased
App data (tasks, billing, invoices)	Life of account, permanently erased on deletion
Server request logs	Up to 90 days, then automatically deleted
Authentication tokens	Per session or 30 days max; revoked on logout
Backup copies	Up to 30 days, then overwritten
Support correspondence	Up to 2 years (for audit & complaints)

Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We share data only in these limited circumstances:

Service Providers (Data Processors)

Provider	Purpose	Data Shared
Cloud hosting (Hetzner)	Server infrastructure	All app data
Email delivery	Verification & password reset	Email, OTP codes
SMS/OTP provider	2FA verification codes	Phone number, OTP code
Google OAuth	Sign-in authentication	Google profile data
Apple	Authentication & payments	Apple account data (payment via Apple)

Legal Disclosure & Transfers

May disclose when required by law, court order, or regulatory authority
May transfer to successor entity if Adjurn is acquired or merged
No sharing with advertising networks, data brokers, or marketing platforms

International Data Transfers

Primary servers are in the EEA or jurisdictions with adequate data protection. For transfers outside UK/EEA, we use:

Standard Contractual Clauses (SCCs) approved by UK ICO or EC
Adequacy decisions by UK Government or EC
Other lawful mechanisms under UK GDPR Chapter V

Security Measures

Encryption in transit: TLS (HTTPS) for all data transmission
Encryption at rest: Bcrypt hashing for passwords; encrypted infrastructure for app data
Access control: Restricted to authorised personnel only
Security headers: CSP, HSTS, X-Frame-Options, and others
Two-Factor Authentication: Available and strongly recommended
Rate limiting: Brute-force attack prevention
Regular backups: Minimising data loss risk

No security system is impenetrable. Data breaches will be reported to you and the ICO within 72 hours as required by UK GDPR.

Cookies & Tracking

Adjurn uses minimal cookies and storage, strictly necessary for Service functionality:

Authentication token (localStorage): Keeps you logged in between sessions (up to 30 days)
Session storage: Temporary UI state, cleared on tab close
Service Worker cache: Offline/PWA functionality

No third-party advertising cookies, tracking pixels, Google Analytics, or cross-site tracking. The Service does NOT track you across the web.

Your Rights — UK & EU GDPR

You have the following rights (we respond within 1 calendar month for verified requests):

📋 Right of Access

Request a copy of your personal data (Subject Access Request)

✏️ Right to Rectification

Request correction of inaccurate or incomplete data

🗑️ Right to Erasure

Request deletion of your data ("right to be forgotten")

⏸️ Right to Restriction

Request we restrict processing of your data

📦 Right to Portability

Receive your data in machine-readable format (.ics, CSV, etc.)

🚫 Right to Object

Object to processing based on legitimate interests

🤖 Automated Decisions

Rights regarding automated processing (we don't use profiling)

🔄 Withdraw Consent

Withdraw consent anytime without affecting prior processing

Exercise rights by contacting info@adjurn.app with "Data Rights Request" in subject. Lodge complaints with the Information Commissioner's Office (ICO): ico.org.uk | 0303 123 1113

Children's Privacy

The Service is not directed at children under 18. We do not knowingly collect data from anyone under 18. If you believe we have, please contact info@adjurn.app.

Turkish Users — KVKK Compliance

For users in Turkey, processing is subject to KVKK (Law No. 6698). Under KVKK Article 11, you have rights to know whether data is processed, request information, learn purposes, discover third-party transfers, request correction/deletion, object to automated processing, and claim damages. Exercise rights via info@adjurn.app.

Changes to This Privacy Policy

We may update this Policy to reflect practice or law changes. Material changes are communicated by email or prominent in-app notice at least 30 days before taking effect. Continued use constitutes acceptance.

Contact & Complaints

Email: info@adjurn.app (include "Privacy" in subject) | In-app support: Premium users via Settings | Website: adjurn.app

We respond to privacy enquiries within 5 business days. For Subject Access Requests, we respond within 1 calendar month as required.

Information Commissioner's Office (ICO): ico.org.uk | 0303 123 1113 | Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Adjurn Privacy Policy - Legal App for Lawyers