Privacy Policy for Junovy

1. Introduction & Data Controller

Welcome to Junovy, a registered business in Amsterdam, The Netherlands with KvK number 71813977. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website https://junovy.com or use our services.

Junovy is the data controller responsible for your personal data under the General Data Protection Regulation (GDPR).

Registered Address: Waalstraat 78-2, 1079 EA Amsterdam, The Netherlands
KvK Number: 71813977
Privacy Contact: privacy@junovy.com

2. Information We Collect

We collect information that you provide directly to us and information automatically collected when you use our website or services.

2.1 Personal Data You Provide

When you use our contact form, sign up for services, or communicate with us, we may collect:

• Full name
• Email address
• Phone number (if provided)
• Company name (if applicable)
• Message content and project details
• Any other information you choose to provide

2.2 Automatically Collected Data

• IP address
• Browser type and version
• Device information
• Pages visited and time spent on pages
• Referring website
• Date and time of visit

2.3 Hosting Client Data

If you use our hosting or infrastructure services, we may also process:

• Server access logs and system logs
• Domain and DNS configuration data
• SSH keys and access credentials (encrypted)
• Backup data as specified in your service agreement
• Technical support communications

2.4 Junovy Business Suite Data

If you use any Junovy Business Suite services (Cloud Storage, Team Chat, Talk, Office, or Sites), we process additional data specific to those services. For detailed information about data collection and retention per service, please see our Service Description.

3. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent (Article 6(1)(a)): When you submit a contact form or subscribe to communications, you provide explicit consent for us to process your data.
• Legitimate Interests (Article 6(1)(f)): To respond to your inquiries, improve our services, maintain website and infrastructure security, and conduct automated malware scanning of uploaded files to protect the platform and all users.
• Contractual Necessity (Article 6(1)(b)): When processing is necessary to fulfill a contract or provide hosting, development, or consulting services you've requested.
• Legal Obligation (Article 6(1)(c)): When required by law (e.g., tax records, accounting).

4. How We Use Your Data

Junovy uses your personal data for the following purposes:

• To respond to your inquiries and provide customer support
• To provide web hosting, DevOps consulting, and application development services
• To manage your hosting infrastructure and maintain service availability
• To deliver Junovy Business Suite services (see Service Description)
• To send you updates about your projects, services, and scheduled maintenance
• To improve our website and user experience
• To send marketing communications (only with your consent)
• To analyze website usage and performance
• To comply with legal obligations and prevent fraud
• To maintain website and infrastructure security and protect against threats
• To perform automated malware scanning of uploaded files to protect the security of the platform and its users (see Section 4a below)

4a. Automated File Scanning

To protect the security and integrity of our platform and all users, we perform automated malware scanning on all files uploaded to Junovy Business Suite services (including Cloud Storage, Team Chat, and Office).

4a.1 What We Scan and How

All uploaded files are scanned using ClamAV, an open-source antivirus engine. Scanning is signature-based only: files are compared against a database of known malware signatures. We do not perform content analysis, classification, or profiling of your files. The scanning process is fully automated with no human review of file contents.

4a.2 Legal Basis

We process this data under the following legal bases:

• Legitimate Interests (Article 6(1)(f) GDPR): Protecting the platform, its infrastructure, and all users from malware and security threats. We have conducted a balancing test and determined that the security interest outweighs the minimal privacy impact, given that only signature matching is performed and no file content is analysed or stored.
• Security Obligation (Article 32 GDPR): As a data processor and controller, we are required to implement appropriate technical measures to ensure a level of security appropriate to the risk. Malware scanning is an essential component of this obligation.

4a.3 What Happens When Malware Is Detected

When a file is identified as containing malware:

• The file is quarantined (prevented from being accessed or downloaded by other users)
• The uploading user is notified by email with the file name and the detected threat type
• Quarantined files are automatically deleted after 30 days unless a successful appeal is made
• A scan log entry is retained for 90 days for security audit purposes, containing the file name, hash, scan result, and timestamp (no file content is stored)

4a.4 False Positive Appeals

If you believe a file has been incorrectly flagged as malware, you may appeal by contacting security@junovy.com within 30 days of the notification. Please include:

• The file name and the notification you received
• A description of the file and its intended use

We will review the file manually within 5 business days and notify you of the outcome. If the appeal is successful, the file will be restored to your account.

4a.5 Data Protection Impact Assessment

We have conducted a Data Protection Impact Assessment (DPIA) for our file scanning activities in accordance with Article 35 GDPR. The DPIA is available at DPIA: File Scanning.

5. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and provide you with better services.

5.1 Types of Cookies We Use

• Necessary Cookies: Required for basic website functionality, including session management, security, and cookie consent preferences.
• Functional Cookies: Enable enhanced functionality such as live chat support and user experience features.
• Analytics Cookies: Help us understand how visitors interact with our website (currently not in use).
• Marketing Cookies: Used for advertising and targeting purposes (currently not in use).

5.2 Cookie Management

You have full control over your cookie preferences. You can:

• Manage your cookie preferences through our Cookie Declaration page
• Control cookies through your browser settings
• Delete existing cookies at any time

Note: Disabling necessary cookies may affect website functionality. For detailed information about all cookies we use, please visit our Cookie Declaration.

6. Data Sharing & Third Parties

We do not sell your personal data. We share information only with carefully selected third-party processors who assist in operating our services, all of whom are required to comply with GDPR and maintain appropriate security measures.

6.1 Third-Party Data Processors

The following organisations process personal data on our behalf:

• Hetzner Online GmbH (Gunzenhausen, Germany) — Cloud infrastructure and DNS hosting. All core service data is stored on Hetzner servers within the EU. A Data Processing Agreement is in place under Article 28 GDPR.
• OVHcloud SAS (Roubaix, France) — AI inference for Juno AI Assistant. User prompts are sent to OVHcloud AI Endpoints for processing and are not stored after the response is returned. All processing occurs within the EU. A Data Processing Agreement is in place under Article 28 GDPR.
• Mailjet SAS (Sinch Group) (Paris, France) — Transactional email delivery (account notifications, password resets, service communications). Processes recipient email addresses and message content. A Data Processing Agreement is in place under Article 28 GDPR.
• Internet Security Research Group (ISRG) (San Francisco, USA) — Issues SSL/TLS certificates via Let's Encrypt. Processes domain names only; no personal data is shared.

6.2 Self-Hosted Services

Collabora Online (used for document editing in Junovy Office) is self-hosted on Junovy infrastructure. It does not receive or store data independently and is not a third-party data processor.

For a detailed breakdown of processors per service, see our Service Description.

7. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• EU Standard Contractual Clauses
• Adequacy decisions by the European Commission
• Data processing agreements with GDPR-compliant providers

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Contact Form Submissions: Retained for 2 years after last contact, unless a business relationship is established.
• Client Project Data: Retained for the duration of the project plus 7 years for legal and accounting purposes.
• Hosting Service Data: Retained for the duration of the service agreement plus 30 days, unless longer retention is required for backups or legal purposes.
• Server Logs: Retained for 90 days for security and troubleshooting purposes.
• Email Correspondence: Retained for 3 years after last communication.
• Analytics Data: Anonymized after 14 months.
• Malware Scan Logs: Scan metadata (file name, hash, result, timestamp) is retained for 90 days. Quarantined files are deleted after 30 days unless a successful appeal is made.
• Junovy Business Suite Data: Retention varies by service. See our Service Description for details.

9. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

• Right of Access (Article 15): Request a copy of the personal data we hold about you.
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.
• Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten").
• Right to Restrict Processing (Article 18): Request that we limit how we use your data.
• Right to Data Portability (Article 20): Request your data in a structured, machine-readable format.
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

To exercise any of these rights, please contact us at privacy@junovy.com. We will respond to your request within 30 days.

For a plain-language explanation of your rights, see Your Rights.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for data transmission
• Secure server infrastructure with regular security updates
• Access controls and authentication mechanisms
• Encrypted storage for sensitive credentials
• Automated malware scanning of all uploaded files (see Section 4a)
• Regular security assessments and monitoring
• Automated backup systems with encryption

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the Dutch Data Protection Authority within 72 hours and inform affected individuals without undue delay, as required by GDPR Article 33 and 34.

12. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately, and we will delete the information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

Junovy
Waalstraat 78-2
1079 EA Amsterdam
The Netherlands

KvK: 71813977
Privacy Inquiries: privacy@junovy.com
General Contact: Contact Form
All Privacy Documents: Privacy Center

Back to Home