Janus

Privacy Policy

Introduction

This Privacy Policy ("Policy") governs the collection, use, and protection of personal data by Janus ("Company," "we," "us") through our AI-powered consulting platform designed for document retrieval, RFQ response generation, market analysis, and project management tools. By accessing our Services, you consent to the practices described herein, which comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other global privacy frameworks.

Key Commitments

  • We do not train AI models on customer data without explicit opt-in consent
  • All data transmissions use TLS 1.2+ encryption with AES-256 at rest
  • Retention periods vary by data type, with user-controllable deletion workflows

1. Data Collection and Categories

1.1 Directly Collected Information

We process:

  • Account Data: Full name, business email, job title, and corporate affiliation during registration
  • Operational Inputs: Presentation files, RFQ responses, project briefs, and communication transcripts uploaded to the platform
  • Usage Metadata: IP addresses, device identifiers, API call logs, and feature interaction patterns stored for 90 days

1.2 Automatically Collected Data

Our systems gather:

  • Performance Metrics: Response latency, error rates, and resource utilization statistics
  • Behavioral Signals: Slide editing patterns, template reuse frequency, and collaboration dynamics through Google Analytics with anonymization
  • System Diagnostics: Crash reports and stability indicators via Sentry.io

1.3 Third-Party Sources

We integrate with:

  • Enterprise SSO Providers: Azure AD, Okta, and Ping Identity for authentication data
  • Cloud Storage: Microsoft OneDrive, Google Drive, and Box for document synchronization
  • Payment Processors: Stripe and PayPal for billing information processed externally

2. Purposes and Legal Bases for Processing

2.1 Contractual Necessity

Processing occurs to:

  • Execute user-initiated analyses (GDPR Article 6(1)(b))
  • Maintain project version histories for audit trails
  • Deliver real-time collaboration features across distributed teams

2.2 Legitimate Interests

We analyze:

  • Feature usage patterns to prioritize product roadmaps
  • Support ticket trends to optimize response workflows
  • Security logs to detect brute-force attacks

2.3 Consent-Driven Activities

With explicit opt-in:

  • Beta testing new AI models with anonymized data
  • Sharing de-identified market insights with research partners

3. Data Sharing and International Transfers

3.1 Service Providers

We engage:

  • AWS: Hosts primary infrastructure in Frankfurt (EU) and Virginia (US) regions
  • OpenAI: Processes natural language queries under DPA with strict input/output logging
  • Zendesk: Manages support tickets with end-to-end encryption

3.2 Legal Disclosures

Data may be disclosed:

  • To regulatory bodies under EU Directive 2016/680 for anti-fraud investigations
  • During M&A activities under confidentiality agreements

3.3 Cross-Border Transfers

We implement:

  • EU Standard Contractual Clauses for US-based vendors
  • UK International Data Transfer Agreement for post-Brexit data flows
  • Annual Transfer Impact Assessments evaluating third-country surveillance risks

4. Security Safeguards

4.1 Technical Measures

  • Encryption: AES-256 for storage, TLS 1.3 for data in motion
  • Access Controls: Role-based permissions with Just-In-Time privilege escalation
  • Anonymization: Differential privacy in aggregated analytics datasets

4.2 Organizational Protocols

  • SOC 2 Type II audited controls for change management and incident response
  • Breach Response: 72-hour GDPR notification framework with forensic containment procedures
  • Employee Training: Quarterly cybersecurity workshops and phishing simulations

5. Data Subject Rights

5.1 Access & Portability

Users may:

  • Export project histories as structured JSON via self-service portal
  • Retrieve API call logs covering 12-month periods

5.2 Correction & Restriction

  • Edit inaccurate client contact details through profile settings
  • Temporarily freeze data processing during dispute resolution

5.3 Deletion & Objection

  • Remove account data with 30-day reversible deletion
  • Opt out of non-essential processing like feature usage tracking

5.4 Automated Decisions

  • Request human review of AI-generated content classifications
  • Disable predictive project timeline suggestions

6. Data Retention Framework

Data TypeRetention PeriodDeletion Trigger
Active Projects5 yearsAccount termination
Archived Projects10 yearsLegal hold expiration
Audit Logs3 yearsRegulatory requirement sunset
Marketing Opt-OutsIndefiniteGlobal privacy law updates

7. Cookie Policy

7.1 Essential Cookies

  • Session_ID: Maintains authentication state with 15-minute timeout
  • CSRF_Token: Prevents cross-site request forgery attacks

7.2 Analytical Cookies

  • GA4: Tracks feature adoption rates with IP anonymization
  • Hotjar: Records UI interaction heatmaps (opt-in required)

7.3 Management

Use browser settings or our Cookie Dashboard to update preferences, noting that disabling essentials may break functionality.

8. Policy Updates

We notify changes via:

  • In-App Banners: 30 days before non-material amendments
  • Email Alerts: For substantive changes affecting data rights
  • Version Tracking: Access revision history at our Privacy Policy Changelog

9. Contact Information

Contact information will be added soon.

Last Updated: May 9, 2025

Effective Date: June 1, 2025