PRIVACY NOTICE
Last Updated: 2026-06-12
This Privacy Notice explains how genjury ("we," "us," or "our"), operated by Malte Hedderich, processes personal data when you use our services ("Services"), including our public website, waitlist, web application, API, and customer response simulation features.
We are the data controller. Our contact details are in Section 16.
SUMMARY OF KEY POINTS
What personal data do we process? We collect waitlist and account data such as email address, display name from Google or Apple sign-in, customer profile content, product change descriptions, simulation results, billing information processed through Paddle, support messages, server logs, first-party server-side product events, and optional analytics data. Learn more.
Do we use AI? Yes. genjury uses Amazon Web Services (Amazon Bedrock) with Claude models to simulate customer responses, generate profile-grounded reactions, and create aggregated reports. We also use self-hosted Phoenix traces for LLM observability. Learn more.
Where does your personal data go? Core application data is hosted on Google Cloud Platform in europe-west1. Email confirmation uses AWS SES in eu-west-1. Billing is handled by Paddle. Optional analytics uses PostHog EU after consent. Some providers operate globally or outside the EEA under appropriate transfer safeguards. Learn more.
How long do we keep your data? Waitlist data is kept until launch plus a reasonable follow-up period. Account and product data are kept while your account is active. Billing records are retained for statutory periods. Logs, analytics, and LLM observability traces have shorter retention windows. Learn more.
What are your rights? You can access, correct, delete, port, restrict, or object to processing of your personal data. You can also withdraw consent where processing is based on consent and lodge a complaint with a supervisory authority. Learn more.
How do you exercise your rights? Contact us using the details in Section 16 or through the Imprint. We respond within 30 days.
TABLE OF CONTENTS
1. WHAT INFORMATION DO WE COLLECT?
2. HOW DO WE PROCESS YOUR INFORMATION?
3. WHAT LEGAL BASES DO WE RELY ON?
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
5. INTERNATIONAL DATA TRANSFERS
6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
7. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
8. HOW DO WE HANDLE YOUR THIRD-PARTY LOGINS?
9. HOW LONG DO WE KEEP YOUR INFORMATION?
10. HOW DO WE KEEP YOUR INFORMATION SAFE?
11. DO WE COLLECT INFORMATION FROM MINORS?
12. WHAT ARE YOUR PRIVACY RIGHTS?
14. DO WE MAKE UPDATES TO THIS NOTICE?
15. HOW CAN YOU REVIEW, UPDATE, OR DELETE YOUR DATA?
16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
1. WHAT INFORMATION DO WE COLLECT?
Personal data you provide
We collect the following personal data depending on how you interact with the Services:
| Data Category | When Collected | Stored By |
|---|---|---|
| Waitlist email address | When you join the launch waitlist or confirm your email | genjury (Firestore), AWS SES for delivery metadata |
| Account email address | Account registration by email link, Google sign-in, or Apple sign-in | Firebase Authentication, genjury (Firestore) |
| Display name | Provided by Google or Apple during sign-in, or entered in the product | Firebase Authentication, genjury (Firestore) |
| Customer profile content | When you create or edit simulated customer profiles | genjury (Firestore), AI providers when simulation features run |
| Product change descriptions | When you describe a product change to test | genjury (Firestore), AI providers when simulation features run |
| Simulation reactions and reports | When genjury generates profile-level reactions or aggregated reports | genjury (Firestore), AI providers, Phoenix observability |
| Billing name, address, and tax details | When you start a trial or subscribe through Paddle Checkout | Paddle |
| Payment instrument details | When you subscribe through Paddle Checkout | Paddle - never stored on our servers |
| Support or legal inquiry content | When you contact us | genjury systems and email provider used for the request |
Content you create
The core product lets you create customer profiles, describe product changes, run simulations, and review generated reports. Customer profiles may include personal data about real, representative, or synthetic customers if you choose to enter it. Do not submit special category data, children's data, or confidential third-party data unless you have a lawful basis, required notices, and all permissions needed for that use.
Customer profile content and product change descriptions are processed to provide the Services, including AI-powered simulations described in Section 6.
Payment data: Payment information is collected and stored by Paddle, our merchant of record. Your card number, CVV, and related payment details do not pass through our servers. See Paddle's privacy policy: https://www.paddle.com/legal/privacy.
Third-party login data: When you sign in with Google or Apple, we receive only the data described in Section 8. We do not request contacts, friends lists, photos, or other social data.
Information collected automatically
When you visit or use the Services, we automatically collect:
- Server logs: IP address, browser type and version, operating system, referring URL, pages visited, timestamps, request IDs, and HTTP request metadata. These are collected by Cloudflare, Cloudflare Workers, and Google Cloud Run.
- Device and browser data: Screen size, device type, language preference, and similar technical data available from standard browser and HTTP headers.
- Waitlist confirmation metadata: Submission source, token status, confirmation timestamps, SES message ID, and resend count for double opt-in and abuse prevention.
- First-party server-side product events: Account ID, workspace or subscription status, feature actions, simulation and report events, usage-limit counters, timestamps, request IDs, and related technical metadata generated by our backend when you use the product. These events are processed for all users to provide, meter, secure, support, maintain, and improve the Services.
- Analytics data with consent: Basic page views and client-side usage events collected by PostHog EU only when you consent to optional analytics. We do not use session replay, heatmaps, broad autocapture, or marketing pixels for this purpose.
- Authentication and consent records: Current sign-in provider, terms or policy acceptance records where required, and consent choices where a consent mechanism is active.
- AI service metadata: Model identifiers, request timestamps, token counts, run identifiers, error codes, and latency metadata when you use AI simulation features.
- Phoenix LLM observability traces: Prompt and response metadata, token usage, timing, and error details needed to debug and improve AI workflows. These traces can include excerpts of profile, product-change, reaction, or report content.
Google API
Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
2. HOW DO WE PROCESS YOUR INFORMATION?
We process personal data for the following purposes:
| Purpose | Personal Data Used |
|---|---|
| Waitlist signup and launch notifications | Email address, confirmation metadata, source surface |
| Account creation and authentication | Email, display name, authentication tokens, sign-in provider |
| Customer profile creation and management | Profile answers, segment data, customer context, account identifiers |
| Product change simulations and report generation | Customer profiles, product change descriptions, simulation results, report content |
| Subscription billing and invoicing | Email, billing name/address, tax information, Paddle subscription records |
| Service communications | Email, account status, trial or subscription status |
| First-party server-side product events | Account identifiers, workspace or subscription status, product actions, usage counters, request IDs, timestamps, technical metadata |
| Optional product analytics | Page views, client-side usage events, device metadata, pseudonymous user or account identifiers |
| AI workflow debugging and quality monitoring | Run identifiers, model metadata, prompts, responses, traces, errors |
| Security, abuse prevention, and rate limiting | IP address, request metadata, user ID, account status, suspicious activity indicators |
| Legal compliance | Billing records, consent records, account data, lawful request records |
3. WHAT LEGAL BASES DO WE RELY ON?
Under Art. 6 GDPR, we rely on the following legal bases:
| Purpose | Lawful Basis | Explanation |
|---|---|---|
| Waitlist signup and confirmation | Art. 6(1)(a) - Consent | You ask us to contact you about launch access and confirm the request by email. |
| Account creation and authentication | Art. 6(1)(b) - Performance of contract | Necessary to provide the account-based Service. |
| Customer profile management | Art. 6(1)(b) - Performance of contract | Core product functionality you request. |
| Product change simulations and reports | Art. 6(1)(b) - Performance of contract | Necessary to generate the simulation outputs you ask for. |
| Subscription billing | Art. 6(1)(b) - Performance of contract | Necessary to process trials, subscriptions, invoices, and access. |
| Service communications | Art. 6(1)(b) - Performance of contract | Necessary to inform you about account, waitlist, trial, billing, or product status. |
| First-party server-side product events | Art. 6(1)(b) and Art. 6(1)(f) | Contract processing for providing, metering, and supporting the Service; legitimate interest for service quality, debugging, product improvement, and abuse prevention. |
| Optional analytics | Art. 6(1)(a) - Consent | Processed only when you accept optional analytics. You can withdraw consent at any time. |
| AI workflow debugging and service quality | Art. 6(1)(f) - Legitimate interest | Our legitimate interest in operating, debugging, securing, and improving the AI service. |
| Security, abuse prevention, and rate limiting | Art. 6(1)(f) - Legitimate interest | Our legitimate interest in protecting the Service and its users from abuse. |
| Legal compliance | Art. 6(1)(c) - Legal obligation | Required by applicable law, including tax and lawful request obligations. |
Withdrawing consent: Where processing is based on consent, you can withdraw it at any time. This does not affect processing before withdrawal. For waitlist or launch-email consent, contact us. For analytics consent, use the consent controls where available or clear your browser's site data.
4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL DATA?
We share personal data with processors and service providers that help us operate the Services. We do not sell personal data.
| Provider | Role | Personal Data Shared | Location | DPA / Transfer Basis |
|---|---|---|---|---|
| Google Cloud Platform (Cloud Run, Firestore, Cloud Tasks, Secret Manager) | Infrastructure, API runtime, database, task orchestration | Account, waitlist, profile, simulation, report, logs, and service metadata | EU (europe-west1) |
Google Cloud DPA, SCCs where needed |
| Firebase Authentication | User authentication | Email, display name, auth tokens, sign-in provider | EU or configured Google processing regions | Google Cloud DPA, SCCs where needed |
| Cloudflare | Frontend hosting, Workers, CDN, security, DDoS protection | IP address, request headers, traffic metadata, site interaction metadata | Global edge network | Cloudflare DPA, SCCs |
| AWS SES | Transactional email delivery | Email address, confirmation link metadata, delivery metadata | EU (eu-west-1) |
AWS DPA |
| AWS Bedrock / Anthropic Claude | AI simulation and report generation | Customer profiles, product change descriptions, prompts, outputs, model metadata | EU AWS regions where configured | AWS DPA |
| Paddle | Merchant of record, checkout, billing, taxes | Email, billing name/address, payment details, subscription metadata | UK, EEA, US, and other Paddle processing locations | Paddle DPA, SCCs / adequacy where applicable |
| PostHog EU | Consent-based product analytics | Basic page views, usage events, device metadata, pseudonymous identifiers | EU (eu.i.posthog.com) |
PostHog DPA |
| Phoenix (self-hosted) | LLM observability | AI run metadata, prompt and response traces, token usage, errors | Same controlled hosting environment as configured for the product | Internal / processor configuration as applicable |
| Google and Apple | Third-party authentication providers | Sign-in request metadata, email and display name returned to us | Provider-controlled locations | Provider terms and transfer safeguards |
We may also disclose personal data if required by law, court order, or competent authority, or in connection with a merger, acquisition, financing, reorganization, or sale of assets. Where legally required, we will notify affected users.
5. INTERNATIONAL DATA TRANSFERS
Your personal data is primarily processed in the EEA or nearby European regions:
- Google Cloud Run and Firestore:
europe-west1 - AWS SES:
eu-west-1 - PostHog: EU ingestion host
eu.i.posthog.com - AWS Bedrock: European AWS regions where configured for the simulation workloads
Some providers operate globally or outside the EEA:
| Provider | Transfer Mechanism |
|---|---|
| Cloudflare | SCCs and global edge processing safeguards |
| Paddle | UK adequacy, SCCs, and applicable transfer safeguards |
| Google / Firebase | Google Cloud DPA, SCCs, and applicable transfer safeguards |
| Apple | Provider transfer safeguards for Apple sign-in |
| AWS | AWS DPA and applicable transfer safeguards |
Where we rely on Standard Contractual Clauses or similar safeguards, we also use technical and organizational measures such as encryption in transit, access controls, provider security controls, and limited-purpose processing.
6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
Yes. genjury uses AI to simulate how customer profiles may respond to product changes and to generate aggregated reports.
AI Service Providers
| Provider | Purpose | Content Processed | Location |
|---|---|---|---|
| Amazon Web Services (Amazon Bedrock) | Customer profile assistance, simulation reactions, report generation | Customer profile content, product change descriptions, prompts, model outputs | EU AWS regions where configured |
| Phoenix (self-hosted) | LLM observability and debugging | Prompt and response traces, run metadata, token usage, errors | Same controlled hosting environment as configured for the product |
How It Works
- Customer profiles: You create structured profiles that may describe customer demographics, goals, values, objections, habits, or switching costs.
- Product changes: You describe a pricing change, redesign, feature launch, feature removal, or similar product decision.
- Simulations: genjury sends relevant profile and product-change context to AI models to generate profile-grounded reactions.
- Reports: genjury aggregates reactions into reports about likely objections, churn risk, positive signals, and mitigation ideas.
- Observability: Phoenix traces help us debug model behavior, latency, failures, and output quality.
Safeguards
- We do not intentionally send account passwords, card numbers, or Paddle payment instrument details to AI providers.
- We do not enable training on your content with AI providers where provider controls allow us to disable it.
- We keep AI requests limited to the content needed for the feature you use.
- We log run identifiers and operational metadata so we can debug failures without relying on unrelated personal data.
Your responsibility: Do not include special category data, children's data, or third-party confidential information in profiles or product-change descriptions unless you have the rights, notices, and lawful basis required for that use.
7. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
We use cookies and similar client-side storage technologies. Details about each technology, its purpose, retention, and whether it requires consent are in our separate Cookie Policy.
In summary:
- Strictly necessary: Authentication, security, session continuity, checkout continuity, and consent-preference storage where applicable. These do not require consent under the ePrivacy rules.
- Optional analytics: PostHog analytics identifiers are used only after valid consent. You can withdraw consent at any time where consent controls are available.
- Third-party checkout and login: Paddle, Google, and Apple may set their own cookies or similar technologies on their own domains during checkout or sign-in.
8. HOW DO WE HANDLE YOUR THIRD-PARTY LOGINS?
The Services allow you to register or sign in using Google or Apple.
When you sign in with Google, we receive:
- Your email address, verified by Google
- Your display name, if provided by Google
When you sign in with Apple, we receive:
- Your email address, which may be a private relay address if you use Apple's "Hide My Email"
- Your first and last name, only if Apple provides it during initial sign-in
We do not receive your friends list, contacts, photos, or other account data beyond the fields above. We request only the scopes needed for account creation and authentication.
You can revoke access through your Google or Apple account settings:
- Google: https://myaccount.google.com/permissions
- Apple: Apple ID settings, Sign in with Apple
Provider privacy policies:
9. HOW LONG DO WE KEEP YOUR INFORMATION?
| Data Category | Retention Period | Trigger for Deletion |
|---|---|---|
| Waitlist email and confirmation metadata | Until launch plus up to 12 months | Launch follow-up completion, withdrawal, or deletion request |
| Account data | Duration of account | Account deletion or inactivity policy |
| Customer profiles | Duration of account | User deletion, account deletion, or applicable workspace deletion |
| Product changes, simulation reactions, and reports | Duration of account | User deletion, account deletion, or applicable workspace deletion |
| Firebase Authentication record | Duration of account | Deleted when the account is deleted |
| Paddle billing and invoice records | Up to 10 years after the transaction | Required by tax and accounting law |
| First-party server-side product events | Up to 12 months unless needed for security, billing, support, or legal reasons | Automatic expiry, account deletion, or investigation closure |
| Server logs and audit logs | Up to 30 days unless needed for security investigation | Automatic rotation or investigation closure |
| PostHog analytics data, if consented | Up to 12 months | Automatic expiry per analytics retention settings |
| Phoenix LLM observability traces | Up to 90 days | Automatic expiry or manual deletion during incident handling |
| Legal request and dispute records | As long as needed for the request or dispute and statutory limitation periods | Closure of the matter and expiry of retention obligations |
When you delete your account, we delete or anonymize account content unless retention is required for billing, legal compliance, security, fraud prevention, or dispute handling. Billing records retained by Paddle are subject to Paddle's retention policy and applicable law.
10. HOW DO WE KEEP YOUR INFORMATION SAFE?
We implement security measures appropriate to the risk, including:
- Encryption: TLS for data in transit. Firestore, Cloud Run, Cloudflare, AWS, and Paddle provide encryption at rest according to their platform controls.
- Access control: Cloud Run IAM restricts backend invocation. Firestore access is routed through backend services and ownership checks.
- Network security: Cloudflare provides CDN, DDoS protection, and security controls for public routes.
- Secret handling: Runtime secrets are stored in Google Secret Manager or managed provider systems.
- Least privilege: Service accounts and deployment identities are scoped to the access needed for their role.
- Operational logging: Request IDs and structured logs support debugging without intentionally logging full sensitive profile content.
No system is 100% secure. If you discover a vulnerability, contact us using the details in Section 16.
11. DO WE COLLECT INFORMATION FROM MINORS?
We do not knowingly collect data from, or market to, anyone under 18 years of age. If we learn that we have collected personal data from a minor under 18, we will delete the account and associated data. Contact us if you believe we have collected data from a minor.
12. WHAT ARE YOUR PRIVACY RIGHTS?
If you are in the EEA, UK, or Switzerland, you have the following rights under GDPR and equivalent laws:
| Right | What It Means | How to Exercise |
|---|---|---|
| Access (Art. 15) | Request a copy of your personal data | Contact us using Section 16 |
| Rectification (Art. 16) | Correct inaccurate data | Update it in-app where available or contact us |
| Erasure (Art. 17) | Delete your personal data | Delete it in-app where available or contact us |
| Restriction (Art. 18) | Limit how we process your data | Contact us using Section 16 |
| Data portability (Art. 20) | Receive your data in a structured, machine-readable format | Contact us using Section 16 |
| Object (Art. 21) | Object to processing based on legitimate interest | Contact us using Section 16 |
| Withdraw consent | Revoke consent for waitlist emails or analytics | Use available controls or contact us |
Response timeline: We will respond to your request within 30 days. If we need more time due to complexity, we will notify you within the initial 30 days and may extend by up to 60 additional days.
Identity verification: We may need to verify your identity before processing your request. We usually do this using the email address associated with your waitlist entry or account.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. For users in Germany, this is:
Der Hessische Beauftragte fuer Datenschutz und Informationsfreiheit Postfach 3163, 65021 Wiesbaden, Germany https://datenschutz.hessen.de
You may also contact the supervisory authority in your country of residence.
13. AUTOMATED DECISION-MAKING
genjury uses AI to generate simulated customer reactions and aggregated reports about product changes. These outputs assess likely customer response to a product decision. They do not decide your legal rights, creditworthiness, employment, access to essential services, or eligibility for the genjury Service.
This is not automated decision-making about you as a person within the meaning of Art. 22 GDPR. You can review, disregard, revise, or rerun simulation outputs. The outputs support product decision-making and do not replace human judgment, live user research, or legal compliance review.
14. DO WE MAKE UPDATES TO THIS NOTICE?
We may update this Privacy Notice when our processing activities, service providers, product features, or legal requirements change. The updated version will show a new "Last Updated" date.
For material changes that affect how we process personal data, your privacy rights, or international transfers, we will provide reasonable notice where practicable, for example by email or in-app notice. For other updates, we may publish the revised version on this page.
We encourage you to review this notice periodically.
15. HOW CAN YOU REVIEW, UPDATE, OR DELETE YOUR DATA?
- Waitlist data: Contact us to request access, correction, withdrawal, or deletion of your waitlist entry.
- Account data: Use account settings where available, or contact us.
- Customer profiles, product changes, simulations, and reports: Use product deletion controls where available, or contact us.
- Data export: To request a machine-readable export of your personal data, contact us using the details below.
16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
If you have questions or want to exercise your rights, contact us at:
Malte Hedderich Friedensstr. 4 61476 Kronberg im Taunus Germany
Email: Contact email is loading...