Legal
Privacy Policy
Last updated: May 2026
Jarel is built for legal professionals who handle sensitive data every day. This Privacy Policy explains how we collect, use, and protect your personal data in plain language. For GDPR-specific rights and legal bases, see sections 5 and 9.
1. Who We Are
Bizlution AB ("Jarel", "we", "us") is the data controller for personal data processed through the Jarel platform. Bizlution AB is incorporated in Sweden and headquartered in Gothenburg. Our primary contact for data protection matters is privacy@jarel.se.
2. What Data We Collect
We collect information you provide directly: name, work email address, organization name, and role. We also collect data created through your use of the Service, including documents you upload, AI queries and responses, audit log entries, and usage metrics (session duration, feature interactions). We collect technical data such as IP address, browser type, and device identifiers for security and performance purposes.
3. How We Use Your Data
We use your data to: (a) provide and operate the Service; (b) authenticate your identity and authorize access; (c) generate AI-powered analysis and document outputs in response to your requests; (d) maintain audit logs for security and compliance; (e) send transactional communications (access invites, security alerts); (f) improve the reliability and performance of the Service. Customer documents and prompts are not used to train Jarel models.
4. Your Documents and AI Queries
Documents you upload and queries you submit are processed to provide the Service. They are stored securely, encrypted at rest (AES-256) and in transit (TLS 1.2+). Model-provider processing is configured not to train on customer content where supported by provider terms. Jarel employees do not access your documents except where required for support with your explicit consent.
5. Legal Basis for Processing (GDPR)
For users in the European Economic Area, we process your data on the following legal bases: (a) Contract — processing necessary to provide the Service; (b) Legitimate interests — security monitoring, fraud prevention, and service improvement; (c) Legal obligation — compliance with applicable laws. Where we rely on legitimate interests, you have the right to object to that processing.
6. Data Sharing
We share data only with: (a) your organization's administrator, who manages your account; (b) subprocessors who help us deliver the Service (listed on our Security page); (c) law enforcement or regulators where required by law. We do not sell personal data. A full subprocessor list is available at jarel.se/security or on request.
7. Data Retention
We retain your personal data for as long as your organization's account is active. Upon account termination, personal data is deleted within 90 days, except where retention is required by law. Anonymized usage statistics may be retained indefinitely. You may request deletion of your data at any time by contacting privacy@jarel.se.
8. Data Residency
EU residency is the default public position. Additional residency options, including US or UK, are discussed only for eligible enterprise deployments when enabled. Cross-region transfers are handled through appropriate transfer safeguards where required.
9. Your Rights
Under GDPR and applicable Swedish law, you have the right to: access your personal data; correct inaccurate data; request deletion ("right to be forgotten"); restrict or object to processing; receive your data in a portable format; withdraw consent at any time. To exercise any of these rights, contact privacy@jarel.se. You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY) at imy.se.
10. Cookies
We use strictly necessary cookies to authenticate sessions and maintain security. With your consent, we may use analytics and campaign-measurement cookies to understand site performance and marketing effectiveness. You can manage cookie preferences through your browser settings or our cookie consent interface.
11. Security
We implement security-conscious measures including encryption at rest and in transit, multi-factor authentication options, role-based access controls, and audit logs for review where available. For a detailed description of our security practices, see our Security Policy at jarel.se/security.
12. Children's Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately at privacy@jarel.se.
13. Mobile App
The Jarel iOS and Android apps process the same categories of data described above. In addition: (a) Microphone — when you initiate a voice query or dictation, the app captures audio on-device; audio is sent to our speech-to-text provider and is not retained after transcription unless you explicitly save it; (b) Speech Recognition — Apple's on-device speech recognition may be used and is governed by Apple's privacy terms; (c) Push Notifications — if you grant permission, your device's push token is stored to deliver alerts (security events, completion notifications); you can revoke this in iOS/Android settings at any time; (d) Local storage — auth tokens and cached content are stored in the iOS Keychain / Android Keystore and the app sandbox. The mobile app does not use third-party analytics, advertising SDKs, or cross-app tracking. We do not access your contacts, photos, or location.
14. Changes to this Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-product notification at least 30 days before they take effect. The date of the most recent revision appears at the top of this page.
15. Contact
For privacy questions, data subject requests, or DPA enquiries, contact privacy@jarel.se or write to: Bizlution AB, Gothenburg, Sweden. We aim to respond to all requests within 72 hours and to resolve them within 30 days.
Questions about this policy? Contact privacy@jarel.se. See also our Terms of Service and Security Policy.