Privacy Policy

1. Controllers and Contact

Justido Solutions ("we," "us," or "our") provides AI receptionist and automation services for home services businesses through two legal entities. Justido GmbH (Kurfürstendamm 37, 10719 Berlin, Germany — Handelsregister Amtsgericht Charlottenburg, HRB 250605 B, USt-IdNr. DE285976038) is the data controller for visitors and customers in the EU/EEA, the United Kingdom, and Switzerland — privacy contact: privacy@justido.de. Justido LLC (251 Little Falls Drive, City of Wilmington, Delaware 19808, USA) is the data controller for visitors and customers in the United States — privacy contact: privacy@justidosolutions.com. Full entity details are available on our Impressum. Our website: https://www.justidosolutions.com.

Scope. When we provide our paid Services to a business customer, the personal data of that customer's end-users and callers is processed by us as a processor on the customer's behalf under our Data Processing Agreement (DPA). For that processing, the customer is the controller and its own privacy notice applies. This Policy covers the personal data for which Justido is itself the controller — website visitors, prospects, and the business contacts of our customers.

We have not appointed a statutory Data Protection Officer; you may contact us at the addresses above on any privacy matter.

2. Information We Collect

We collect personal data in the following categories: (a) Website & log data — IP address, device and browser metadata, pages viewed, and similar usage data; (b) Inquiry data — name, email, company, phone, and message content when you contact us, request a demo, or interact with our AI receptionist demo in your browser; (c) Account & customer data — business contact details, account configuration, and support records; (d) Billing data — billing contact and payment details processed by our payment providers; (e) Marketing data — preferences and engagement, where you have opted in; (f) Service end-user data — processed only as a processor on our customers' behalf, under the DPA.

3. Purposes and Legal Bases (GDPR Art. 6(1))

We process personal data on the following legal bases: operating and securing our website — legitimate interests (Art. 6(1)(f) GDPR); responding to inquiries and taking pre-contract steps — pre-contractual measures (Art. 6(1)(b) GDPR) or consent (Art. 6(1)(a) GDPR); providing, supporting, and billing the Services — performance of a contract (Art. 6(1)(b) GDPR); sending marketing where permitted — consent (Art. 6(1)(a) GDPR) or legitimate interests (Art. 6(1)(f) GDPR), with opt-out; complying with legal, accounting, and tax obligations — legal obligation (Art. 6(1)(c) GDPR).

4. SMS Messaging & Lead Capture

When you submit our missed-call audit form, we collect your name, business name, email, phone number, website URL (optional), trade, and estimated monthly call volume. We use this information to prepare your tailored audit report and deliver it by email. If you check the SMS consent box on the form, we may send transactional SMS messages related to your audit and any subsequent inquiry. Audit lead data is retained for 90 days after report delivery; if you become a customer, the record converts to your active customer profile. Sub-processors involved: HighLevel (data layer + transactional email delivery) and Twilio (phone number lookup and SMS delivery). See our Sub-processors page for the complete list.

When you submit our contact form, we collect your name, email, optional phone number, and message content. We use this information solely to respond to your inquiry. Contact submissions are retained until your inquiry is resolved, plus 90 days for audit-trail purposes. If you provide a phone number AND check the SMS consent box, we may send transactional SMS messages related to your inquiry; otherwise we reply by email only. Sub-processors involved: HighLevel (data layer + transactional email delivery).

5. Cookies and Tracking

We use cookies and similar tracking technologies to understand how visitors use our website. The analytics script we load (from our CRM provider) and Vercel Speed Insights performance measurement run only after you accept the cookie banner. You may disable cookies in your browser settings, though this may affect some site functionality.

In addition, we operate error and performance monitoring (Sentry, operated by Functional Software, Inc., USA) on a legitimate-interest basis (Art. 6(1)(f) GDPR) to detect and resolve software faults, abuse attempts, and security incidents. This service runs from the first page load — it is not gated on cookie consent — because it is strictly necessary for operating reliable and secure infrastructure.

Sentry is configured to disable default personal-data collection (sendDefaultPii: false) and to strip authentication headers, cookies, and credential-shaped property names from captured events before transmission. The categories of error data collected are limited to: stack traces, browser and device metadata, URL/route information, and scrubbed request context. You may request restriction or deletion of error data attributable to you under Section 9 below.

6. Third-Party Sub-processors

We engage third-party sub-processors to deliver our services — including CRM, voice AI orchestration, text-to-speech, speech-to-text, large language model inference, telephony, hosting, error monitoring, rate-limit / abuse-prevention infrastructure, and subscription billing. Some of these providers are based outside your country of residence (primarily in the United States). Where we transfer personal data internationally, we rely on appropriate safeguards as set out in Section 7.

We do not sell personal data, and we do not "share" it for cross-context behavioral advertising as defined by U.S. state privacy laws.

For a complete and up-to-date list of our sub-processors — including purpose, location, and safeguard for each — see our Sub-processors page →

7. International Data Transfers

Some recipients are located in the United States or other countries outside the EEA. Such transfers are protected by the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), the UK International Data Transfer Addendum, and Swiss adaptations, and/or by the EU-US Data Privacy Framework where the recipient is certified. Details are in Annex IV of our DPA, supported by our Transfer Impact Assessment.

8. Data Retention

We retain personal information for as long as necessary to provide our services, then delete or anonymize it. Business and tax records are retained for the periods required by law — in Germany, generally six (6) or ten (10) years under the German Commercial Code (HGB) and Fiscal Code (AO). You may request deletion of your data at any time by contacting the relevant controller’s privacy address listed in Section 1.

9. Your Rights

Subject to applicable law, you have the right to access, rectify, erase, restrict, and port your personal data, to object to certain processing, and to withdraw any consent you have previously given at any time without affecting the lawfulness of prior processing.

If you are in the EEA, the United Kingdom, or Switzerland, you may also lodge a complaint with a supervisory authority. For Justido GmbH, the competent authority is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit).

If you are a U.S. resident, you have the rights granted by your state's privacy law — including the right to know/access, delete, correct, and opt out of sale/sharing/targeted advertising. We honor recognized opt-out signals (e.g., Global Privacy Control) where technically feasible.

To exercise any right, contact the relevant controller’s privacy address listed in Section 1.

10. AI Processing

Our Services use artificial intelligence (large-language models, speech recognition, and text-to-speech). Calls and messages handled by the Services may be recorded and transcribed on our customers' behalf. We do not use personal data to train third-party foundation models except as permitted under the DPA, and our AI sub-processors are configured for zero-retention or no-training where available.

11. Security

We maintain technical and organisational measures appropriate to the risk, including encryption in transit and at rest, access controls and multi-factor authentication, monitoring, and regular backups, as described in our Information Security Policy and Annex II of the DPA.

12. Children

Our website and Services are intended for businesses and are not directed to children under 16.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by posting a notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.

14. Contact

For privacy-related questions, contact the relevant controller’s privacy address listed in Section 1: privacy@justido.de (Justido GmbH — EEA, UK, Switzerland) or privacy@justidosolutions.com (Justido LLC — United States).