We collect what we need to run the platform for you, and nothing else. This page explains the summary; the full privacy notice (data subject rights, lawful bases, retention windows by data class, cookie disclosures, sub-processor list) is on the canonical page below.
What we collect
From you (the platform user): name, email, password hash, billing address + card token (via Stripe — we never see card numbers), business name + registration details, and conversational input you provide to your Cofounder.
About your customers (where applicable): name, email, phone, address, order and invoice history — only the data you upload or that your integrations sync. We don't collect customer data from any other source.
How we use it
Customer data is used solely to run the Juniper OS service for the customer who uploaded it. We don't sell, share, or use customer data for advertising or third-party model training. Aggregate, anonymised metrics may be used internally to improve the product (e.g. "median time-to-first-customer is 47 days") — never tied back to a specific customer or row.
Marketing and waitlist sign-ups
If you ask us to notify you about founding membership, the waitlist, or the readiness scorecard, we store your first name, email, and the date, time and IP address of your consent as proof you opted in. The lawful basis is your consent, and we use these details only to email you about Juniper OS — never for anything else, and never shared or sold.
You can withdraw consent at any time: use the unsubscribe link in any email we send you, or email privacy@juniperenterprises.co.uk and we will remove you. We keep these details only until you unsubscribe or ask us to erase them.
Where it lives
Supabase Postgres in eu-west-2 (London). Encrypted at rest (AES-256) and in transit (TLS 1.3). Tenant isolation enforced by Row-Level Security — application code cannot bypass it. Backups are also encrypted and EU-resident. We do not transfer customer data outside the UK / EU without explicit consent.
Your rights
You can export, rectify, restrict, port, or delete your data at any time — full UK GDPR coverage. The platform has built-in self-serve flows for export and deletion. Deletion has a 30-day grace window; after that, hard-delete is logged immutably so you have proof.
Concerns or requests: privacy@juniperenterprises.co.uk. Our supervisory authority is the UK ICO.