Important notice: This Privacy Policy describes how Gojury (collectively, “we”, “us”, or “our”) intends to handle information in connection with the public marketing website operated on GitHub Pages and related waitlist tooling, together with anticipated practices for the Gojury mobile application. This document is not legal advice. Privacy law varies by jurisdiction. You should have a qualified lawyer review how you actually collect and use personal data once your product backend, subprocessors, and retention practices are finalized, especially around Spain / EEA, California, children, marketing email, voice/audio, biometrics, where applicable.
Last updated: April 30, 2026
1 Who we are and how to contact us
If you have questions about this policy or privacy requests, email hello@gojury.me or visit https://gojury.me/.
To be finalized with counsel: the full legal entity name (for example, a corporation or SL), registered postal address in your country of incorporation, and any statutory EU/UK contacts (representative/DPO contact details) once those are formally appointed.
2 Scope of this policy
This policy has two scopes:
2.1 Marketing website (this repository / GitHub Pages)
It applies today to the publicly hosted site that introduces Gojury, including HTML, CSS, and images served from GitHub Pages as configured by this repository, and interactive elements described in Sections 5 and 6.
2.2 Gojury mobile app (future or current production)
Sections 9 through 12 describe anticipated categories of app data aligned with planned product features (voice-forward task capture, to-do content, friend / witness visibility, signals about completion or overdue items shown to designated contacts). Operational details (exact backend vendor names, retention days, lawful basis wording, DPIA conclusions) are marked “[To finalize]” and must be corrected before relying on those statements commercially.
Where the app materially diverges from this draft, publish an updated Privacy Policy linked inside the application and revise this page accordingly.
3 Sources of truth and third-party disclosures
Technical reality of the marketing site builds as follows (verify periodically when you edit templates):
| Source | What typically happens | Links |
|---|---|---|
| GitHub Pages | Hosting and delivery of site files to visitors; underlying traffic and diagnostics may be logged under GitHub and associated infrastructure policies. See GitHub Privacy Statement. | About GitHub Pages, GitHub Privacy Statement |
| Formspree waitlist endpoint | Visitors who submit email ask to hear about launches; the browser POSTs fields to https://formspree.io/f/xzdobrbw hosted by Formspree. Processing is governed by Formspree as a vendor. [To finalize] any additional tokens or hidden honeypots you add in HTML. |
Formspree privacy policy |
| Font Awesome CDN | Stylesheets may be loaded from https://use.fontawesome.com to render icons used in layouts. Your visitors’ browsers request assets from third-party CDN infrastructure; review Font Awesome policies periodically. |
fontawesome.com Privacy |
| jQuery CDN (Google Hosted Libraries) | When an ios_app_id is configured, additional JavaScript fetched from Google’s CDN may execute to enrich App Store-derived metadata displayed on the homepage. See _includes/appstoreimages.html in this site’s GitHub repository. Requests originate from the visitor browser; Google’s policies apply accordingly. [To finalize] if you relocate scripts to local hosting instead. |
Google Hosted Libraries |
| Apple iTunes Search API | If ios_app_id is configured, browsers may invoke Apple’s JSON Lookup endpoints to retrieve public App Store listings (titles, descriptions, imagery). Apple processes those requests pursuant to Apple’s policies (not routed through Gojury servers). |
Apple Privacy |
| Meta (Facebook) Pixel | The site loads Meta Pixel from connect.facebook.net (fbevents.js) with Pixel ID 1002840015414099. A PageView event fires on ordinary page loads unless blocked. Meta may set or read identifiers (including cookies where allowed). Processing is governed by Meta. [To finalize] lawful basis/consent banners, CPRA/opt-out linkage, restricted data processing configurations, regional differences. |
Meta Privacy Policy |
The site loads the Meta Pixel in _includes/head.html. Marketing stacks may correlate visits with identifiers held by Meta. [To finalize] consent management, granular controls, disclosures, lawful basis wording (particularly EEA/U.K.), and U.S. state privacy compliance (including how you describe “sharing” with advertising partners where applicable).
4 Automated data from visiting the marketing site
When you load pages, browsers automatically send technical data commonly including:
- Network identifiers such as IP address segments;
- Dates/times of access;
- User agent strings, language preferences, referrer headers where provided;
- HTTP status diagnostics.
GitHub Pages and transit networks upstream may temporarily retain derivative logs consistent with respective privacy statements. [To finalize] whether you ingest server logs independently (normally you do not for static GitHub Pages without added middleware).
Cookies / local storage: Third-party Pixel and CDN scripts (Meta, Font Awesome, Google Hosted Libraries where used, etc.) may set or read cookies or analogous storage pursuant to vendor policies where permitted by browsers and regulators. [To finalize] inventories, lawful basis/consent tooling, CPRA/opt-out disclosures.
5 Waitlist email collection
What you voluntarily give us. When you type an email address and submit our waitlist form, we collect that address (and [To finalize] any additional fields added such as optional name, referrer tag, checkbox consents embedded as hidden _subject/_replyto/_gotcha). Do not submit emails you do not control.
Why we collect it. To notify you about launches, onboarding, invitations, surveys, beta programs, regulatory notices relevant to testers, or transactional messages needed to administer your request. [To finalize] whether you intend separate lawful bases (consent vs legitimate interest vs contract) depending on jurisdictions.
How we retain it. Formspree stores submissions pursuant to Formspree’s policies and your retention settings in Formspree. [To finalize] download cadence into your CRM/marketing tooling, unsubscribes vs delete policies, suppression lists.
Transfers. Processing may involve servers in regions outside yours. [To finalize] Standard Contractual Clauses or other transfer mechanisms documented with counsel.
6 Requests you initiate (email/contact)
Emails you voluntarily send us (for example hello@gojury.me) can include identifiers, screenshots, troubleshooting metadata. We use that content strictly to correspond with you unless you authorize another purpose. [To finalize] ticketing tool stack and attachments retention.
7 Social links
If footer links expose social handles (Instagram etc.), interacting with third-party platforms invokes their policies, not ours. We recommend reading each platform separately.
8 Combining information
We may associate waitlist identifiers with eventual app accounts strictly if you unify systems and disclosed that linkage. [To finalize] onboarding merge practices.
9 Categories of processing for the planned Gojury app (anticipated)
Sections 9-12 articulate anticipated processing categories grounded in marketed functionality. Update before commercial launch.
9.1 Account authentication and profile basics
Potential data: identifiers (email/username), secure tokens, hashed credentials, timestamps, onboarding answers.
Purposes: create accounts, security, backups, misuse detection.
9.2 To-do/task content tasks
Potential data: item titles, transcripts, recurrence settings, statuses, timestamps, contextual notes typed or dictated. Certain items may inherently reveal sensitive schedules (health/legal/financial). [To finalize] optional explicit warnings for hazardous content.
9.3 Voice capture (product promise)
Potential data depending on architectural choices ([To finalize each bullet]):
- Streaming audio buffers used only transiently versus stored raw audio blobs;
- Transcripts generated on-device versus server transcription services;
- Model vendor logs (speech-to-text API provider);
- Confidence scores/timecodes.
Consult counsel if law classifies biometric/voice-derived models as special categories locally.
9.4 Social graph / jurors (“friends”, “witnesses”)
Potential data: reciprocal links, approvals, mute states, aggregated witness metrics (completion vs overdue tallies surfaced to jurors consistent with UX). Explain specifically:
- Exactly what statuses each role sees;
- What cannot be inferred (contacts not on platform?, phone hashes? [To finalize]).
9.5 Notifications / push identifiers
Potential data: APNs/FCM tokens, OS version, mute preferences.
9.6 Support & diagnostics telemetry
Potential data: crash logs, breadcrumbs, hashed device IDs [To finalize].
10 Sharing, subprocessors, and legal disclosures
Potential recipients ([explicitly list factual vendors before launch]):
- Hosting / database / object storage ([To finalize]).
- Crash reporting ([To finalize]).
- Email delivery / transactional mail ([To finalize] beyond Formspree if applicable).
We may disclose data when required by subpoena, court order, or good-faith legal obligation.
We do not sell waitlist submissions for money (“sale” terminology per US state statutes) [To revise if business model evolves].
Safeguard no onward sale wording with counsel especially if integrations later participate in monetized cohorts.
11 Retention ([numbers must be truthful])
Suggested placeholder structure until engineering defines SLAs:
| Category | Indicative period | Actual policy |
|---|---|---|
| Marketing waitlist submissions | [To finalize] | Document post-signup retention/suppression cadence |
| App account dormant | [To finalize] | |
| Deleted account recovery window | [To finalize] | |
| Logs / transcripts / audio remnants | [To finalize] |
12 Security measures (high-level)
Industry-common controls may include ([finalize truthfully]): TLS-in-transit, encryption at-rest for disks, compartmental access, least-privilege credentials, MFA for admin dashboards, SOC2-oriented vendor choices. Omit anything you cannot operationally certify.
13 Your rights (jurisdiction-variable)
Depending on geography, privacy laws may extend rights including (non-exhaustive):
- Access or export of categories of personal information;
- Rectification/inaccuracies correction;
- Erasure/right to deletion with statutory exceptions (outstanding liabilities, lawful retention);
- Restriction/objection to processing, including opting out from certain profiling or automated decisions where applicable (subject to exemptions);
- Data portability structured machine-readable extracts when technically feasible.
Residents of the EEA/UK typically address controllers under GDPR/U.K. GDPR with supervisory authority escalation rights ([finalize legal entity]). Provide contact email hello@gojury.me as intake now; escalate with formal portal later.
California residents: describe recognition of CPRA-aligned rights (right to know, deletion, correction, opt-out from sale/share as defined) once product touches California households. [Provide mechanism URL or email instructions].
Do not discriminate unlawfully against rights exercise.
Response timelines ([finalize with counsel], example 30-45 days where laws say so).
14 International transfers
If data moves across borders, document lawful transfer tools (SCCs, adequacy decisions, UK IDTA, etc.). [To finalize].
15 Children
Gojury is not directed at children under 13 (or higher age where local law sets a stricter bar). Do not provide personal data if you are under that age. If we learn we’ve collected minors’ data improperly, [To finalize] remediation steps mandated by lawyer.
Older teens (13-17) may merit platform-specific safeguards (parental linkage, moderated social exposure). [To finalize].
16 Marketing communications choices
Marketing vs transactional email definitions & unsubscribe instructions [To finalize]. Honour opt-outs promptly regardless of tooling.
17 Automated decision-making ([if any])
If later you personalize ranking or reputational modeling with legal effects, [disclose] logic categories, significance, meaningful human oversight per Article 22 GDPR contours when applicable.
18 Changes to this Privacy Policy
We may update this posting; revise Last updated. Material reductions to privacy require appropriate additional notice under some laws. Continued use / opt-in rules vary; [finalize notice strategy].
19 Contact
Email: hello@gojury.me
Site: gojury.me
[To finalize] postal address, registration numbers, EU/UK representative.
20 California / US supplemental stub ([expand with counsel])
If you are a California resident, you may have additional rights under the CPRA / relevant state statutes about certain disclosures, corrections, deletion, and limitation of purposes. This marketing site loads the Meta Pixel (see Section 3), which may constitute “sharing” or analogous processing under CPRA wording depending on your configuration with Meta ([confirm with counsel] before publishing definitive statements). Honor opt-out pathways and conspicuous intake channels ([finalize] CPRA workflows; at minimum contact hello@gojury.me as a provisional intake inbox).