Sign in to your dashboard

Privacy policy

How we collect and use your personal data under UK GDPR and the Data Protection Act 2018.

This notice explains who we are, what personal data we collect, why we use it, who we share it with, how long we keep it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

Juno Property Lawyers Limited (JPL) is a conveyancing firm authorised and regulated by the Council for Licensed Conveyancers (licence number 3338) and registered with the Information Commissioner’s Office (ICO). JPL is the controller for personal data we use to quote for and deliver our legal services — including lead data, case data, identity records, anti-money-laundering records, payments, and communications relating to your transaction.

  • Company number: 10227405
  • VAT number: 243966087
  • Registered office: 43–51 New North Road, London N1 6LU
  • ICO registration: ZA245867

Contacting us about your data

If you have questions, want to use any of your rights, or want to make a complaint, email hello@juno.legal. We’ll respond within one calendar month.

If you’re unhappy with how we’ve handled your data you can complain to the ICO at ico.org.uk/concerns or 0303 123 1113.

Data we collect and why

The personal data we collect depends on how you interact with us.

People who visit our website

When you browse juno.legal we collect technical and usage data — your IP address, browser type, pages visited, referrer, approximate location from your IP, and time on pages — and we record errors that happen on the site.

Why: to run and secure the website, understand how people use it, and improve it.

Lawful basis: legitimate interests.

People who request a quote or contact us

If you request a quote, fill in a contact form, or are referred to us by an estate agent or mortgage broker, we collect:

  • Your name, email, phone number, and address.
  • Details about the property, the price, and your situation.
  • Any messages you send us.

Why: to give you an accurate quote, contact you about it, and set up your case if you appoint us.

Lawful basis: legitimate interests. If you opt in, consent for marketing communications.

Where we got it from: directly from you, or from a partner such as an estate agent or mortgage broker who referred you. If your details came from a referral partner, we can tell you which one if you ask.

People who appoint us as their conveyancers

If you instruct us, we collect significantly more data, including:

  • Identity data — name, date of birth, nationality, photographs of identity documents (passport, driving licence), proof of address, and biometric data we use to verify your identity.
  • Financial data — bank account details, source-of-funds and source-of-wealth information, mortgage details, payment history, transaction details.
  • Property data — address, title number, valuation, mortgage details, search results, ownership history.
  • Communications data — emails, phone call recordings (we record all incoming and outgoing calls), SMS messages, postal letters, dashboard messages, and notes of conversations.
  • Other case data — anything else relevant to your transaction, including (where needed) information about your health, family circumstances, or vulnerabilities.

Why we use this data:

  • To do the conveyancing work you’ve asked us to do.
  • To meet our legal and regulatory obligations — identity checks and anti-money-laundering checks (under the Money Laundering Regulations 2017), filing and paying land transaction tax (Stamp Duty in England, Welsh Land Transaction Tax in Wales), Land Registry filings, and Council for Licensed Conveyancers record-keeping.
  • To process payments and send and receive funds on your behalf.
  • To talk to the other parties in your transaction (the other side’s lawyers, estate agents, lenders, search providers).
  • To handle complaints and defend or pursue legal claims.
  • To improve our service, train our staff, and develop the technology we use.
  • To contact you about relevant services after your transaction has completed (for example, your remortgage 18 months in).

Lawful basis: primarily contract (our retainer with you) and legal obligation. For some processing — improving the service, defending claims — legitimate interests.

Special category and criminal-offence data: for the biometric data we use to verify your identity (via Entrust), we rely on “substantial public interest” under the anti-money-laundering and fraud-prevention conditions in Schedule 1 of the Data Protection Act 2018. For other special category data (such as health information relevant to your transaction), we rely on “establishment, exercise or defence of legal claims” or “substantial public interest”. For criminal-offence data (for example, anti-money-laundering checks that flag prior offences), we rely on compliance with regulatory requirements.

How we use AI tools

We use AI services from Anthropic (Claude), OpenAI (ChatGPT) and Google (Gemini) to help us run our service.

When we use these tools, the relevant case data — including your name, contact details, property information, and the contents of documents, emails and telephone transcripts — is processed by the tool providers on our behalf as our processors, under contracts that meet UK GDPR requirements. These companies don’t use your data to train their models. We remain the data controller of your data.

Who we share your data with

Some of the people and organisations below are processors (they act on our instructions, under a contract). Others are separate controllers (organisations we share data with as part of running a transaction or meeting our obligations).

Group companies

  • Juno Global Services Limited (JGS) is a company in the Juno group. It operates our website, client portal, marketing and lead generation tools and case-management technology on JPL’s behalf as our processor.
  • Juno SA Right Now (Pty) Ltd (JSA) is another company in the Juno group, based in South Africa. JSA provides operational and case-handling support to JPL under an intercompany services agreement. JPL remains the data controller for personal data that JSA handles; JSA acts as JPL’s data processor under a written agreement that meets UK GDPR requirements based on the Information Commissioner’s Office’s recommended format.

Hosting, infrastructure, and storage

  • Amazon Web Services — hosting, document storage, and email delivery.
  • Google Workspace — email, calendar, documents, AI models and shared drives (including Google Drive).

Identity verification and electronic signatures

  • Entrust — identity and biometric verification of clients.
  • Dropbox Sign — electronic signatures on legal documents.

Payments and accounting

  • Stripe — taking card payments.
  • Xero — invoicing, accounting, and client account ledger.
  • NatWest — our bank, including their Open Banking API for verifying account details and confirming payments.

Communications

  • Twilio — SMS and some calls.
  • Aircall — our phone system. All inbound and outbound calls are recorded.
  • Postmark — transactional and bulk email.
  • Front — managing our shared inboxes.
  • Slack — internal team communications and notifications about cases.
  • Stannp — printing and posting physical letters.

AI tools

All used as described above:

  • Anthropic — Claude
  • OpenAI — ChatGPT
  • Google — Gemini
  • HM Land Registry — title information and registering changes of ownership.
  • HMRC (for Stamp Duty in England) and the Welsh Revenue Authority (for Welsh Land Transaction Tax in Wales) — filing returns and paying tax on your transaction.
  • Access Legal — property searches.
  • TM Connect — property searches and sharing case status with estate agents.
  • LMS and LenderExchange — receiving mortgage offers from your lender and sending compliance information back, where your lender uses one of these channels.
  • Your counterparty’s lawyers, and the estate agents, lenders, and surveyors involved in your transaction (as applicable).
  • Any freeholder, landlord, management companies, and managing agents for the property.
  • Your mortgage lender (full personal data) and mortgage broker, if you have one.
  • The Council for Licensed Conveyancers — our regulator, who can require access to our records.
  • The Financial Conduct Authority — for the insurance products we arrange as part of conveyancing (such as chancel liability indemnity policies).
  • The National Crime Agency — where we’re required to make a money-laundering report.
  • Our professional indemnity insurers and external auditors.

Monitoring and analytics

  • Sentry — error and crash reporting.
  • Google Analytics — website analytics.
  • Incident.io — public service status page.

Other situations

We’ll share your data when legally required — for example, to respond to a court order, to comply with anti-money-laundering reporting obligations, or to defend ourselves against a legal claim.

International transfers

Most of the services above process data in the UK or the European Economic Area. Some — including some AWS services, Anthropic, OpenAI, Stripe, Sentry, Slack, and Google Workspace — process data outside the UK, mostly in the United States.

Some of our staff and contractors work on cases from outside the UK, including the EEA, Switzerland, South Africa, Canada, and Pakistan. They access our systems via secure, firm-managed hardware and encrypted connections.

Where data goes outside the UK we rely on one of the safeguards permitted by UK GDPR — UK adequacy regulations (including the UK Extension to the EU–US Data Privacy Framework, where the recipient is certified), or the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, combined with a transfer risk assessment.

You can ask for a copy of the safeguards we use for any specific transfer.

How long we keep your data

Our data retention periods are:

  • Sale case files: at least 6 years after completion or cancellation — this is a regulatory obligation.
  • Purchase and remortgage case files: at least 15 years after completion or cancellation — this is a regulatory obligation.
  • Phone call recordings and email records: kept for the same period as the case file.
  • Anti-money-laundering records: at least 5 years from the end of our relationship with you (Money Laundering Regulations 2017). However, where this falls within the case-file retention period above, we hold the AML records as part of the case file in accordance with our regulatory obligations.
  • Accounting records: at least 6 years (Companies Act, HMRC).
  • Marketing preferences and opt-outs: kept for as long as you’re a contact. If you ask us to delete other data, we’ll keep a record of your preference so we don’t accidentally re-contact you.

Your rights

Under UK GDPR you have the following rights. To use any of them, email hello@juno.legal.

  • Access — ask for a copy of the personal data we hold about you. Where applicable, we may withhold information subject to legal professional privilege, regulatory confidentiality, or another applicable exemption under the Data Protection Act 2018.
  • Rectification — ask us to correct data that’s wrong or out of date.
  • Erasure — ask us to delete your data. We can’t always do this (for example, where we’re legally required to keep records), but we’ll explain if so.
  • Restriction — ask us to limit how we use your data while we look into a query.
  • Objection — object to us using your data on the basis of legitimate interests, including for marketing.
  • Portability — ask us to give you, or another organisation, a machine-readable copy of data you’ve provided.
  • Withdraw consent — where we rely on consent (for example, for marketing emails), you can withdraw it at any time. This won’t affect anything we did before you withdrew consent.

We’ll respond within one calendar month. If your request is complex we may need up to two more months — we’ll let you know if so.

You can also complain to the Information Commissioner’s Office at any time at ico.org.uk/concerns.

Cookies

We and the services we use set cookies and similar technologies on your device. These fall into a few categories:

  • Strictly necessary — for the website and our applications to work (for example, keeping you logged in).
  • Analytics — Google Analytics, to understand how the site is used.
  • Error monitoring — Sentry, to detect and diagnose errors.

Changes to this notice

We’ll update this notice from time to time. For changes that affect clients with active cases pre-completion, we’ll tell you through a notification on your dashboard.