ENIT

Privacy Notice

juvant.io · Last updated: 21 June 2026 · Version 1.1

Notice provided pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”) to users who visit the juvant.io website and its subdomain vant.juvant.io.

Note.This notice concerns exclusively the browsing of the institutional juvant.io website and of the vant.juvant.io subdomain shell (the static pages that host the AI assistant interface). The processing of data provided through interactions with the AI assistant “Vant” itself is governed by a separate privacy notice and consent form, presented to the user before the service is started.

1. Data controller

Juvant Srls, in the person of its legal representative Antonio Gatti.

  • Registered office: Via Albert Bruce Sabin 2, 72100 Brindisi (BR), Italy
  • VAT number / Tax code / Companies Register: IT02807050741
  • REA: BR-260986
  • PEC: juvant@pec.it
  • Legal representative: Antonio Gatti

Controller contact: antonio@juvant.io
Data subject rights requests: privacy@juvant.io

2. Data Protection Officer (DPO)

Juvant Srls has not appointed a Data Protection Officer because the mandatory conditions set out in Article 37 GDPR do not apply: it does not carry out, as its core activity, processing operations that require regular and systematic monitoring of data subjects on a large scale, nor does it process on a large scale special categories of data under Article 9 or data relating to criminal convictions and offences under Article 10 GDPR.

3. Data processed during browsing

During the mere visit to the juvant.io website or to its subdomain vant.juvant.io, the following data are collected in server logs, solely for security and technical diagnostics purposes:

  • visitor's IP address;
  • timestamp of the request;
  • browser user-agent;
  • URL of the requested resource and HTTP response code.

This website does not use cookies. No cookies of any kind — technical, analytical, profiling, third-party, or marketing — are stored on the user's device by juvant.io or vant.juvant.io. The website performs no behavioural tracking and generates no user profiles. For the operation of the AI assistant interface, a session identifier is generated and exchanged within the request and response of each interaction (transmitted in the request body and in a response header, and held only in the volatile memory of the browser tab). It is not written to any persistent storage on the user's device, is not a cookie, and is discarded when the tab is closed.

As an exception to the above, the AI assistant interface stores a single item in the browser's local storage (localStorage): the user's consent preference. When the user accepts the consent form before starting the assistant, the literal string 'accepted' is saved under the key vant_consent_v1, for the sole purpose of not re-showing the consent form on subsequent visits made from the same browser. This entry contains no personal data, no session identifier, and no tracking or profiling data: it contains only the string 'accepted'. It is not a cookie but a standard interface persistence mechanism for managing consent. Unlike the session identifier, this entry persists across sessions of the same browser until the user manually clears the browser's local storage. If the user dismisses the form without accepting, no information is stored.

4. Purposes and legal basis

a) Website security and technical diagnostics. Log data are processed for the purpose of ensuring the security of the website, preventing automated abuse and diagnosing technical malfunctions.

Legal basis: legitimate interest of the controller (Article 6(1)(f) GDPR) in the protection of the IT infrastructure and the continuity of the service.

b) Sending the summary email of the conversation with Vant.Where the user, at the end of an interaction with the AI assistant "Vant" on the vant.juvant.io subdomain, voluntarily fills in the dedicated contact form providing their email address, the controller processes that address for the purpose of sending the user a single transactional email containing the summary of the conversation held with the AI assistant. The content of the email is strictly transactional and instrumental to the user's request: it does not include any promotional, commercial or marketing material, nor is it used for any profiling purpose.

Legal basis: performance of pre-contractual measures taken at the data subject's request (Article 6(1)(b) GDPR), in so far as the summary email constitutes a direct response to the expression of interest manifested by the user through the submission of the form.

5. Retention period

Personal data are retained for the time strictly necessary to the purposes set out in section 4, in accordance with the storage-limitation principle (Article 5(1)(e) GDPR). The applicable retention periods, by data category, are as follows:

  • Server / operational logs (Azure Monitor — Log Analytics workspace). Platform-level server and security logs (IP address, timestamp, user-agent, requested URL and HTTP response code) are retained for 90 days at the workspace level, after which they are automatically deleted by the Azure Monitor Log Analytics workspace retention policy, unless further retention is required in the event of confirmed security incidents or legal obligations.
  • Safety and rate-limit events (vantSafetyEvents). When an interaction on vant.juvant.io is flagged by an internal safety mechanism or by rate-limit and abuse-prevention controls, a minimal record is retained as follows: (a) the salted hash of the offending input is retained for 7 days to support short-window correlation of repeated abusive patterns; (b) the full event row is hard-deleted 23 days after creation. No safety-event data is retained beyond 23 days.
  • Backups (DR / continuity). We keep an isolated backup copy of your conversation record for up to 365 days, and we keep it only so we can recover from data loss, security incidents, or outages. Nobody reads it for any other purpose, and it is never restored back into the live system.

    The figure to remember is 365 days. Internally those 365 days break down into an immutable hot snapshot on a rolling 35-day horizon, an Azure Storage soft-delete tail of up to a further 30 days, and a hard ceiling at 365 days from the date the record was first written to the live system; the record cannot exist in any backup tier beyond day 365 under any circumstance. We do not edit backups after they are written; they expire automatically.

    If you ask us to erase your data under Article 17 GDPR, we erase it from our production systems within the statutory deadline. We do not modify existing backups, because doing so would compromise their integrity; we instead record your request in an internal tombstone register. If we ever have to restore a backup (for example after an incident or a data-loss event), your record is suppressed against the restored set before that set returns to production, so the erasure outcome is preserved.

    The lawful basis is our legitimate interest under Article 6(1)(f) GDPR in the security and continuity of the service and the defensibility of legal claims, balanced against your rights as recorded in our internal Legitimate Interest Assessment (LIA-VANT-002). You retain all your rights under Articles 15–22 GDPR, including the right to object to processing based on legitimate interest; contact us at privacy@juvant.io.

  • Hard safety classifier events (vantCrisisFloorEvents). When the deterministic hard safety classifier described in section 6(a) fires, a minimised counter record (coarsened timestamp and detected language — no message content, no hash, no session identifier) is retained for 7 days, after which it is automatically deleted.
  • Conversation summary (server-side record). Where a conversation summary is generated to support the optional lead-capture flow on vant.juvant.io, the server-side summary record is nullified (irreversibly emptied of conversational content) at most 90 days after the session ends, by an automated retention job. After nullification, no conversational content remains in the record.
  • Contact-form email address and associated transactional email. The email address provided through the contact form and the associated conversation summary email are retained for the time strictly necessary to send the transactional email referred to in section 4(b) and to manage any subsequent communications initiated by the user.
  • Lead-capture records (SharePoint Lists). Lead records generated through the optional lead-capture flow on vant.juvant.io are hard-deleted 24 months after the date of last contact between the user and Juvant Srls, by an automated retention job.

In all cases, further retention may apply where strictly required to comply with legal obligations or to establish, exercise or defend a legal claim.

6. Safety classification and records

To operate Vant safely and fairly, each message you send is automatically screened before it reaches the AI model. The screening combines two mechanisms:

(a) Hard safety classifier. A deterministic, rule-based check applied locally within our Function App that identifies a fixed set of hard safety violations (such as explicit self-harm content). This check does not involve AI and does not call any external service. Where it fires, a minimised counter record is logged — specifically, a coarsened timestamp (hourly bucket) and the detected language. No message content, no hash of the message, and no session identifier is stored. This record is retained for 7 days (see section 5 — Hard safety classifier events).

(b) Azure Content Safety screening. An AI-based screening operated by Microsoft within the EU Data Boundary. Two categories are evaluated:

  • a Microsoft-provided self-harm category, used as a secondary safety check in parallel with the AI response generation;
  • a Juvant custom category named “vant-demographic-self-id”, which detects whether a message contains a self-identification clause about nationality, ethnicity, religion, political opinion, age, gender, socioeconomic class, or geographic origin.

For both Content Safety categories, the message is sent to Microsoft's Content Safety service for evaluation and is not retained by that service beyond the immediate request. The service returns to us a yes/no signal only; the content of your message is not returned and is not stored by us. The yes/no signals are not associated with you, are not used to build a profile, and are aggregated only as bounded-cardinality counters for operational monitoring (for example, how often each screening category fires in total, with no link to any individual message or session).

The purpose of the demographic-clause screening is to ensure that Vant's response to a question is the same regardless of how you describe yourself — that is, to keep the routing of your message identity-blind. Detection does not change the substance of the response, the routing class, or the path you experience; it triggers only an internal instruction that reinforces this identity-blind routing for that turn.

Neither screening makes decisions that produce legal effects concerning you or significantly affect you within the meaning of Article 22 GDPR.

The self-harm pathway is strictly non-punitive. When either the hard safety classifier or the Content Safety self-harm category fires, the only effect you experience is an on-screen signposting response directing you to appropriate external mental-health helplines. Detection does not trigger a rate-limit hit, an abuse-prevention flag, a session block, a follow-up contact, an emergency-services dispatch, or any transmission of your message to a third party beyond the in-request Content Safety API call already described above.

Legal basis for special-category data. The self-harm detection category processes health data within the meaning of Article 9 GDPR. This processing is lawful under Article 9(2)(g) GDPR (substantial public interest in the protection of individuals from harm) and is necessary to ensure user safety and non-discrimination in the operation of the AI assistant. Demographic self-identification data, where present, is processed for the same purpose: to ensure fair and consistent responses regardless of how you describe yourself. The balancing assessment supporting this processing is documented in our Legitimate Interests and Public-Interest Assessment LIA-VANT-001, and the technical and organisational safeguards are recorded in our Article 30 Record of Processing Activities.

Rights and fast-track commitments for safety-pathway sessions. For any session in which a safety-pathway signal fired (i.e. a session in which Vant displayed an on-screen helpline signposting response), we apply two enhanced commitments: (i) requests for access, rectification, erasure, restriction or objection concerning that session will be answered within seven (7) calendar days of receipt, rather than the standard period under Article 12(3) GDPR; (ii) where you ask us to act on records relating to such a session, the default outcome we apply is erasure, and you are not required to produce the session identifier or any technical reference — a contemporaneous description of the interaction (approximate date and a short description of the exchange) is sufficient.

A minimal consent record (session identifier, the version of this notice and consent text you accepted, and a timestamp) is retained to evidence that consent was given.

7. Data recipients

Log data are processed exclusively by authorised personnel of Juvant Srls and by the hosting provider (Microsoft Ireland Operations Ltd. (Microsoft Azure)), acting as data processor pursuant to Article 28 GDPR. The data are not disseminated nor communicated to any other parties.

8. Transfers outside the EU

The hosting infrastructure is located within the European Union. Any transfers to third countries take place solely within the framework of the adequacy mechanisms provided for in Chapter V of the GDPR (Standard Contractual Clauses of the European Commission).

9. Rights of the data subject

The data subject may at any time exercise the rights provided for in Articles 15-22 GDPR:

  • access to their own data (Article 15);
  • rectification (Article 16);
  • erasure (Article 17);
  • restriction of processing (Article 18);
  • data portability (Article 20);
  • objection to processing (Article 21).

Requests must be sent to privacy@juvant.io and will receive a reply within 30 days.

10. Complaint to the supervisory authority

If the data subject considers that the processing of their data is carried out in breach of the GDPR, they have the right to lodge a complaint with the Italian Data Protection Authority — Garante per la protezione dei dati personali (www.garanteprivacy.it), without prejudice to any other administrative or judicial remedy.

11. Changes to this notice

This notice may be updated. The version in force is always the one published on juvant.io, showing the date of last update.

juvant.io

© 2026 Juvant Srls