Privacy Policy

1.1 Account Information

When you register for BantuziLegal, we collect your full name, email address, phone number, firm name, job title, and billing address. If you apply for a Founding Customer plan we also collect your preferred start date and practice area interests.

1.2 Practice Data

Data you enter while using the platform — including client records, matter details, time entries, documents, invoices, and payment records — is stored securely and belongs to your firm. We do not access this data except as necessary to provide, maintain, or improve the service, or when required by law.

1.3 Usage & Device Data

We automatically collect IP addresses, browser type and version, operating system, pages visited, timestamps, and referral URLs. This data helps us improve performance and diagnose issues.

1.4 Cookies

We use strictly necessary cookies for authentication and session management. We do not use third-party advertising cookies. Analytics cookies (if any) are anonymous and can be disabled in your browser settings.

We use collected information to: (a) provide, operate, and maintain the BantuziLegal platform; (b) process payments and manage subscriptions; (c) send transactional emails such as invoices, password resets, and security alerts; (d) respond to support requests and contact form submissions; (e) improve our product based on anonymised, aggregated usage patterns; (f) comply with applicable laws and regulations.

We will never sell your personal information to third parties. We do not use your practice data to train machine-learning models.

We share data only in the following circumstances:

Service Providers

We engage trusted third-party processors (cloud hosting, payment gateways, email delivery) who process data on our behalf under strict contractual obligations.

Legal Requirements

We may disclose information when required by Zambian law, court order, or valid legal process.

Business Transfers

In the event of a merger, acquisition, or asset sale, user data may be transferred as part of the transaction. We will notify affected users before any change in data-processing practices.

We implement industry-standard security measures including: encrypted data transmission (TLS 1.2+); BCrypt-hashed passwords; JWT-based stateless authentication; tenant-isolated database workspaces ensuring no firm can access another firm's data; role-based access control (RBAC); and comprehensive audit logging of all administrative actions.

While we employ robust safeguards, no method of electronic storage or transmission is 100% secure. We encourage users to use strong, unique passwords and to report any suspected security incidents immediately.

We retain your account data for as long as your account is active or as needed to provide the service. Practice data is retained for the duration of your subscription. Upon account termination, we will delete or anonymise your data within 90 days, unless retention is required by law or for legitimate business purposes (e.g., billing records).

You may request data export at any time through your account settings or by contacting our support team.

Depending on your jurisdiction, you may have the right to: access the personal data we hold about you; correct inaccurate or incomplete data; request deletion of your data (subject to legal retention requirements); restrict or object to certain processing activities; request a portable copy of your data; and withdraw consent where processing is consent-based.

To exercise any of these rights, contact us at privacy@bantuzilegal.com. We will respond within 30 days.

BantuziLegal is based in Zambia. Your data may be processed in countries outside Zambia where our service providers operate. In such cases, we ensure that appropriate safeguards are in place, including contractual data-processing agreements consistent with applicable data-protection laws.

BantuziLegal is a professional business tool and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or an in-app notification at least 14 days before they take effect. Continued use of the platform after changes constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy or our data practices, please contact us at privacy@bantuzilegal.com or through our contact page.