Privacy Policy

1. Introduction

LawGo (Pty) Ltd ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI-powered legal intelligence platform, in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and other applicable laws.

We are the "responsible party" for the processing of your personal information as defined in POPIA.

2. Information Officer

Our designated Information Officer can be contacted at:

The Information Officer
LawGo (Pty) Ltd
Email: privacy@lawgo.co.za

3. Personal Information We Collect

We collect personal information as defined in POPIA, which includes but is not limited to:

3.1 Information You Provide

• Name and surname
• Email address
• Contact telephone numbers
• Physical and postal addresses
• Identity or passport numbers
• Professional registration details (for legal practitioners) and organisation affiliation
• Payment and billing information

3.2 Information Collected Automatically

• IP address and device identifiers
• Browser type and version
• Usage data and access times
• Cookies and similar technologies (see Section 10)

3.3 Special Personal Information

We do not intentionally collect special personal information (such as race, health information, or biometric data) unless necessary for legal matters you manage through our Service. Where such information is processed, additional safeguards apply under POPIA.

3.4 AI Interaction Data

When you use AI-powered features, we collect data related to your interactions including queries, uploaded documents for analysis, and AI-generated responses. This data is processed to provide the requested AI features and to improve service quality. Your documents and legal materials are never used to train AI models.

4. Purpose of Processing

We process your personal information for the following lawful purposes in accordance with Section 13 of POPIA:

• To provide and maintain our Service
• To create and manage your Account
• To process transactions and send billing information
• To communicate with you about your Account and the Service
• To provide customer support
• To comply with legal obligations
• To protect our legitimate interests and those of third parties
• For research and development to improve our Service, including improving AI model selection and feature effectiveness (using aggregated, anonymised data only)

4.1 AI-Specific Processing

We process your data through AI models for the specific purposes of: providing legal research assistance, analysing uploaded documents, generating draft content, and evaluating case materials. AI processing is performed by third-party providers (OpenAI, Anthropic, Google) acting as operators under our instruction. Your data is processed in real-time and is not retained by AI providers beyond the immediate session.

5. Legal Basis for Processing

Under POPIA, we process your personal information based on:

• Consent: Where you have given us permission
• Contract: Where processing is necessary to perform our agreement with you
• Legal Obligation: Where we must comply with the law
• Legitimate Interest: Where processing serves our legitimate business interests without overriding your rights

6. Sharing of Personal Information

We may share your personal information with:

• Service Providers: Third parties who assist us in operating our Service, including cloud infrastructure (Cloudflare), AI processing (OpenAI, Anthropic, Google), analytics (PostHog, Google Analytics), email communications (Resend), and authentication services — all subject to confidentiality and data processing agreements
• Legal Requirements: Where required by law, court order, or government authority
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: Where you have authorized sharing

We do not sell your personal information to third parties.

6.1 AI Sub-Processors

Our AI features are powered by third-party providers who act as sub-processors. These include OpenAI (GPT models), Anthropic (Claude models), and Google (Gemini models). These providers are contractually prohibited from using your data for training purposes and are required to delete processed data after providing responses. We regularly review our sub-processors' data protection practices.

7. Cross-Border Transfers

Your personal information may be transferred to and processed in countries outside South Africa as part of providing our Service, including for AI processing, cloud infrastructure, and analytics. Our primary infrastructure is hosted on Cloudflare's global edge network. Where cross-border transfers occur, we ensure that adequate safeguards are in place as required by Section 72 of POPIA, including:

• The recipient country having adequate data protection laws
• The recipient being bound by contractual obligations
• Your consent to the transfer

8. Security Measures

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. Our infrastructure is hosted on Cloudflare's global edge network, providing enterprise-grade security. Measures include:

• Encryption of data in transit (TLS 1.3) and at rest
• Secure authentication mechanisms
• Regular security assessments
• Access controls and authorization
• Employee training on data protection

In the event of a data breach that poses a risk to your rights, we will notify you and the Information Regulator within 72 hours as required by POPIA. We maintain an incident response plan and regularly test our breach detection and notification procedures.

9. Retention of Personal Information

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law. Factors we consider include:

• Legal and regulatory requirements
• Contractual obligations
• Business necessity
• Prescription periods for legal claims

When personal information is no longer required, it will be securely destroyed or de-identified.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyse usage patterns, and provide personalised features. These may include:

• Essential Cookies: Required for the Service to function
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how you use our Service (Google Analytics 4, PostHog, Microsoft Clarity)

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

10.1 Analytics and Tracking

We use the following analytics services to understand usage patterns and improve our Service: Google Analytics 4 (page views, user journeys), PostHog (product analytics, feature usage, session recording), and Microsoft Clarity (heatmaps, session recording). These services may set their own cookies and collect data such as IP address, browser type, and interaction patterns. You can opt out of analytics tracking through your browser settings or by using browser extensions that block tracking scripts.

11. Your Rights Under POPIA

Under POPIA, you have the following rights:

• Right of Access: Request confirmation of whether we hold your personal information and access to it
• Right to Correction: Request correction of inaccurate or incomplete personal information
• Right to Deletion: Request deletion of your personal information in certain circumstances
• Right to Object: Object to the processing of your personal information on reasonable grounds
• Right to Lodge a Complaint: Lodge a complaint with the Information Regulator

To exercise any of these rights, please contact our Information Officer at privacy@lawgo.co.za.

11.1 Right to Data Portability

You have the right to receive your personal information and Client Data in a structured, commonly used, and machine-readable format. Upon request, we will provide your data within 30 days. This includes all documents, matter data, and account information stored in our Service.

11.2 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. You may withdraw consent by contacting our Information Officer or through your account settings.

12. Information Regulator

You have the right to lodge a complaint with the Information Regulator if you believe your personal information has been processed unlawfully:

The Information Regulator (South Africa) SALU Building, 316 Thabo Sehume Street, Pretoria PO Box 31533, Braamfontein, 2017 Email: inforeg@justice.gov.za Website: www.justice.gov.za/inforeg

13. Children's Privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

13.1 Age Verification

We use age-gating during registration to help ensure that users meet our minimum age requirement of 18 years. If we discover that we have inadvertently collected personal information from a person under 18, we will promptly delete that information and terminate the associated account.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by email to your registered address and by posting the new Privacy Policy on our website, updating the "Effective Date". We encourage you to review this Privacy Policy periodically. Material changes will take effect 30 days after notification unless a shorter period is required by law.

15. Contact Us

If you have any questions about this Privacy Policy or our data protection practices, please contact us at:

LawGo (Pty) Ltd
South Africa
Email: privacy@lawgo.co.za