Skip to main content

Privacy Policy

Last Updated: March 20, 2026

1. Introduction

Wakili Suite ("Company," "we," "us," "our," or "Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our services. By accessing and using Wakili Suite, you acknowledge that you have read, understood, and agree to be bound by all the provisions of this Privacy Policy.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Registration: Name, email address, phone number, firm information, and password
  • Profile Information: Professional credentials, business address, and professional photo
  • Communication: Messages, case notes, and documents you upload to the platform
  • Billing Information: Payment method, billing address, and transaction history
  • Support Requests: Correspondence with our support team

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, browser type, and unique device identifiers
  • Log Data: IP address, access time, pages viewed, and referring URL
  • Cookies and Tracking: Session cookies and performance analytics
  • Usage Information: Features used, time spent, and interaction patterns

2.3 Information from Third Parties

  • Information from payment processors (Stripe, PesaPal)
  • Authentication providers (OAuth providers, if applicable)
  • Client referral information

3. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: Providing, maintaining, and improving our services
  • Communication: Sending service-related announcements and support responses
  • User Accounts: Creating and managing your account
  • Billing: Processing payments and managing subscriptions
  • Analytics: Understanding usage patterns to improve user experience
  • Security: Detecting, preventing, and addressing fraud and security issues
  • Legal Compliance: Complying with applicable laws and regulations
  • Marketing: Sending promotional content (with your consent)

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process personal data based on the following legal bases:

  • Contract: Processing necessary to provide services you've contracted for
  • Legitimate Interests: Processing for security, fraud prevention, and service improvement
  • Consent: Processing with your explicit consent (e.g., marketing communications)
  • Legal Obligation: Processing required by applicable laws

5. Data Sharing and Disclosure

We do not sell your personal data. However, we may share information with:

  • Service Providers: Third-party vendors who assist in service delivery (hosting, payment processing, analytics)
  • Legal Authorities: When required by law or to protect our legal rights
  • Business Transfers: In case of merger, acquisition, or asset sale
  • Your Consent: When you explicitly authorize disclosure

All service providers are contractually obligated to maintain confidentiality and use data only for specified purposes.

6. Your Privacy Rights

6.1 GDPR Rights (EU/EEA Users)

If you are in the EU or EEA, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Opt-out of certain processing activities
  • Right to Lodge a Complaint: Contact your supervisory authority

6.2 CCPA Rights (California Users)

California residents have the right to:

  • Know what personal data we collect and how we use it
  • Delete personal data collected from you
  • Opt-out of the sale of personal data
  • Non-discrimination for exercising your rights

6.3 LGPD Rights (Brazil Users)

Brazilian users have rights under the Lei Geral de Proteção de Dados (LGPD), including access, rectification, deletion, and data portability.

6.4 Exercising Your Rights

To exercise any of these rights, please contact us at:

privacy@wakilisuite.com
We will respond within 30 days (or as required by applicable law).

7. Data Security

We implement comprehensive security measures to protect your data:

  • SSL/TLS encryption for data in transit
  • AES-256 encryption for data at rest
  • Regular security audits and penetration testing
  • Role-based access controls
  • Regular employee security training
  • Incident response procedures
  • Vendor security assessments

While we implement strong security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal data for as long as necessary to:

  • Provide services to you
  • Comply with legal obligations
  • Resolve disputes
  • Enforce agreements

User account data is retained for the duration of your subscription and for 90 days after account closure (unless legally required to retain longer). Client data linked to matters is retained for the duration of the matter and 7 years thereafter for legal compliance.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Remember your login preferences
  • Maintain session information
  • Track usage analytics
  • Improve user experience

You can control cookie preferences through your browser settings. Please note that disabling cookies may affect functionality.

10. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to read their privacy policies before providing personal information.

11. Children's Privacy

Wakili Suite is not intended for users under 18 years old. We do not knowingly collect personal information from minors. If we become aware that a minor has provided us information, we will delete it promptly.

12. International Data Transfers

Your information may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that differ from your country. By using Wakili Suite, you consent to the transfer of your information to countries outside of your country of residence, which may include countries that do not have the same data protection laws.

For EU residents, we implement Standard Contractual Clauses and other appropriate safeguards to ensure adequate protection of your data in international transfers.

13. California Privacy Rights (CPRA)

In addition to CCPA rights, California residents under the CPRA have the right to:

  • Correct inaccurate personal information
  • Limit use and disclosure of sensitive personal information
  • Opt-out of automated decision-making technology

14. African Data Protection Compliance

Wakili Suite serves legal professionals across Africa. We comply with data protection regulations in multiple African jurisdictions:

14.1 South Africa (POPIA)

Under the Protection of Personal Information Act (POPIA), South African users have the right to:

  • Access your personal information
  • Correct or delete your information
  • Object to processing of your information
  • Request restriction of processing
  • Withdraw consent at any time
  • Request information about data transfers
  • Lodge a complaint to the Information Regulator

We retain personal data only as long as required for service delivery or as mandated by South African law. Client matter data is retained for 7 years post-matter conclusion for professional compliance.

14.2 Tanzania (Data Protection Act)

Tanzanian users are protected under the Tanzania Data Protection Act. Your rights include:

  • Right to know what personal data we collect and how we use it
  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (subject to legal holds)
  • Right to restrict or object to processing
  • Right to data portability
  • Right to lodge complaints with TCRA

All personal data for Tanzanian users is processed in compliance with TCRA guidelines. We do not transfer data outside Tanzania without explicit consent and legal safeguards.

14.3 Kenya (Data Protection Act 2019)

Kenya's Data Protection Act 2019 provides comprehensive privacy rights:

  • Right of access and data portability
  • Right to rectification and erasure
  • Right to restrict or object to processing
  • Rights related to automated decision making
  • Right to lodge individual complaints

We maintain data processing agreements with Service Providers handling Kenyan user data. Data localization requirements are respected for sensitive client information.

14.4 Nigeria (NDPR - National Data Protection Regulation)

Nigerian users benefit from protection under the NDPR, administered by NITDA (National Information Technology Development Agency). Rights include:

  • Right to know and access personal data
  • Right to correct, update, or delete information
  • Right to data portability
  • Right to opt-out of processing
  • Right to equal service (no discrimination)
  • Right to lodge complaints with NITDA

All personal data for Nigerian users is protected with the same encryption standards (AES-256) as EU data. We comply with NITDA data residency requirements.

14.5 Ghana (Data Protection Law)

Ghana's Data Protection Law provides comprehensive data protection rights administered by the Data Protection Commission (DPC):

  • Right to data subject access
  • Right to correct or erase personal data
  • Right to restrict or object to processing
  • Right to data portability
  • Right to lodge complaints with DPC

14.6 Uganda (Data Protection and Privacy Bill)

Uganda's data protection framework provides rights including access, rectification, erasure, and complaint mechanisms aligned with regional standards.

14.7 African Union - CFEU

We recognize the Malabo Convention (CFEU) as a regional framework and comply with its cybersecurity and data protection principles across all African operations.

15. Data Localization and Regional Storage

Multiple African jurisdictions require personal data to be stored and processed within their borders. We comply with these requirements:

  • Tanzania: All personal data processed, stored, and retained within Tanzania
  • Kenya: Sensitive client data stored via Kenyan data centers with local residency
  • Nigeria: Data processing compliant with NITDA residency guidelines
  • South Africa: Optional local data residency for POPIA compliance
  • Ghana & Uganda: Processed with regional data center provisions

For users in jurisdictions with data localization requirements, we provide explicit data storage location information in your account settings.

19. Do Not Track

Some browsers include a "Do Not Track" feature. Currently, there is no industry standard for recognizing DNT signals. We do not respond to DNT browser signals, but you can use other tools to control data collection and use.

20. Changes to Privacy Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email or by posting the updated policy on our website. Your continued use of the Service following publication of changes constitutes your acceptance of the modified Privacy Policy.

21. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Wakili Suite - Global Privacy Team
Email: privacy@wakilisuite.com
Website: www.wakilisuite.com

Data Protection Officer:
Email: dpo@wakilisuite.com

African Regional Privacy Contact:
Email: africa-privacy@wakilisuite.com
Phone: Available through account settings

22. Regulatory Authorities and Complaint Procedures

You have the right to lodge complaints with your local data protection authority if you have concerns about our privacy practices:

22.1 Europe

  • EU Data Protection Authorities: https://edpb.ec.europa.eu/about-edpb/members_en

22.2 North America

  • California Privacy Protection Agency (CPPA): https://cppa.ca.gov

22.3 South America

  • Brazilian National Data Protection Authority (ANPD): https://www.gov.br/cidadania/pt-br/acesso-a-informacao/lgpd

22.4 Africa

  • South Africa: Information Regulator (South Africa): https://www.justice.gov.za/inforeg/
  • Tanzania: Tanzania Communications Regulatory Authority (TCRA): https://www.tcra.go.tz/
  • Kenya: Data Protection Commissioner (DPC Kenya): https://www.dpc.go.ke/
  • Nigeria: National Information Technology Development Agency (NITDA): https://nitda.gov.ng/
  • Ghana: Data Protection Commission (Ghana DPC): https://www.dataprotection.org.gh/
  • Uganda: Uganda Communications Commission (UCC): https://www.ucc.co.ug/