PRIVACY POLICY

Last updated: March 2025. This Privacy Policy describes how LexFlow (Pty) Ltd ("LexFlow", "we", "us") collects, uses, and protects personal information in compliance with the Protection of Personal Information Act (POPIA).

1. OUR ROLE AS DATA OPERATOR

LexFlow acts as an "Operator" as defined in POPIA. Our clients (law firms and legal practices) are the "Responsible Parties" and remain the owners of all legal data uploaded to the platform. We process personal information only on their behalf and in accordance with their instructions.

2. SECURITY: AES-256 ENCRYPTION

We implement industry-standard technical and organizational measures to protect your data:

  • Data at rest: All data stored in our systems is encrypted using AES-256 encryption.
  • Data in transit: All communications between your browser and our servers use TLS (Transport Layer Security).

3. DATA WE COLLECT

3.1 Account data

Name, email address, and workspace membership details for users of the LexFlow platform.

3.2 Case and client data

Information you upload about clients, cases, notes, documents, invoices, and events. This data is processed solely to provide the Service.

3.3 Usage data

Logs and analytics to improve the Service, diagnose issues, and ensure security. We do not sell this data.

4. PURPOSE AND RETENTION

We process personal information only for the purpose of providing and improving the LexFlow Service. Retention periods align with South African legal requirements and our contractual obligations. Upon termination, we provide a data export and retain data for a further 30 days before permanent deletion, unless a longer period is required by law.

5. YOUR RIGHTS UNDER POPIA

You have the right to access, correct, delete, or object to the processing of your personal information. To exercise these rights, contact our Information Officer (see Contact below).

6. SUB-PROCESSORS

We use third-party hosting and infrastructure providers (e.g., Supabase, Vercel) that maintain equivalent security standards. We ensure that sub-processors are bound by appropriate data protection agreements.

7. CONTACT

For privacy-related enquiries or to exercise your POPIA rights, contact our Information Officer at privacy@lexflow.co.za.