Privacy Policy
Last updated: 31 March 2026
1. Introduction
The Law Secretary ("we", "us", or "our") is committed to protecting the personal data of all users of our legal practice management platform available at https://lawsecretary-j5frybpp.manus.space (the "Platform"). This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the Nigeria Data Protection Regulation (NDPR) 2019, the Nigeria Data Protection Act 2023, and other applicable Nigerian laws.
By accessing or using the Platform, you consent to the collection and use of your information as described in this Policy. If you do not agree, please discontinue use of the Platform.
2. Data Controller Information
Company: The Law Secretary
Email: [email protected]
Website: https://lawsecretary-j5frybpp.manus.space
Jurisdiction: Federal Republic of Nigeria
3. Information We Collect
We collect the following categories of personal data:
Account & Identity Data
Full name, email address, phone number, Nigerian Bar Association (NBA) number, specialisation, and profile photo.
Client & Case Data
Information about your clients, cases, hearings, invoices, documents, and legal research that you enter into the Platform. This data belongs to you and your firm.
Usage & Technical Data
IP address, browser type, device identifiers, pages visited, and session duration collected automatically via server logs and analytics.
Payment Data
Subscription billing information processed via Paystack. We do not store full card numbers; Paystack handles PCI-DSS compliance.
Communications
Emails, support tickets, and feedback you send to us.
4. Legal Basis for Processing
We process your personal data on the following legal bases under the NDPR:
- Contract performance — to provide the services you subscribed to.
- Legitimate interests — to improve the Platform, prevent fraud, and ensure security.
- Consent — for marketing communications, which you may withdraw at any time.
- Legal obligation — to comply with applicable Nigerian laws and court orders.
5. How We Use Your Information
- To create and manage your account and firm workspace.
- To provide, operate, and improve the Platform features.
- To process subscription payments and issue receipts.
- To send transactional emails (hearing reminders, invoice notifications, security alerts).
- To provide customer support and respond to enquiries.
- To send product updates and marketing emails (with your consent; unsubscribe anytime).
- To detect and prevent fraud, abuse, and security threats.
- To comply with legal obligations under Nigerian law.
6. Data Sharing and Third Parties
We do not sell your personal data. We share data only with:
| Third Party | Purpose | Location |
|---|---|---|
| Paystack | Payment processing | Nigeria |
| Resend | Transactional email delivery | USA (SCCs apply) |
| Manus AI Platform | Infrastructure & hosting | USA (SCCs apply) |
| NigeriaLII / Laws.Africa | Case law search (public data only) | Nigeria / South Africa |
We may also disclose data when required by Nigerian law, court order, or to protect the rights and safety of users.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide services. Upon account deletion, we delete or anonymise your personal data within 90 days, except where retention is required by Nigerian law (e.g. financial records under CAMA 2020 — 7 years). Client and case data you entered remains your property and is exported to you on request before deletion.
8. Your Rights Under the NDPR
As a data subject under Nigerian law, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectification — request correction of inaccurate or incomplete data.
- Erasure — request deletion of your personal data ("right to be forgotten").
- Restriction — request that we limit how we process your data.
- Portability — receive your data in a machine-readable format.
- Objection — object to processing based on legitimate interests or for direct marketing.
- Withdraw consent — at any time, without affecting prior lawful processing.
To exercise any right, email [email protected]. We will respond within 30 days as required by the NDPR.
9. Security
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, JWT-based session authentication, two-factor authentication (2FA), and regular security audits. However, no system is completely secure. You are responsible for maintaining the confidentiality of your login credentials.
10. Cookies and Analytics
We use essential cookies for session management and authentication. We use privacy-respecting analytics (self-hosted Umami) to understand usage patterns. No third-party advertising cookies are used. You may disable cookies in your browser settings, though this may affect Platform functionality.
11. Children's Privacy
The Platform is intended for legal professionals aged 18 and above. We do not knowingly collect personal data from minors. If you believe a minor has provided us with data, contact us immediately at [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email and an in-app banner at least 14 days before they take effect. Continued use of the Platform after the effective date constitutes acceptance of the updated Policy.
13. Complaints
If you believe your data rights have been violated, you may lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng. We encourage you to contact us first at [email protected] so we can resolve your concern directly.
14. Governing Law
This Privacy Policy is governed by the laws of the Federal Republic of Nigeria. Any disputes shall be subject to the exclusive jurisdiction of the courts of Nigeria.
© 2026 The Law Secretary · All rights reserved