Legal
Privacy Policy
Effective date: 1 July 2026 · Prepared under the Kenya Data Protection Act 2019
1. Data Controller
DataCraft Systems Ltd, incorporated in Kenya, is the data controller for personal data processed through Wakili.pro. Registration number: PVT-XXXXXX. Contact: privacy@wakili.pro.
2. What We Collect
We collect: (a) account data you provide — name, email, LSK number, firm name, password; (b) practice data you upload — matter details, documents, time records, invoices; (c) usage data — pages visited, features used, error logs; (d) device data — IP address, browser type, OS.
3. Legal Basis (DPA 2019 s.30)
We process your data on the basis of: (a) contract performance — to provide the Wakili.pro service; (b) legitimate interests — to improve the platform and prevent fraud; (c) legal obligation — to comply with Kenyan law; (d) consent — for newsletter communications (withdrawable at any time).
4. How We Use Your Data
We use your data to: provide and improve the Wakili.pro service; send transactional emails (login, invoices, alerts); send The Wakili Brief newsletter (if subscribed); detect and prevent fraud and abuse; comply with legal obligations.
5. AI & Your Data
Your client data and matter files are never used to train our AI models. AI processing occurs on your inputs only for the purpose of generating responses to your queries. We do not store AI query-response pairs in a way that associates them with your clients.
6. Data Sharing
We do not sell your data. We share data only with: (a) service providers under data processing agreements (hosting, email, payments); (b) regulators when required by law; (c) successors in a merger or acquisition, with 30 days' prior notice to you.
7. Data Retention
Account data is retained for the duration of your subscription plus 12 months. Matter data and documents are retained for 7 years to comply with the Advocates (Accounts) Rules. You may request deletion of non-mandatory data at any time.
8. Your Rights (DPA 2019)
You have the right to: access your data; correct inaccurate data; delete your data (subject to legal retention requirements); object to processing; data portability (export in CSV/JSON/PDF). Exercise these rights by emailing privacy@wakili.pro. We respond within 21 days.
9. Security
We use TLS 1.3 in transit, AES-256 at rest, access controls, and audit logging. We hold an ODPC compliance certificate (number: ODPC-XXXX). We notify affected users within 72 hours of a confirmed breach.
10. Cookies
We use one session cookie (wakili_session) — strictly necessary, HttpOnly, Secure. No advertising cookies. No third-party tracking pixels.
11. Contact & Complaints
Privacy queries: privacy@wakili.pro. You may also lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at complaints.odpc.go.ke.