Privacy Policy

Effective date: 1 March 2026 Last updated: 1 March 2026 Version: 1.0

This policy applies to visitors of legaldominio.com, users who interact with the Dominesis bot, and anyone who submits a contact or lead form on this website. If you are a subscriber using the LegalDominio platform, your organisation's Privacy Policy (issued under your subscription) governs your end-users' data.

1. Who We Are

When we say "we", "us", or "our" in this policy, we mean LegalDominio as the responsible party for data collected through this website.

For privacy enquiries: contact@legaldominio.com

2. Information We Collect

2.1 Information You Provide

When you interact with our bot or submit a contact form, we may collect:

Email address — to respond to your enquiry and follow up
Name (optional) — to personalise our communication
Phone number (optional) — for appointment scheduling
Enquiry details — information about your needs or questions

2.2 Automatically Collected Information

Conversation history — messages exchanged with the bot
Device fingerprint — a browser-based identifier used to recognise returning visitors and prevent abuse (no personal data is used to create this)
Usage data — date and time of interactions, message count
Technical data — browser type, language preference

We do not collect your IP address, precise geolocation, or use cross-site tracking cookies.

2.3 Information We Do Not Collect

Sensitive personal information (race, health data, religious beliefs, etc.)
Payment or financial information
Government-issued ID numbers

3. How We Use Your Information

Respond to your enquiry via our AI assistant
Follow up by email, phone, or WhatsApp regarding your interest
Schedule consultations or demos
Improve the quality of our AI responses (aggregate, anonymised analysis)
Detect and prevent fraud or abuse
Comply with legal obligations

We will not send marketing emails unless you explicitly opt in. You may unsubscribe at any time.

4. Legal Basis for Processing (POPIA)

Purpose	Legal Basis
Responding to enquiries	Consent (by submitting the form)
Follow-up communication	Legitimate interest
Service delivery	Contractual necessity
Fraud prevention	Legitimate interest
Legal compliance	Legal obligation

5. Who We Share Your Information With

Provider	Purpose	Safeguards
Microsoft Azure	Cloud infrastructure & database hosting	ISO 27001, SOC 2, DPA in place
OpenAI	AI language model processing	Data Processing Agreement, Standard Contractual Clauses
Twilio (if WhatsApp enabled)	WhatsApp messaging	DPA in place, GDPR-compliant

We do not sell, rent, or trade your personal information to third parties.

6. International Data Transfers

Some processing activities involve transfers outside South Africa:

OpenAI (United States) — conversation messages are processed by the AI model. Safeguards: Data Processing Agreement and Standard Contractual Clauses. By using our bot, you consent to this transfer.
Twilio (United States) — if WhatsApp follow-up is used. Safeguards: Data Processing Agreement.

All international transfers are conducted under appropriate safeguards as required by POPIA Section 72.

7. Data Retention

Data Type	Retention Period
Lead contact information	3 years from last interaction
Conversation history	2 years from conversation date
Email correspondence	3 years from last email

Data is securely deleted after its retention period expires. You may request early deletion at any time (see Section 8).

8. Your Rights Under POPIA

Right of Access (Section 23)

You may request confirmation of what personal information we hold about you and receive a copy. Email us at contact@legaldominio.com with subject "Access Request". We will respond within 30 days.

Right to Correction (Section 24)

You may request correction of inaccurate or incomplete information. Response time: 14 days.

Right to Deletion (Section 25)

You may request deletion of your personal information. Exceptions apply where we are required to retain data by law or ongoing contract. Response time: 30 days.

Right to Object

You may object to direct marketing communications at any time by using the unsubscribe link in any email or by contacting us directly.

Right to Data Portability

You may request your personal information in a structured, machine-readable format (JSON, CSV, or PDF).

To exercise any right, email: contact@legaldominio.com

9. Security

We protect your data using:

TLS 1.2+ encryption for all data in transit
AES-256 encryption for data at rest (Azure default encryption)
Role-based access controls and audit logs

In the event of a data breach, we will notify the Information Regulator within 72 hours and affected individuals promptly if there is a high risk to their rights.

10. Cookies and Browser Storage

We use localStorage (browser storage, not cookies) to remember your language preference and provide conversation continuity for returning visitors. This does not track you across other websites.

We do not use advertising cookies, Google Analytics, or social media tracking pixels.

11. Children's Privacy

Our services are not directed at individuals under 18. If we become aware that we have collected data from a minor without parental consent, we will delete it immediately.

12. Changes to This Policy

We may update this policy to reflect changes in our practices or applicable law. We will update the "Last Updated" date and display a notice on our website for material changes.

13. Contact & Complaints

Privacy enquiries: contact@legaldominio.com

If you are not satisfied with our response, you may contact the Information Regulator:

Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: inforeg@justice.gov.za
Phone: +27 (0)10 023 5200
inforegulator.org.za