Data Processing Summary
This summary describes how EasyLaw processes data on behalf of your firm. It supplements our Privacy Policy with specific details about data flows and sub-processors.
1. Data Controller and Processor
Data Controller: Your law firm. You determine what data is entered into EasyLaw and how it is used in your practice.
Data Processor: Solution Forty Two (Pvt) Ltd, operating EasyLaw. We process your data solely to provide the Service as described in our Terms.
1A. Edge Anonymization
All personal data encountered during public legal record ingestion is anonymized at the edge before being indexed into the research database. Our automated pipeline applies pattern-based redaction to the following categories:
- National ID numbers and passport numbers
- Physical and email addresses of private individuals
- Phone numbers and mobile numbers
- Bank account numbers and financial identifiers
- Medical record numbers and health identifiers
Names of judges, legal practitioners, and parties to published court proceedings are retained where they appear in the public judicial record. This anonymization process is applied before any data enters the searchable index and is not reversible.
2. Categories of Data Processed
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email, role, firm name | Authentication, authorisation, billing |
| Practice data | Matters, client records, case notes | Case management features |
| Documents | Uploaded files, generated drafts | Document management, AI drafting |
| Billing data | Time entries, invoices, expenses | Billing and invoicing features |
| Research queries | Search terms, selected jurisdictions | Legal research features |
| Usage metadata | Feature usage, session info, IP | Platform improvement, security |
3. Sub-Processors
| Provider | Purpose | Data Shared |
|---|---|---|
| Hosting provider | Infrastructure and compute | All platform data (encrypted) |
| Paystack | Payment processing | Payment tokens, billing amounts |
| SMTP provider | Transactional email delivery | Email addresses, email content |
| AI model providers | AI-assisted drafting and analysis | Prompts derived from user input. We minimise data shared and use providers under contractual safeguards. |
4. Data Transfers
Where data is transferred outside Zimbabwe for processing (e.g., cloud infrastructure, AI APIs), we ensure appropriate safeguards are in place, including encryption in transit and contractual data protection obligations with each sub-processor.
Public legal records ingested into the research index undergo edge anonymization (see §1A above) before any cross-border transfer or storage. No personally identifiable information from public records is transmitted to third-party AI model providers.
5. Your Rights
- Access: Request a copy of the personal data we process on your behalf.
- Rectification: Correct inaccurate data through your account or by contacting us.
- Deletion: Request deletion of your account and associated data.
- Export: Export your data in standard formats at any time from within the platform.
- Objection: Object to specific types of processing by contacting us.
6. Contact
For data processing inquiries: privacy@easylaw.co.zw