Privacy Policy
Last updated: 12/6/2025
Legi-Check (PTY) LTD ("Legi-Check (PTY) LTD", "we", "us", or "our") is committed to protecting the privacy and data rights of our users. This Privacy Policy outlines how we collect, use, disclose, and protect personal data in accordance with applicable data protection laws in.
- The United States of America (state-level privacy laws),
- The United Kingdom (UK GDPR and the Data Protection Act 2018),
- South Africa (Protection of Personal Information Act, 2013 (POPIA)).
1. Scope of This Policy
This policy applies to personal data we collect from users and organizational representatives who interact with our platform, including:
- www.legicheck.co.za and associated subdomains
- Web and mobile applications
- Email communications and support interactions
This policy does not apply to third-party services or websites we may link to.
2. Legal Frameworks and Compliance
A. South Africa
We comply with:
- Protection of Personal Information Act (POPIA), 2013
- Electronic Communications and Transactions Act (ECTA)
- Consumer Protection Act (CPA)
3. What Personal Data We Collect
We collect the following types of personal and organizational data:
| Data Type | Description |
|---|---|
| Identity Data | Full name, title, organization name, job title |
| Contact Data | Email address, phone number, business address |
| Account Data | Username, password (hashed), authentication tokens |
| Document Data | Uploaded compliance or HR documents and metadata |
| Usage Data | IP address, browser type, device ID, activity logs |
| Billing Data | Payment method, billing history (via third-party processor) |
4. How We Use Your Data
We use your data for the following purposes, with legal bases as indicated per jurisdiction:
| Purpose | Legal Basis (UK GDPR & POPIA) | US State Equivalent |
|---|---|---|
| Provide platform services | Contractual necessity | Business purpose |
| Improve user experience | Legitimate interest | Business purpose |
| Process payments | Contractual necessity | Business purpose |
| Respond to inquiries | Consent | Consumer request |
| Comply with legal obligations | Legal obligation | Legal requirement |
| Send legal notices | Legal obligation | Legal obligation |
| Prevent fraud or abuse | Legitimate interest / Legal obligation | Security exception |
We do not use personal data for profiling or AI training.
5. Cookies and Tracking
We use essential, performance, and analytics cookies. Consent for non-essential cookies is collected via cookie banners (UK and SA) or browser settings (USA).
Cookie Control
You can manage cookies through your browser.
6. Disclosure of Data
We do not sell personal data. Data may be disclosed to:
- Cloud storage and infrastructure providers (AWS, Microsoft Azure)
- Payment processors (e.g., Stripe or Paddle)
- Legal authorities when required under law
- IT or legal service providers bound by confidentiality
All third-party vendors are required to comply with data processing agreements and are subject to strict confidentiality.
7. International Data Transfers
Where applicable, we implement appropriate safeguards:
- UK & EU to US: Standard Contractual Clauses (SCCs)
- UK to SA: Adequacy mechanisms and processor agreements
- SA to UK/EU/US: POPIA section 72-compliant contracts
All transfers are encrypted in transit and protected with zero-trust access control.
8. Data Retention
We retain personal data only as long as necessary for the purposes stated:
- User account data: Until account closure + 30 days
- Uploaded documents: Deleted after 30 days of account cancellation or immediately upon request (unless required by law)
- Billing records: Retained for 7 years (as per financial regulations)
9. Your Rights
A. United States (Depending on State Law)
You may have the right to:
- Access your data
- Delete your data
- Correct inaccuracies
- Opt out of data sales or targeted advertising
Requests can be made via: [email protected]
B. United Kingdom (UK GDPR)
You may have the right to:
- Access your personal data
- Request correction or deletion
- Restrict or object to processing
- Request data portability
- Lodge a complaint with the ICO (www.ico.org.uk)
C. South Africa (POPIA)
You may have the right to:
- Request access to your personal information
- Request correction or deletion
- Object to processing
- Lodge complaints with the Information Regulator (www.inforegulator.org.za)
All rights requests are processed within 30 days. Verification of identity may be required.
10. Data Security Measures
- AES-256 encryption at rest and TLS 1.3 encryption in transit
- Role-based access controls (RBAC)
- Continuous vulnerability scanning and intrusion detection
- Annual penetration testing
- ISO 27001-compliant security practices by third-party providers
11. Children's Privacy
Our services are not intended for children under 18 years of age. We do not knowingly collect personal data from minors.
12. Automated Decision-Making
We do not perform any automated decision-making or profiling that produces legal or similarly significant effects.
13. Changes to This Policy
We may amend this Privacy Policy to remain compliant with law or to reflect operational changes. Users will be notified at least 30 days in advance of material changes.
14. Contact Information
For data protection inquiries, rights requests, or complaints:
- USA:
LEGI-CHECK (PTY) LTD
Email: [email protected] - UK:
LEGI-CHECK (PTY) LTD
Email: [email protected]
Supervisory Authority: Information Commissioner's Office (ICO) - South Africa:
LEGI-CHECK (PTY) LTD
Email: [email protected]
Supervisory Authority: Information Regulator SA