Privacy Policy

Last Updated: February 25, 2026

1. Introduction

This Privacy Policy ("Policy") applies to ZAMU (hklaw.co.ke), a law firm management and client engagement platform. We are committed to protecting your personal data and respecting your privacy. This Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

ZAMU operates as a confidential legal case management system. As a law firm service platform, we understand that protecting your sensitive information is paramount.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Registration: Name, email address, phone number, password, and professional credentials
  • Client Profiles: Personal and business information related to legal matters (client details, case information)
  • Legal Matter Details: Case descriptions, documents, communications, fees, retainer agreements
  • Payment Information: Invoice details, payment methods, M-Pesa account information (processed securely)
  • Communications: Emails, SMS messages, call logs, and correspondence within the platform
  • Document Uploads: Files, evidence, contracts, agreements, and other legal documents
  • Intake Forms & Questionnaires: Client responses to legal intake forms and assessments
  • Calendar & Scheduling: Appointments, deadlines, court dates, and event information

2.2 Information Collected Automatically

  • Access Logs: IP address, browser type, operating system, pages visited, timestamps
  • Device Information: Device type, unique identifiers, mobile network information
  • Usage Analytics: Interaction patterns, feature usage, time spent in the platform
  • Cookies & Tracking Technologies: Session cookies, persistent cookies for authentication and preferences
  • AI Processing Data: Interaction data with AI-assisted features (DerekAI, BryanAI, HarryAI) for service improvement

3. How We Use Your Information

We use the information collected for the following purposes:

  • Service Delivery: To provide, maintain, and improve the ZAMU platform
  • Client Communication: To send intake questionnaires, case updates, fee agreements, and notifications
  • Legal Case Management: To organize, track, and manage legal matters and associated documents
  • Financial Management: To generate invoices, process payments, and maintain financial records
  • AI-Assisted Services: To power intelligent features (legal analysis, accounting assistance, client intake)
  • Compliance & Auditing: To comply with legal obligations, regulatory requirements, and professional standards
  • Security & Fraud Prevention: To detect, prevent, and address fraud and security incidents
  • Account Management: To manage user accounts, authenticate users, and reset passwords
  • Analytics & Improvement: To understand usage patterns and enhance platform functionality
  • Legal & Contractual Obligations: To fulfill contracts with law firms and manage professional liability

4. Data Sharing & Disclosure

4.1 We DO NOT Share Your Data With

  • Third-party marketers or advertisers
  • Unaffiliated service providers (except those essential to platform operations)
  • Other clients or unauthorized users
  • Government agencies (except when legally compelled)

4.2 We MAY Share Your Data With

  • Law Firm Staff: Partners, associates, paralegals, and administrative staff with proper access controls
  • Essential Service Providers: Cloud hosting (XAMPP/Apache), email delivery, payment processors (M-Pesa)
  • AI Service Providers: OpenAI (for AI-assisted features) with anonymization where possible
  • Legal & Regulatory: When required by court order, subpoena, or applicable law
  • Professional Insurance: Claims information may be shared with law firm's professional liability insurer
  • Successors in Business: In the event of merger, acquisition, or business transition

5. Data Security

We implement comprehensive security measures to protect your personal data:

  • Encryption: Data in transit uses HTTPS/SSL; sensitive data at rest is encrypted
  • Access Control: Role-based permissions (super_admin, accountant, office_admin, lawyer, staff)
  • Authentication: Secure password hashing, session management, and timeout controls
  • Regular Audits: System logs, access monitoring, and activity tracking
  • Firewall & Network Security: Apache/XAMPP hosted environment with standard protections
  • Database Security: MySQL with restricted access and regular backups
  • Staff Training: Regular training on data handling and confidentiality obligations

NOTE: While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security of all data.

6. Data Retention

  • Active Matters: Retained for the duration of legal representation plus applicable retention periods
  • Closed Matters: Retained per legal and professional standards (typically 5-7 years post-conclusion)
  • Financial Records: Retained per accounting and tax requirements (typically 7 years)
  • Communication Logs: Retained for matter duration and post-closure period
  • Access Logs: Retained for 1-2 years for security and audit purposes
  • User Accounts: Retained as long as user maintains an account; deleted upon account termination
  • Cookies: Session cookies expire at logout; persistent cookies may be retained for user preferences

7. Your Rights & Choices

7.1 Access & Portability

You have the right to request access to your personal data and obtain a copy in a portable format.

7.2 Correction & Updates

You may update your account information through the platform or by contacting us.

7.3 Deletion Rights

You may request deletion of your personal data, subject to legal and professional obligations to retain information related to closed matters.

7.4 Opt-Out

  • Email Communications: Unsubscribe links in every email
  • SMS Notifications: Reply STOP to SMS messages
  • Analytics: Disable cookies in your browser (may affect platform functionality)

7.5 Exercising Your Rights

To exercise these rights, contact us at contact@hklaw.co.ke with your request. We will respond within 30 days.

ZAMU may contain links to third-party websites (payment processors, external legal resources, etc.). This Privacy Policy does not apply to third-party services. We encourage you to review their privacy policies independently.

9. Children's Privacy

ZAMU is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data promptly.

10. International Data Transfers

ZAMU is hosted in Kenya. If you are located outside Kenya, your data may be transferred internationally. By using ZAMU, you consent to cross-border data transfers subject to applicable laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or prominent notice on the platform. Your continued use of ZAMU constitutes acceptance of the updated policy.

12. Contact Us

For questions, requests, or concerns regarding this Privacy Policy or our privacy practices:

HK Law Advocates

Email: contact@hklaw.co.ke
Website: hklaw.co.ke
Platform: ZAMU Case Management System

DISCLAIMER: This Privacy Policy is provided as a general framework. Law firms should consult with legal and compliance professionals to ensure adherence to applicable data protection laws (Kenya Data Protection Act, GDPR, etc.), professional conduct rules, and industry-specific regulations.