Privacy Policy

1. Overview

Juahaki AI (“Service”), operated by McDorcis Solutions (“Company,” “we,” “us”), is committed to protecting the privacy and security of your personal data. This Privacy Policy describes our practices regarding the collection, use, storage, and disclosure of your information when you use our WhatsApp-based legal information platform, web portal, and related services.

2. Data Controller

The data controller responsible for your personal data is:

3. Data We Collect

3.1 Information You Provide

• Account Information: Phone number, email address, name, organization name (for organization accounts).
• Conversation Data: Messages you send to our WhatsApp service, including legal questions and follow-up messages.
• Document Data: Information you provide to generate legal documents (names, addresses, dates, terms).
• Payment Information: M-Pesa phone number and transaction details. We do not store M-Pesa PINs or passwords.

3.2 Information Collected Automatically

• Usage Data: Query categories, response times, feature usage patterns, session duration.
• Device Information: WhatsApp client version, device type (for technical compatibility).
• Log Data: Timestamps, IP addresses (for web portal), error logs.

3.3 Information From Third Parties

• WhatsApp/Meta: Your WhatsApp profile name and phone number when you message us.
• M-Pesa/Safaricom: Payment confirmation details, transaction receipts.

4. How We Use Your Data

5. Legal Basis for Processing

Under the Kenya Data Protection Act, 2019, we process your personal data on the following legal bases:

• Consent: You provide explicit consent when you first message our WhatsApp service and accept the Data Processing Agreement (DPA) during onboarding.
• Contract Performance: Processing necessary to deliver the services you have requested and paid for.
• Legitimate Interest: Improving service quality, preventing fraud, and ensuring platform security.
• Legal Obligation: Compliance with Kenyan tax, anti-money laundering, and regulatory requirements.

6. Data Sharing

We do not sell your personal data. We may share data with:

• Advocates: When you request escalation, relevant case details are shared with the assigned advocate to facilitate consultation.
• Payment Processors: M-Pesa/Safaricom for payment processing.
• AI Service Providers: Anonymized or pseudonymized query data may be processed by our AI providers (Anthropic) for response generation. No personally identifiable information is included in AI prompts.
• Cloud Infrastructure: Data is stored on secure cloud servers operated by trusted providers.
• Legal Authorities: When required by court order, subpoena, or applicable law.

7. Data Storage & Security

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Access Controls: Role-based access control ensures only authorized personnel can access personal data.
• Audit Logging: All access to personal data is logged for accountability.
• Regular Security Reviews: We conduct periodic security assessments and vulnerability testing.

8. Data Retention

• Conversation data: Retained for 12 months from last activity, then anonymized or deleted.
• Account information: Retained for the duration of your account and 6 months after deletion.
• Payment records: Retained for 7 years as required by Kenya Revenue Authority tax regulations.
• Generated documents: Available for download for the period specified at generation, then deleted from our servers.
• Anonymized analytics: May be retained indefinitely for service improvement.

9. Your Rights

Under the Kenya Data Protection Act, 2019, you have the right to:

To exercise any of these rights, contact us at help@juahaki.ai or send “DELETE MY DATA” via WhatsApp. We will respond within 30 days as required by the DPA.

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) if you believe your data rights have been violated.

10. Cookies & Tracking

Our web portal uses cookies for:

• Essential cookies: Required for authentication, session management, and security.
• Analytics cookies: Help us understand how users interact with our platform (can be declined).

You can manage cookie preferences through the cookie consent banner displayed on your first visit. WhatsApp-based interactions do not use cookies.

11. Children's Privacy

Our Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.

12. International Data Transfers

Your data may be processed on servers located outside Kenya for cloud hosting and AI processing purposes. In such cases, we ensure adequate data protection through:

• Selecting providers that comply with equivalent data protection standards.
• Implementing appropriate contractual safeguards.
• Minimizing the personal data transferred (anonymization and pseudonymization where possible).

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via WhatsApp notification, email, or a prominent notice on our platform. The “Last updated” date at the top reflects the most recent revision.

14. Contact Us

For privacy-related inquiries, data requests, or complaints:

You may also contact the Office of the Data Protection Commissioner: