We built Akili Suite on a belief that intelligence platforms should be transparent about how they handle the information entrusted to them. This policy explains everything - plainly, precisely, and completely.
Akili Suite is an intelligence-first legal practice management platform developed and operated by Akili Suite Ltd, a company incorporated in Kenya ("we", "us", or "our").
For the purposes of the Kenya Data Protection Act, No. 24 of 2019 (KDPA) and the EU General Data Protection Regulation (GDPR), Akili Suite Ltd is the Data Controller in respect of personal data collected through this website and the Akili Suite platform.
We collect the minimum personal data necessary to provide the Akili Suite platform. The categories of data we process are:
| Category | Examples | Source |
|---|---|---|
| Identity Data | Full name, job title, role within a law firm | Provided by you at registration or by your firm administrator |
| Contact Data | Email address, phone number | Provided by you or your firm |
| Account & Authentication Data | Hashed magic-link tokens, session identifiers, login timestamps | Generated automatically by our system |
| Professional Data | Matters, case notes, milestones, documents you upload, messages sent through the platform | Provided by you or your firm in the course of using the platform |
| Financial Data | Invoice amounts, payment status, billing reference numbers | Entered by firm administrators; payment card details are processed exclusively by Paystack and are never stored by us |
| Technical & Usage Data | IP address, browser type, pages visited, feature usage, error logs | Collected automatically via Cloudflare Analytics |
| Communications Data | Messages sent between advocates and clients within the platform (CCCC module) | Generated by users during platform use |
We collect personal data for the following specific purposes:
Under the KDPA (Section 30) and the GDPR (Article 6), we must have a lawful basis for processing personal data. We rely on the following legal grounds:
| Processing Activity | Legal Basis |
|---|---|
| Providing the platform services and core features | Performance of contract (KDPA s.30(b), GDPR Art.6(1)(b)) |
| Sending magic link authentication emails | Performance of contract |
| Marketing emails, product updates, newsletters | Consent (KDPA s.30(a), GDPR Art.6(1)(a)) - you may withdraw at any time |
| Processing billing and subscription data | Performance of contract |
| Maintaining audit logs and activity records | Legal obligation (KDPA s.30(c), GDPR Art.6(1)(c)) |
| Security monitoring and fraud prevention | Legitimate interests (KDPA s.30(f), GDPR Art.6(1)(f)) |
| Aggregated, anonymised analytics for product improvement | Legitimate interests |
Akili Suite is a multi-tenant platform. This means your data is logically isolated within your firm's tenant workspace. Advocates at Firm A cannot access the data of Firm B under any circumstances. Tenant isolation is enforced at the database level on every query.
Your personal data is accessed by our systems in the following ways:
We do not sell or share your personal data with third parties for their own commercial purposes. We share data only with trusted sub-processors who help us deliver the platform, each bound by data processing agreements that are at least as protective as this policy.
| Sub-Processor | Purpose | Location |
|---|---|---|
| Cloudflare | Infrastructure, CDN, D1 database, R2 storage, KV, Workers runtime, DDoS protection | USA (EU/global edge) |
| Resend | Transactional email delivery (magic links, notifications) | USA |
| Paystack | Payment processing and subscription billing | Nigeria / USA |
| Anthropic (Claude API) | AI-powered document search (DIC module) - document excerpts only, never full files | USA |
Our platform is built on Cloudflare's global edge infrastructure. This means that while your data is stored in Cloudflare's D1 database and R2 object storage, certain requests may be processed at edge nodes in jurisdictions outside Kenya and the EEA.
We ensure all international transfers are protected by one or more of the following safeguards:
We retain personal data only as long as necessary for the purposes described in this policy or as required by law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Account & profile data | Duration of subscription + 90 days after termination | Contract performance; export window for data portability |
| Matter & document data | Duration of subscription + 90 days after termination | Contract performance |
| Financial & billing records | 7 years from transaction date | Kenya Revenue Authority requirements; Companies Act obligations |
| Audit logs | 3 years | Legal obligation; fraud prevention |
| Magic link tokens | 15 minutes (then invalidated) | Security |
| Session tokens | Until logout or 30 days of inactivity | Authentication |
| Anonymised analytics | Indefinitely | Product improvement - not personal data |
On subscription termination, we will delete or anonymise all personal data within 90 days, unless we are legally required to retain it for longer. You may request earlier deletion under Section 09 below.
You have the following rights under the KDPA and GDPR. You may exercise any of these rights by contacting us at operations@akilisuite.com. We will respond within 30 days.
We implement technical and organisational measures appropriate to the risk of the processing, including:
Akili Suite uses a minimal set of browser storage mechanisms necessary for the platform to function. We do not use advertising cookies or third-party tracking.
| Name | Type | Purpose | Expiry |
|---|---|---|---|
| hb_access_token | localStorage | Stores your session JWT for authenticated API requests | Cleared on logout or 30 days of inactivity |
| hb_user | localStorage | Caches basic user profile to avoid repeated API calls | Cleared on logout |
| Cloudflare _cf_* cookies | Cookie | Essential security and DDoS protection - set by Cloudflare, not by Akili Suite | Session / 1 year |
We do not use Google Analytics, Meta Pixel, or any other third-party tracking script. Aggregated platform usage analytics are collected via Cloudflare Analytics, which does not process personal data.
Akili Suite is a professional legal practice management platform intended exclusively for use by law firms, legal practitioners, and their adult clients. We do not knowingly collect personal data from individuals under the age of 18.
If you believe a minor's personal data has been submitted to the platform, please contact us immediately at operations@akilisuite.com and we will delete that data promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
Your continued use of the platform after the effective date constitutes acceptance of the updated policy. If you do not agree, you may close your account and request data deletion at any time.
For any privacy-related enquiry, request to exercise your rights, or complaint about how we handle your data, please contact our Data Protection team:
Right to complain to a supervisory authority. If you are not satisfied with our response, or believe we are processing your data unlawfully, you have the right to lodge a complaint with a data protection supervisory authority.