Legal
1.1 About Squire™
Squire™ ("we," "us," "our," or "Squire™") is a legal technology company committed to the highest
standards of privacy and data protection. This Privacy Policy explains how we collect, use, store,
protect, and process personal information - including information collected through cookies
and similar technologies - in connection with our legal AI platform, website at
www.squire.law, and related services (collectively, the "Services").
1.2 Legal Framework
This Privacy Policy is designed to comply with the Protection of Personal Information Act 4 of
2013 ("POPIA") of the Republic of South Africa, the Draft Data Protection Bill, 2023 of the
Republic of Namibia to the extent applicable, the Consumer Protection Act 68 of 2008 of South
Africa, applicable data protection laws of other jurisdictions as specified in Section 14, and
industry best practices for legal technology and AI service providers.
1.3 Scope of Application
This Privacy Policy applies to all personal information processed through our Services; all users,
clients, and visitors to our platform ("Data Subjects"); all processing activities conducted by us
or on our behalf; all cookies and similar tracking technologies used in connection with our
Services; and all jurisdictions in which we operate or where our Services are accessed.
1.4 Our Core Commitments
be used to train, develop, or improve any artificial intelligence models, machine learning
algorithms, or similar technologies.
to any third parties for their own purposes, marketing, or commercial gain.
profiles, track you across different websites, or serve targeted advertising.
same standards and are prohibited from using data for any purpose other than providing services
to us.
2.1 Key Definitions
For the purposes of this Privacy Policy:
and where applicable, an identifiable, existing juristic person. This includes information relating
to race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual
orientation, age, physical or mental health, well-being, disability, religion, conscience, belief,
culture, language, and birth; information relating to education, medical, financial, criminal, or
employment history; any identifying number, symbol, email address, physical address, telephone
number, location information, online identifier, or other particular assignment; biometric
information; personal opinions, views, or preferences; correspondence of a private or
confidential nature; and the name of the person if it appears with other personal information.
collection, receipt, recording, organisation, collation, storage, updating, modification, retrieval,
consultation, use, dissemination, merging, linking, blocking, degradation, erasure, or destruction.
personal information, being Squire™.
Responsible Party.
religious or philosophical beliefs, race or ethnic origin, trade union membership, political
persuasion, health or sex life, biometric information, or criminal behaviour.
18 years.
platform, as further described in Section 12 of this Policy.
3.1 Information Officer
In compliance with section 55 of POPIA, Squire™ has designated an Information Officer
responsible for ensuring compliance with this Privacy Policy and applicable data protection laws.
Information Officer:
3.2 Deputy Information Officer
Data Subjects may also contact the Information Regulator of South Africa directly:
4.1 Information You Provide Directly
We collect personal information that you voluntarily provide when registering for or using
our Services.
role within the organisation.
you submit to our AI systems, communications with our support team, feedback and survey
responses, and your user preferences and settings.
PCI-DSS compliant payment processors), VAT or tax registration numbers, and purchase history.
4.2 Information Collected Automatically
browser type and version, operating system, device identifiers, access timestamps, pages visited
and features used, and session duration and interaction patterns.
logs and audit trails, and geographic location at country or region level only.
described in Section 12 of this Policy. This includes session identifiers, preference settings, and
anonymized usage statistics.
4.3 Information from Third Parties
We may receive personal information from your employer or organisation (with appropriate
authorisation), professional regulatory bodies (for verification purposes), and publicly available
sources (for due diligence and compliance).
4.4 Categories We Do NOT Collect
We expressly do not collect Special Personal Information unless strictly necessary and with
explicit consent; Children's Personal Information, as our Services are not intended for users
under 18; or financial account details, as all payment processing is handled by certified
third-party processors.
5.1 Primary Purposes
platform and Services, including authenticating users and enabling core functionality such as
session management and secure access.
authenticate users, and provide customer support.
unauthorised access, prevent fraud, and ensure the integrity of our Services.
processes.
experience using anonymized, aggregated data only.
where consented, marketing communications.
5.2 Specific Processing Activities
personal information is retained in AI model training. All processing occurs within our secure,
sovereign infrastructure. Session data is automatically deleted after 30 days unless you elect to
save specific outputs.
Individual user data is never used for analytics without explicit consent. Analytics cookies
collect only non-identifiable information, as further described in Section 12.
5.3 Consent Requirements
Where we rely on consent as a legal basis, consent must be freely given, specific, and informed.
You may withdraw consent at any time without affecting the lawfulness of prior processing.
Withdrawal of consent may limit certain Service features.
6.1 Rights Under POPIA
information is being collected, including the nature of the information, the name and address of
the Responsible Party, the purpose of collection, whether provision is voluntary or mandatory,
the consequences of failure to provide information, any authorised recipients, whether we intend
to transfer information cross-border, and your rights regarding your personal information.
personal information about you and to request access to such information.
irrelevant, excessive, out-of-date, incomplete, misleading, or unlawfully obtained personal
information.
personal information that is no longer necessary for the purpose for which it was collected, for
which you have withdrawn consent, that has been unlawfully processed, or that must be deleted
to comply with a legal obligation.
your personal information at any time on reasonable grounds relating to your particular situation.
the processing of your personal information for direct marketing purposes, to not have your
personal information processed for direct marketing by unsolicited electronic communications,
and to register a pre-emptive block with the Direct Marketing Association of South Africa.
to be subject to a decision based solely on automated processing, including profiling, which
produces legal consequences concerning you or similarly significantly affects you.
Regulator regarding alleged interference with the protection of your personal information.
interference with the protection of your personal information.
6.2 Exercising Your Rights
To exercise any of your rights, please contact us by email at contact@squire.law.
We will respond to all requests within 30 days of receipt as required by POPIA. We may require
proof of identity before processing your request to ensure security. We will not charge for a first
request, but may charge a reasonable fee for repeated or manifestly unfounded requests.
7.1 Retention Periods
We retain personal information only for as long as necessary to fulfill the purposes for which it
was collected. The following periods apply:
performance and legal obligations.
provision and user convenience.
compliance and proof of consent.
for statistical analysis purposes.
7.2 Deletion Procedures
Upon expiration of the applicable retention period or upon receipt of a valid deletion request,
personal information is permanently deleted from active systems. Backups are purged in
accordance with our backup retention schedule within a maximum of 90 days. Anonymized,
aggregated statistical data may be retained indefinitely where individual identification is
impossible.
7.3 Exceptions to Deletion
We may retain personal information where required by law or legal obligation; where necessary
for legal proceedings or for establishing or defending legal claims; where required for historical,
statistical, or research purposes in anonymized form; or where consent has been given for
extended retention.
8.1 Technical Safeguards
In compliance with section 19 of POPIA, we implement appropriate, reasonable technical and
organisational measures to prevent loss of, damage to, or unauthorised destruction of personal
information, and to prevent unlawful access to or processing of personal information. Our
technical safeguards include:
protections
8.2 Organisational Safeguards
Our organisational measures include:
8.3 Data Minimisation and Privacy by Design
We adhere to the principle of data minimisation and collect only personal information that is
necessary for specified purposes. Privacy considerations are integrated into system development
from the outset, default settings favour maximum privacy protection, and privacy impact
assessments are conducted for new processing activities.
8.4 Breach Notification
In the event of a personal information breach, we will notify the Information Regulator within 72
hours of becoming aware. We will notify affected Data Subjects without undue delay where the
breach is likely to result in high risk to their rights and freedoms. We will document all breaches,
including the facts, effects, and remedial actions taken.
9.1 Use of Operators
We engage Operators to process personal information on our behalf. All Operators are
contractually bound by written agreements that ensure:
9.2 Current Operator Categories
We currently engage the following categories of Operators:
jurisdictions.
service communications.
improvement.
9.3 Prohibited Activities
Our Operators are expressly prohibited from:
10.1 Data Sovereignty Commitment
We are committed to data sovereignty and to maintaining personal information within the
jurisdictions where our Data Subjects reside, wherever feasible and legally permissible.
10.2 South Africa
For personal information collected from Data Subjects in South Africa, all personal information
is primarily processed and stored within the Republic of South Africa. Cross-border transfers
may occur only where:
POPIA
Responsible Party
Data Subject
Where transfers are necessary, we implement Standard Contractual Clauses approved by the
Information Regulator, adequacy decisions where applicable, Binding Corporate Rules for
intra-group transfers, and additional technical safeguards such as encryption and access controls.
Cookie data transferred outside South Africa is subject to the same safeguards.
10.3 Namibia
As Namibia's Data Protection Bill, 2023 is not yet in force, we apply POPIA-equivalent
standards to all processing of Namibian Data Subjects' personal information. We will update our
practices to comply with the Namibian Data Protection Act once enacted.
10.4 Other Jurisdictions
For Data Subjects in other jurisdictions, we will comply with applicable local data protection
laws, implement appropriate transfer mechanisms including Standard Contractual Clauses and
adequacy decisions, and provide jurisdiction-specific privacy notices where required.
11.1 Special Personal Information
We generally do not process Special Personal Information as defined in section 26 of POPIA,
which includes information concerning religious or philosophical beliefs, race or ethnic origin,
trade union membership, political persuasion, health or sex life, biometric information, or
criminal behaviour. Such information may be processed only where:
11.2 Children's Personal Information
Our Services are not intended for children under the age of 18. We do not knowingly collect
personal information from children. If we become aware that we have collected personal
information from a child, we will take immediate steps to delete such information. If you believe
we have inadvertently collected such information, please contact us immediately at
contact@squire.law.
12.1 What Are Cookies?
Cookies are small text files placed on your device - computer, smartphone, or tablet - when
you visit our website or use our platform. They are widely used to make websites work
efficiently, remember your preferences, and provide website operators with anonymized
information about usage patterns. In addition to cookies, we may use web beacons (small graphic
images that allow us to monitor website usage), local storage (browser-based storage for
preferences), session storage (temporary storage that is deleted when you close your browser),
and pixel tags.
We use first-party cookies set directly by Squire™ and a limited number of third-party cookies set
by service providers engaged by us. We minimise the use of third-party cookies and only engage
processors who comply with our data protection standards.
12.2 Types of Cookies We Use
cannot be disabled. They enable core functionality including security, network management, and
account access; maintain your session state during navigation; enable load balancing for
consistent performance; and remember your privacy consent preferences. Because they are
strictly necessary for the provision of the service you have requested, they do not require your
consent under POPIA.
functionality and personalisation. They remember your language and region preferences, store
your display preferences such as dark mode settings, remember form inputs to save you time,
and store your preferred document templates. They collect preference settings only and do not
collect personally identifiable information or track you across websites. We request your consent
before placing these cookies, and you may opt out while retaining access to the core Services.
collecting information anonymously. They are used to count visits and traffic sources, measure
which pages and features are most popular, identify technical issues and errors, and inform
development priorities. All analytics data is anonymized before storage - IP addresses are
truncated or masked, individual users cannot be identified, and data is used for aggregated
statistical analysis only. We use Google Analytics (with IP anonymization enabled) and internal
usage statistics tools. We request your consent before placing analytics cookies, and you may opt
out without affecting your ability to use the Services.
do not track you across different websites, build advertising profiles, share data with advertising
networks, or use retargeting or remarketing cookies. This aligns with our commitment to privacy
and data protection.
12.3 Cookie Consent and Management
When you first visit our Services, a cookie banner will appear requesting your consent for
non-essential cookies. You may accept all cookies, customise your selection by category, or
reject all non-essential cookies and allow only strictly necessary cookies. You can change your
preferences at any time by clicking the "Cookie Settings" link in our website footer, by adjusting
your browser settings to block or delete cookies, or by contacting us at contact@squire.law.
We respect browser "Do Not Track" signals - when this signal is enabled, we disable analytics
cookies. You may also withdraw consent for non-essential cookies at any time by the same
methods above. Withdrawal of consent does not affect the lawfulness of processing that occurred
before withdrawal.
12.4 Cookie Retention Periods
year.
cookie.
All cookie data retention is subject to our general data retention policy set out in Section 7.
13.1 Consent Requirement
In compliance with section 69 of POPIA, we will not use your personal information for direct
marketing by means of unsolicited electronic communications unless you have provided your
consent, or you are an existing customer and the marketing relates to our similar products or
services.
13.2 Your Rights and Opt-Out
You have the right to:
All marketing communications from Squire™ will clearly identify Squire™ as the sender, provide a
clear and easy opt-out mechanism, and be sent only during reasonable hours between 08:00 and
20:00 local time.
14.1 South Africa
This Privacy Policy is drafted in compliance with POPIA. All Data Subjects in South Africa
enjoy the full protections set out in this Policy and in POPIA.
14.2 Namibia
Pending enactment of the Data Protection Bill, 2023, we apply POPIA-equivalent standards to
all processing of Namibian Data Subjects' personal information.
14.3 Future Jurisdictions
As we expand to additional jurisdictions, we will:
15.1 Policy Updates
We may update this Privacy Policy from time to time to reflect:
15.2 Notification of Changes
Material changes to this Privacy Policy will be notified by:
Changes will take effect 30 days after notification unless immediate compliance with legal
requirements is necessary.
15.3 Continued Use
Continued use of our Services after changes take effect constitutes acceptance of the updated
Privacy Policy.
16.1 Internal Complaint Process
If you believe we have not complied with this Privacy Policy or applicable data protection laws,
please follow the steps below:
1. Contact our Information Officer at contact@squire.law.
2. Provide details of your complaint, including relevant dates and supporting documentation.
3. We will acknowledge receipt within 5 business days.
4. We will investigate and respond within 30 days.
5. If you are not satisfied with our response, you may escalate to the Information Regulator.
16.2 External Recourse
You have the right to lodge a complaint with the Information Regulator of South Africa at:
16.3 Alternative Dispute Resolution
We are committed to resolving disputes amicably. Where appropriate, we may offer mediation or
other alternative dispute resolution mechanisms.
For any questions, concerns, or requests regarding this Privacy Policy, our cookie practices, or
our data protection practices generally:
Privacy and Data Protection:
Information Officer:
General Inquiries:
Updating...
Please wait while we reconnect