Privacy Policy
VORYNTH AI ("Vorynth", "we", "us") is the data controller for personal data we process when you use the VORYNTH Enterprise Legal Intelligence Platform (the "Service"). This Privacy Policy explains what we collect, why we collect it, and the choices you have. It is written to align with the Nigeria Data Protection Act 2023 (NDPA), the NDPR 2019, and — where applicable — the EU GDPR.
§ 1Information we collect
We collect three categories of data:
- Account data: name, email, role, firm name, hashed password, MFA secret.
- Workspace data: matters, clients, documents, hearings, invoices, tasks, AI prompts & responses — privileged content stored on your firm's behalf.
- Telemetry: IP, device, browser, audit log of every authenticated action.
§ 2How we use it
To provide the Service, secure your firm's data, enforce RBAC, generate AI outputs through approved sub-processors, bill subscriptions, and comply with court orders or statutory obligations.
We do not use your workspace content to train third-party AI models. AI completions are processed by Anthropic via the Emergent LLM gateway and are subject to a zero-retention data processing agreement.
§ 3Legal bases (NDPA / GDPR)
Contract performance (Art. 6(1)(b) GDPR / s.25 NDPA), legitimate interests for security & abuse prevention, consent for marketing communications, and legal obligation for tax & AML records.
§ 4Sub-processors
We engage a small set of vetted sub-processors:
- Amazon Web Services (af-south-1 / eu-west-1) — infrastructure & storage
- MongoDB Atlas — primary database
- Anthropic (via Emergent LLM gateway) — AI inference for CounselAI
- Paystack — payment processing
- Postmark / Resend — transactional email
An up-to-date list is available on request at privacy@vorynth.ai.
§ 5Data residency & transfers
By default, data is hosted in Cape Town (af-south-1). Enterprise customers may elect EU residency. Cross-border transfers to AI sub-processors are protected by Standard Contractual Clauses and data minimisation.
§ 6Retention
Workspace data is retained for the lifetime of your subscription plus 90 days. Audit logs are retained for 7 years for regulatory compliance. You may export or delete data at any time via Settings → Data.
§ 7Your rights
Under the NDPA you may access, rectify, port, restrict, or erase your personal data, and withdraw consent. Email privacy@vorynth.ai — we respond within 30 days.
§ 8Security
AES-256 encryption at rest, TLS 1.3 in transit, MFA, RBAC, immutable audit logs, continuous backups, vulnerability disclosure programme. A summary of our SOC 2-aligned controls is available under NDA.
§ 9Children
The Service is not intended for individuals under 18. We do not knowingly collect data from minors.
§ 10Contact & complaints
Data Protection Officer: dpo@vorynth.ai. You may also lodge a complaint with the Nigeria Data Protection Commission (NDPC) at ndpc.gov.ng.