Privacy Policy
Last updated: July 10, 2026
1. Introduction
isabilaw.com ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, create an account, sign in, and use our services.
Depending on how isabilaw is configured, some features may be available without an account, while others require you to register and sign in. When sign-in is required, we process the account and security information described in this policy to manage access to the Service.
2. Information We Collect
We may collect information about you in the following ways:
2.1 Account and profile information
When you register or sign in, we collect information needed to create and manage your account, including:
- Email address (required for email/password accounts)
- Full name (required when registering with email and password)
- Authentication method (email/password, Google sign-in, or Microsoft sign-in)
- Account status, such as whether your email has been verified, when your account was created, and when you last signed in
If you sign in with Google or Microsoft, we receive basic profile information from the provider you choose, such as your email address, display name, and an account identifier from that provider. We do not receive or store your Google or Microsoft password.
If you register with email and password, your password is stored only in hashed form. We cannot read your plain-text password after registration.
2.2 Questions, conversations, and chat history
- Questions you ask: When you submit questions about Nigerian laws, we collect the text of your questions and the responses generated for you.
- Conversation history: If you are signed in, we may associate your questions and answers with your account so you can view past conversations, resume sessions, search history, and use related account features. We may store a title for each conversation (including titles you set when renaming), pin status, archive status, and timestamps such as when a conversation was created or last updated.
- History controls: If you rename, pin, archive, or delete a conversation from your history menu, we process that action to update or remove the corresponding history record associated with your account. Deleting a conversation from history removes it from your account view; related chat logs may be retained for a period consistent with our retention practices and infrastructure configuration.
- Shared content: Only signed-in users can create share links for individual responses or whole conversations. If you choose to share content, we store the information needed to make that shared link work. Shared links may be accessible to anyone who has the link.
- Feedback: If you rate an answer as helpful or not helpful, we store that rating together with identifiers for the relevant chat turn and session so we can improve the Service.
- Localized summaries: If you generate or receive a summary in Hausa, Yoruba, Igbo, or Nigerian Pidgin, we store the summary text, the language selected, and when it was generated, together with the related answer in your conversation history.
- Interaction metadata: We may record whether a turn involved a typed question, a document review, a document draft, or both, for service quality, analytics, and abuse prevention.
2.3 Document uploads and document review
Signed-in users may upload documents for review against Nigerian law. Depending on how you use the feature, we may collect:
- Uploaded files, such as PDF, DOC, DOCX, TXT, JPG, PNG, or WebP files you choose to attach
- Extracted text from those files, including text recovered from images using automated optical character recognition (OCR) powered by our AI infrastructure
- Document metadata, such as file name, file type, size, and character counts
- Document review settings, such as the document category you select before review
- Questions and answers related to the uploaded document, including follow-up questions you type after upload
Where enabled, uploaded files and extracted text may be stored in our cloud infrastructure so you can reuse a document within a session or across signed-in use of the Service. Do not upload documents you are not authorized to share or that contain information you do not want processed by our systems.
2.4 Document draft
Signed-in users may request AI-generated draft legal documents. When you use this feature, we may collect:
- Document type you select (for example employment letter, tenancy agreement, or NDA)
- Questions and answers related to the draft request, including follow-up questions
- Generated draft content included in the response
Draft requests are logged like other chat turns and may be associated with your account and conversation history.
2.5 Voice input
Signed-in users may dictate questions using voice input where supported by their browser and device. When you use this feature:
- Your browser may request microphone permission. Audio is captured locally and sent to our servers for transcription.
- We process the audio through Amazon Transcribe (or equivalent speech-to-text services) to produce a text transcript.
- The transcript is treated like text you typed and may be submitted as your question, logged, and included in conversation history like other prompts.
We do not use voice input for advertising. Audio is processed to provide transcription, not for voice-print identification.
2.6 Preferences and account settings
If you are signed in, we may store preferences you choose in account settings, such as your preferred answer tone (for example everyday or formal legal style) and response language (English-only or English with a Hausa, Yoruba, Igbo, or Nigerian Pidgin summary). If your account is associated with a subscription or plan, we may also store plan-related entitlements needed to enable certain features.
2.7 Security, session, and audit information
To protect accounts and investigate abuse, we collect security-related information, including:
- Session and authentication events (such as sign-up, sign-in, sign-out, password change, and password reset activity)
- IP address and related network metadata
- Browser user-agent and device category or device name
- Referer, origin, host, and country headers where available
- Timestamps and technical metadata related to authentication and account-management actions
2.8 Usage and device information
- Usage data: How you interact with our service, including pages visited and timestamps
- Device information: Device type, operating system, browser type, and similar technical identifiers
2.10 Analytics and advertising measurement
We may use analytics and advertising measurement tools to understand how the Service is used and whether account sign-up campaigns are effective. Depending on configuration, this may include:
- PostHog: product analytics such as page views, feature usage (for example document review, sharing, and history actions), authentication events, and session replay to understand how users navigate the Service. Question and answer text is masked in replays; form inputs are masked by default. Signed-in users may be identified by an internal user ID with plan and preference metadata, not by email in analytics profiles by default.
- Google Analytics (GA4): page views and basic usage events, collected through Google's analytics scripts
- Google Ads conversion measurement: events such as successful sign-up, used to measure advertising performance
These tools may set cookies or use similar technologies and may receive information such as pages visited, device/browser metadata, and conversion events. Google's processing is subject to Google's own policies. We use these tools to operate and improve the Service, not to sell your personal information.
2.11 Cookies and similar technologies
We use cookies and similar browser storage to maintain your sign-in session, protect OAuth sign-in flows, enforce guest usage limits, associate feedback with the correct chat session, and support core site functionality. See Section 7 for more detail.
3. How We Use Your Information
We use the collected information for:
- Creating, authenticating, and managing user accounts
- Verifying email addresses, resetting passwords, and sending account-related emails
- Providing and improving our AI legal research service
- Responding to your questions about Nigerian laws
- Reviewing documents you upload and generating informational responses about them
- Generating draft legal documents you request through document draft
- Transcribing voice input into text you can submit as questions
- Translating questions to English for retrieval and generating localized summaries in Hausa, Yoruba, Igbo, or Nigerian Pidgin when requested
- Saving, searching, and displaying conversation history for signed-in users, including titles, pin status, and archive status
- Processing history actions you choose, such as rename, pin, archive, or delete
- Enabling optional sharing of conversations or responses for signed-in users
- Storing account preferences such as answer tone and response language
- Collecting and analyzing feedback on answers
- Detecting, preventing, and investigating fraud, abuse, and unauthorized access
- Maintaining audit and security logs for account activity
- Analyzing service usage to enhance user experience
- Complying with legal obligations
4. User Access Management
isabilaw uses a user access management system to control who can use protected features of the Service. This includes:
- Registration and sign-in: You may create an account with email and password or, where enabled, sign in with Google or Microsoft.
- Email verification: Email/password accounts may require verification before full access is granted.
- Sessions: When you sign in, we issue a secure session that keeps you authenticated for a limited period (currently up to 7 days, unless you sign out sooner or your session is invalidated).
- Session invalidation: Changing your password or completing certain account recovery actions may end existing sessions and require you to sign in again.
- Rate limiting: We limit repeated authentication and account-related requests to reduce abuse and protect user accounts.
- Access requirements: Some deployments of isabilaw may require sign-in before you can ask questions or use certain features.
5. Data Retention
We retain information for as long as needed to provide the Service, maintain security, and meet legal obligations. This includes:
- Account data: Retained while your account is active and as needed thereafter for legal, security, or operational purposes
- Questions and chat history: Retained to operate the Service, improve quality, and support signed-in history features unless you archive or delete a conversation from your history or request account deletion
- Localized summaries: Retained with the related chat turn and conversation history when generated
- Uploaded documents and extracted text: Retained for as long as needed to provide document review, support your session, and maintain backups or logs consistent with our infrastructure configuration
- Voice transcripts: Retained as part of your questions and conversation history when submitted to the Service
- Audit and security logs: Retained for a reasonable period to investigate incidents, prevent abuse, and protect users
- Shared links: Retained until the shared content is removed or the link is disabled, where such controls are available
You can request deletion of your account data or chat history by contacting us at support@isabilaw.com. We may retain certain information where required by law or for legitimate security purposes.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include, where applicable:
- Password hashing for email/password accounts
- Hashed storage of verification and reset tokens
- HttpOnly session cookies for authenticated sessions
- Session version controls to invalidate old sessions after sensitive account changes
- Rate limiting on authentication and account-management endpoints
- Audit logging of key account events
However, no method of transmission over the Internet or electronic storage is 100% secure. You are responsible for keeping your password confidential and for activity that occurs under your account unless caused by our failure to use reasonable security measures.
7. Cookies and Sessions
isabilaw uses cookies that are necessary to operate account features, including:
- A session cookie that keeps you signed in after authentication
- Short-lived cookies used during Google or Microsoft sign-in to help prevent unauthorized login attempts
- Cookies that track guest question usage when sign-in is not required, so we can enforce fair-use limits
- Analytics or advertising cookies used by PostHog, Google Analytics, or Google Ads when those services are enabled, to measure product usage and sign-up conversions
- A session cookie that helps bind feedback and certain anonymous chat actions to the correct conversation session
We may also store appearance or interface preferences (such as theme) in your browser's local storage. These cookies and storage mechanisms are used for authentication, security, and core functionality, not for third-party advertising. You can control cookies through your browser settings, but disabling required cookies may prevent you from signing in or using account features.
8. Third-Party Services and Information Sources
Our service uses third-party providers to operate account and infrastructure features, including:
- Amazon Web Services (AWS): data storage, processing, AI inference, document storage, transcription, and related infrastructure
- Amazon Bedrock: generating answers, routing queries, and extracting text from uploaded document images through AI models
- Amazon Transcribe: converting voice audio you submit into text transcripts
- Amazon SES: sending verification, password reset, and other account-related emails
- Google: optional sign-in through Google OAuth, subject to Google's own terms and privacy policies
- Microsoft: optional sign-in through Microsoft OAuth, subject to Microsoft's own terms and privacy policies
- PostHog: product analytics and optional session replay (when enabled), subject to PostHog's own terms and privacy policies
- Google Analytics and Google Ads: site analytics and conversion measurement, where configured, subject to Google's own terms and privacy policies
- Serper: web search used to retrieve pages from official Nigerian government and regulator websites when answering questions
- Wikipedia: reference content used for general background context only, not as legal authority
We do not sell your personal information to third parties.
To answer your questions, isabilaw may retrieve information from external sources on the Internet. Legal information is sourced from the Federal Government Gazette, official publications, and official Nigerian government and regulator websites (including .gov.ng, .mil.ng, plus selected legacy official hosts such as inecnigeria.org and nerdc.org.ng). General background knowledge (for example about history, politics, or public institutions) may be sourced from the Internet, including third-party reference sites such as Wikipedia. Internet-sourced general knowledge may not be 100% accurate or current. When you use localized summaries, your English answer may be processed by our AI systems to produce a summary in the language you select. When you ask a question in Hausa, Yoruba, Igbo, or Nigerian Pidgin, we may translate it to English internally before searching sources and generating a response. Your questions may be sent to these retrieval and translation systems as part of generating a response.
9. Important Disclaimer
The information provided by isabilaw is for informational purposes only and does not constitute legal advice. Users should not rely on this service for legal advice and should consult with qualified legal professionals for their specific situations.
Legal answers are based on official gazette and official Nigerian government and regulator website sources where available. General knowledge from the Internet is provided for context only and may contain errors. Localized summaries are AI-generated translations of English answers and may not be complete or perfectly accurate. Document review responses depend on the text extracted from files you upload; extraction and OCR may be incomplete or inaccurate, especially for poor-quality scans, photos, handwriting, or complex formatting. Document drafts are templates only and must be reviewed by a qualified lawyer before use. You are responsible for verifying information before acting on it.
10. Your Rights
You have the right to:
- Access personal information we hold about you
- Request correction of inaccurate account or profile data
- Request deletion of your account or associated data
- Delete individual conversations from your history using the delete option in the conversation menu, or archive conversations to remove them from your active history list
- Change your password through account settings where available
- Sign out of your account on devices you use
- Opt out of certain non-essential data processing activities, where applicable
To exercise these rights, please contact us at support@isabilaw.com. We may need to verify your identity before completing certain requests.
11. International Users
If you are located outside Nigeria, please note that your information will be transferred to and processed in Nigeria. By using isabilaw, you consent to this transfer.
12. Children's Privacy
Our service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information promptly.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time, including as we add or change account, authentication, or access-management features. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.
14. Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us at:
Email: support@isabilaw.com
Company: (c) 2026 Adelante Nigeria Ltd
