LFMS

Legal

Privacy Policy

Last updated: pending publication

Document under review

Our formal Privacy Policy is being finalised by counsel. The summary below describes our current data handling practices. For a binding copy or specific data-protection enquiries, contact legal@lfms.example.

Summary

LFMS operates as a Personal Data Processor under PDPA 2010. Each subscribing firm is the Data User for their case, client, and matter records. We process data only on your firm's instructions; we do not sell, share, or analyse your data for any other purpose.

Data we collect

  • Account information (firm name, admin email, billing contact)
  • Case and matter records you create within the platform
  • Client and party records you add for case management
  • Payment metadata (handled by BayarCash — we never store card details)
  • Operational logs (sign-in events, audit trail of mutations)

Where data is stored

Data is hosted on Supabase (Singapore region, AWS ap-southeast-1). Each firm's records are isolated at the database layer via row-level security. LFMS staff access is logged and limited to support functions you explicitly request.

Retention

Active firm data is retained while your subscription is active. Audit logs are retained for 90 days. On cancellation, your data remains accessible read-only for 90 days, after which it is purged unless you request earlier deletion or longer retention in writing.

Your rights

Under PDPA 2010, you have the right to access, correct, and request deletion of personal data we hold about you. Email legal@lfms.example with your request and we'll respond within 21 days.