Skip to content
West Midlands Based|England & Wales|Response Within 1 Working Day
Boadu Legal Services

Legal

Privacy Policy

Last updated: 30 June 2026

1. Who we are (data controller)

Boadu Legal Consultancy ("BLS", "we", "us") is the data controller for personal information you share with us through this website, the client portal, our AI intake assistant, our booking system and our email correspondence.

  • Trading name: Boadu Legal Consultancy (consultancy, SRA authorisation pending).
  • Location: West Midlands, United Kingdom.
  • Email: info@boadulegalservices.com
  • Telephone: +44 7747 234225

Privacy queries and data-subject requests should be sent to the email address above with "Data request" in the subject line.

2. Information we collect

We only collect information that is relevant to the service you are asking us for.

  • Enquiry & contact data: name, email, phone, message you send via the contact form or WhatsApp link.
  • Booking data: consultation type (Discovery Call or Matter Assessment), preferred date/time, format (video or telephone), matter area, and notes you provide.
  • AI intake data: the messages you send to our AI Client Assistant and the summary it generates.
  • Account data: if you sign in to the client portal we store your email, authentication tokens, and any profile details you add (handled by Supabase auth).
  • Matter data: documents you upload, case notes, and the status/history of your matter.
  • Operational records: booking audit log entries (who changed what, and when), cancellation/reschedule tokens, and email delivery status.
  • Technical data: IP address, browser type, device, pages visited, error logs, used for security, abuse prevention and (with your consent) anonymous analytics.

3. How and why we use your information

PurposeData usedLegal basis
Respond to enquiries and book consultationsContact & booking dataSteps to enter into a contract
Deliver and manage your consultation/matterBooking, intake, matter dataPerformance of a contract
Send confirmations, reminders, reschedule and cancellation emailsContact & booking dataPerformance of a contract / legitimate interests
Provide and improve the AI intake assistantIntake messagesLegitimate interests / consent
Maintain audit logs and protect against fraudOperational & technical dataLegitimate interests / legal obligation
Anonymous analytics to improve the siteTechnical dataConsent (cookie banner)
Meet legal, tax and regulatory requirementsAs requiredLegal obligation

4. Who we share your information with

We do not sell your personal data. We share it only with carefully selected processors who help us run the service, under written contracts and confidentiality obligations:

  • Supabase (database, authentication, file storage).
  • Cloudflare (hosting, edge/server runtime, DDoS protection).
  • Resend (transactional emails such as booking confirmations).
  • Google (Google Sign-In, only if you choose it; Google Fonts for typography).
  • Google AI (Gemini, via Lovable AI Gateway) for the AI Client Assistant.
  • Suitably authorised legal professionals where your matter requires reserved legal activities and you ask us to refer you.
  • Regulators, courts or law enforcement where we are legally required to disclose.

Where a processor is based outside the UK, we rely on adequacy decisions or the UK International Data Transfer Agreement / Addendum to safeguard your data.

5. How long we keep your information

  • Unconverted enquiries: up to 12 months from last contact.
  • Booking records and audit log: 6 years from the date of the consultation, to meet professional, tax and limitation-period requirements.
  • Matter files and documents: 6 years from matter closure, then securely deleted unless a longer retention is legally required.
  • AI intake transcripts: retained with the related matter or, if no matter is opened, deleted within 90 days.
  • Marketing contacts: until you unsubscribe (every email contains a one-click unsubscribe link).
  • Server logs: typically 30 to 90 days for security and debugging.

6. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Ask us to delete your data ("right to be forgotten") where it is no longer needed.
  • Restrict or object to certain processing.
  • Receive a copy of your data in a portable format.
  • Withdraw consent at any time (including cookie consent, via our Cookie Policy page).

To exercise any of these rights, email info@boadulegalservices.com. We respond within one month.

You also have the right to complain to the Information Commissioner's Office (ICO): ico.org.uk/make-a-complaint or 0303 123 1113.

7. Security

We protect your data with role-based access control, row-level security on our database, encryption in transit (HTTPS/TLS) and at rest, audit logging of changes to bookings, and least-privilege access for staff. No system is perfectly secure, but we work to industry-standard practices and will notify you and the ICO of any qualifying personal-data breach without undue delay.

8. Children

Our services are aimed at adults. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with data, please contact us and we will delete it.

9. Cookies

We use a small set of cookies and similar technologies. Full details, including how to change your preferences, are in our Cookie Policy.

10. Changes to this policy

We may update this policy from time to time. Material changes will be highlighted on the website and, where appropriate, notified by email. The "last updated" date above shows when it was last revised.