Privacy Policy

Last updated: 20 April 2026

1. Data Controller

Legal OS ("legals.mu") is operated by Tamak Group. We are the data controller for personal data processed through this platform, in accordance with the Mauritius Data Protection Act 2017 ("DPA 2017").

Data Protection Officer: To be appointed. Contact: dpo@legals.mu

2. Personal Data We Process

We process the following categories of personal data:

3. Purpose & Legal Basis

PurposeLegal Basis (DPA 2017)
Company secretarial filingsContractual necessity
KYC document managementLegal obligation (FIAMLA 2002)
ID card extraction (AI)Explicit consent
CBRIS company lookupLegitimate interest (public register)
Account managementContractual necessity
Audit loggingLegal obligation (DPA 2017)

4. Data Security

5. Your Rights (DPA 2017)

Under the Mauritius Data Protection Act 2017, you have the right to:

To exercise any of these rights, contact us at dpo@legals.muor submit a request through the platform's Settings page.

6. Data Retention

Data CategoryRetention PeriodLegal Basis
KYC documents5-7 years after end of relationshipFIAMLA 2002
Company filings7 yearsCompanies Act 2001
Audit logsIndefiniteDPA 2017
Consent recordsIndefiniteDPA 2017
User accountsUntil deletion + 30 daysDPA 2017

7. International Data Transfers

Processing your data involves transfers outside Mauritius:

Each sub-processor is bound by a data processing agreement with appropriate safeguards. The full list of sub-processors is available on request at dpo@legals.mu.

8. AI Processing

We use AI (currently OpenAI GPT-4o) for the following features:

AI processing of identity documents happens only with your explicit consent. You may choose to enter data manually instead. No automated decisions are made based solely on AI processing — all extracted data is reviewed and confirmed by a human before being relied upon. We do not use your data to train general AI models.

For on-premise / enterprise deployments where OpenAI cannot be used, the platform supports local-AI alternatives that keep all processing within your infrastructure.

9. Data Breach Notification

In the event of a personal data breach, we will notify the Data Protection Commissioner within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

10. Contact & Complaints

Data Protection Officer: dpo@legals.mu
Data Protection Commissioner: Data Protection Office, 5th Floor, SICOM Tower, Wall Street, Ebene, Mauritius. Tel: +230 460 0251. Website: dataprotection.govmu.org

Terms of ServiceCookie Policy