Privacy Policy
Allen Robb-Cato & Co. (ARCO)
Effective date: April 2026
Last updated: April 2026
Who We Are
Allen Robb-Cato & Co. (“ARCO”, “we”, “us”, “our”) is a law firm based in Montego Bay, Jamaica. We are committed to protecting the privacy and personal data of our website visitors, clients, and app users in compliance with the Jamaica Data Protection Act 2020.
Registered office:
Suite 3 & 4, The Victory Building
3-5 Fort Street
Montego Bay, Jamaica
Data protection contact: privacy@allenrobbcato.law
What Data We Collect
We collect personal data through the following channels:
Website Contact Form
- Name
- Email address or phone number
- Practice area of interest
- Message content
Consultation Booking
- Name
- Email address
- Practice area of interest
- Preferred date and time
- Timezone
AI Assistant Conversations
Conversation content (questions and responses). Personal details are collected only when voluntarily provided by the visitor during the conversation.
Client Portal
- Name and email address (account registration)
- Uploaded documents
- Digital signatures
Website Usage Data (Cookies)
- Essential cookies: session management, authentication tokens
- Non-essential cookies: analytics and usage data (only with your consent)
Why We Collect Your Data
We collect and process your personal data for the following purposes:
- Respond to inquiries: To reply to messages submitted through our contact form
- Schedule consultations: To book and manage consultation appointments, including generating Zoom meeting links
- Provide AI assistance: To answer general questions about our practice areas and services through our AI assistant (which does not provide legal advice)
- Deliver legal services: To manage client documents, facilitate digital signatures, and communicate with clients through the portal
- Improve our services: To understand how visitors use our website and identify areas for improvement (with consent)
- Comply with legal obligations:To maintain records as required by Jamaica's legal and regulatory framework
Legal Basis for Processing
Under the Jamaica Data Protection Act 2020, we process your personal data on the following lawful bases:
| Basis | Activities |
|---|---|
| Consent | Contact form submissions, consultation bookings, AI chat conversations, non-essential cookies, client portal registration, marketing communications |
| Legitimate interest | Essential service delivery (responding to inquiries, scheduling consultations), website security monitoring, fraud prevention |
| Legal obligation | Client records retention as required by Jamaica's professional and regulatory requirements |
You may withdraw your consent at any time (see “Your Rights” below). Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal.
How We Store and Protect Your Data
We implement technical and organizational measures to protect your personal data:
- Encryption in transit: All data transmitted between your browser or device and our servers is encrypted using TLS (Transport Layer Security)
- Encryption at rest: Data stored by our service providers is encrypted at rest
- Authentication: User accounts are secured by Clerk authentication with optional two-factor authentication (2FA)
- Role-based access control: Access to data is restricted based on user roles. Only authorized ARCO staff can access client information, and only for the documents they are directly involved with.
- Secure document storage: Client portal documents are stored securely and are accessible only to the document owner and the ARCO staff member who uploaded them
Data Sharing
We do not sell your personal data. We share data with the following service providers who process data on our behalf under contractual safeguards:
| Provider | Purpose | Data Shared |
|---|---|---|
| Convex | Database and file storage | Application data, uploaded documents |
| Clerk | Authentication and user management | User profiles, authentication data |
| Resend | Email delivery | Recipient email addresses, email content |
| Zoom | Video consultation hosting | Meeting links, participant names, scheduled times |
| OpenRouter | AI assistant processing | Conversation content (anonymized queries) |
Each provider is contractually required to protect your data and may only process it for the purposes specified in our agreements with them.
Cross-Border Transfers
Your data may be transferred to and processed in jurisdictions outside Jamaica, including the United States, by the service providers listed above. We ensure appropriate safeguards are in place through contractual agreements with our service providers that require them to protect your data to standards equivalent to the Jamaica Data Protection Act 2020 (Section 50).
These safeguards include:
- Encryption of data in transit and at rest
- Access controls limiting who can view your data
- Data processing agreements that restrict how your data may be used
- SOC 2 Type II certification held by key providers (Clerk, Zoom)
For more information about cross-border transfers, contact us at privacy@allenrobbcato.law.
Cookies
Essential Cookies (Always Active)
These cookies are necessary for the website to function and cannot be disabled:
| Cookie | Purpose | Duration |
|---|---|---|
| Session token | Maintains your login session | Session |
| Authentication token | Verifies your identity (Clerk) | Session |
| Convex connection | Enables real-time data synchronization | Session |
Non-Essential Cookies (Require Consent)
These cookies are only set after you provide explicit consent via the cookie banner:
| Cookie | Purpose | Duration |
|---|---|---|
| Analytics | Helps us understand how visitors use the website | 12 months |
Managing Your Cookie Preferences
- A cookie consent banner will appear on your first visit
- You can choose to “Accept All”, “Reject Non-Essential”, or “Manage Preferences”
- You can change your preferences at any time using the cookie settings link in the website footer
- Your preference is stored in a
consent_preferencescookie for 12 months
Your Rights
Under the Jamaica Data Protection Act 2020, you have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Right of access | You may request a copy of all personal data we hold about you |
| Right to correction | You may request that we correct inaccurate or incomplete data |
| Right to deletion | You may request that we erase your personal data (subject to legal retention obligations) |
| Right to object | You may object to the processing of your personal data for specific purposes |
How to Exercise Your Rights
Contact us at privacy@allenrobbcato.law with your request. Please include your name and the email address associated with your interaction with ARCO so we can locate your records.
Our process:
- We will acknowledge your request within 5 business days
- We may ask you to verify your identity
- We will fulfill your request within 30 calendar days
- If an exemption applies (e.g., legal retention obligation), we will explain the exemption and the reason it applies
You also have the right to lodge a complaint with the Office of the Information Commissioner (OIC) if you believe your data protection rights have been violated. Visit https://oic.gov.jm for more information.
Data Retention
We retain your personal data only for as long as necessary:
| Data Type | Retention Period | Rationale |
|---|---|---|
| Lead data (contact form, booking inquiries) | 2 years from submission | Allows reasonable follow-up period for potential clients |
| Client documents | 7 years | Professional regulatory obligation under Jamaica law |
| AI chat conversations | 1 year | Service improvement and quality assurance |
| Inactive client portal accounts | Deleted after 2 years written notice | Provides adequate notice to account holders |
| Website usage data (analytics) | 12 months | Sufficient for trend analysis |
After the retention period expires, data is securely deleted or anonymized.
Children's Data
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us at privacy@allenrobbcato.law and we will promptly delete it.
Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes:
- The updated policy will be posted on this page
- The “Last updated” date at the top will be revised
- For significant changes, we may notify registered users via email
We encourage you to review this page periodically.
Contact Us
If you have questions about this privacy policy, your personal data, or our data protection practices, please contact us:
Email: privacy@allenrobbcato.law
Write to us:
Allen Robb-Cato & Co.
Suite 3 & 4, The Victory Building
3-5 Fort Street
Montego Bay, Jamaica
This privacy policy is compliant with the Jamaica Data Protection Act 2020. ARCO is registered with the Office of the Information Commissioner under registration number [to be added].