Skip to main content
THE LEGAL SHOT — Ghanaian legal education platformTHE LEGAL SHOTIus In Foco — Law, in focus.

Privacy Policy

Effective date: 1 May 2026

1. Who we are

OneShot Studios Limited (“we”, “us”, “our”) operates The Legal Shot at thelegalshot.com. This Privacy Policy explains how we collect, use, store, and share personal data when you use our platform.

2. Data we collect

We collect the following categories of personal data:

  • Account data — your name, email address, institution, and year of study. Passwords are handled by Firebase Authentication (Google); we never see or store your plaintext password on our own systems.
  • Profile data — optional details you add such as areas of interest or a professional biography (for instructors).
  • Payment data — subscription plan, payment status, and Paystack transaction references. We do not store card numbers; card processing is handled entirely by Paystack.
  • Usage data — pages visited, courses enrolled, lesson progress, notes, bookmarks, and Q&A activity.
  • Security data — login events, device fingerprints, IP addresses, and session tokens, used to detect and prevent unauthorised access.
  • Video session data — stream session records including IP address, device information, and a session watermark identifier that is displayed as a visible on-screen overlay during playback to discourage unauthorised sharing of lesson videos.

3. How we use your data

We use your data to:

  • Provide, operate, and improve the platform.
  • Process subscription payments and verify access rights.
  • Send transactional emails (account verification, payment receipts, renewal reminders).
  • Detect and prevent fraud, abuse, and unauthorised use of the platform.
  • Generate certificates of completion and verify them publicly.
  • Produce anonymised analytics to improve our course catalogue and platform performance.
  • Comply with our legal obligations under Ghanaian law.

We do not sell your personal data to third parties, and we do not use it for advertising purposes.

4. Legal basis for processing

We process your personal data on the following bases: performance of the contract between us (providing the service you have subscribed to); compliance with our legal obligations; our legitimate interests in operating a secure and well-functioning platform; and, where required, your consent.

5. Data sharing

We share data only with the subprocessors below, and with law enforcement or regulatory bodies where we are legally required to do so:

  • PaystackProcess subscription and course payments. Subject to Paystack’s own privacy policy.
  • SendGridDeliver transactional email. Email addresses are shared only to the extent necessary to send the message.
  • Google Cloud (Firebase)Hosting infrastructure — Cloud Functions in europe-west1 and Cloud Firestore + Firebase Hosting in europe-west4.
  • Google Cloud Vertex AI (Gemini)AI quiz generation and citation lookup. Prompts containing your study activity are processed transiently and are not used to train foundation models.

6. Data retention

We retain your account data for as long as your account is active and for up to 3 years thereafter for legal and accounting purposes. Payment records are retained for 7 years in accordance with Ghanaian tax law. Security event logs are retained for 12 months. You may request deletion of your account and personal data at any time (see section 8).

7. Cookies and tracking

We use strictly necessary cookies to maintain your session and authentication state. We do not use advertising cookies or third-party tracking pixels. You can disable cookies in your browser settings, but doing so will prevent you from logging in.

8. Your rights

Under applicable Ghanaian data protection law you have the right to:

  • Access a copy of the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data, subject to our legal retention obligations.
  • Object to processing based on legitimate interests.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at support@thelegalshot.com. We will respond within 30 days.

9. Security

We protect personal data using industry-standard controls: all traffic is encrypted in transit (TLS), data is encrypted at rest on Google Cloud infrastructure, credentials are handled by Firebase Authentication, and access to production systems is role-restricted and audit-logged. Device identifiers are used to enforce per-plan concurrent-stream limits, and lesson videos carry a visible session-bound watermark overlay to deter unauthorised sharing. Despite these measures, no system is completely secure; we cannot guarantee absolute security.

10. Children

The platform is not directed at children under 18. We do not knowingly collect personal data from anyone under 18 without parental consent. If you believe we have collected data from a minor, please contact us immediately.

11. Changes to this policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through a notice on the platform. The effective date at the top of this page indicates when this version was last updated.

12. Contact

Questions, requests, or concerns about this policy should be directed to support@thelegalshot.com.

HomeTerms of ServiceCoursesPricingSupport
Privacy Policy — THE LEGAL SHOT