Security & trust centre
A plain-language overview. We publish what protects you without publishing a roadmap for attackers.
How your information is protected
- Encryption in transit: all pages and form submissions travel over HTTPS.
- Separated systems: the public website is static and holds no personal data; enquiries go to a separate, access-controlled application with its own security boundary.
- Access control and audit: enquiry records are visible only to authorised staff, actions on them are logged, and staff access is role-based.
- No third-party trackers: nothing you type is shared with analytics or advertising systems — there are none on this site.
- Backups: the firm's systems are backed up automatically, including encrypted offsite copies, so an enquiry cannot be silently lost.
- Email discipline: notification emails to staff deliberately exclude the content of your enquiry; the content stays in the protected system.
Service status and maintenance
Planned maintenance is done outside busy hours where possible. If the enquiry service is ever unavailable, the contact page and phone lines remain the alternate route — the site is designed so that no outage can silently swallow a submission: you either receive a reference number, or you know it didn't go through.
Reporting a security concern
If you believe you have found a vulnerability in this website or the firm's systems:
- Email reception@leshiloattorneys.com with the subject “Security report”. It reaches the firm and its technology maintainers.
- Include enough detail to reproduce the issue. Please do not access, alter or exfiltrate data belonging to others, and do not test in ways that degrade the service.
- We acknowledge good-faith reports, fix confirmed issues promptly, and will not pursue researchers acting in good faith within these rules.
If something goes wrong
The firm maintains an internal escalation route for suspected compromises, keeps an incident decision log, and — where POPIA requires it — notifies the Information Regulator and affected people. Security compromise notifications are handled under the firm's POPIA obligations, described in the privacy notice.
Version 1.0 · Effective and last reviewed: 15 July 2026 · Owner: The Director, Lesiba Kabelo Leshilo · Review cadence: at least annually and whenever law, policy or processing changes. Earlier versions are retained by the firm and available on request.