Privacy Policy

This Privacy Policy explains how dubaicopilot.ai ([LEGAL ENTITY NAME], “we”, “us”, “our”) collects, uses, discloses, and protects personal information when you visit our website, request a Workflow Diagnostic, or engage our managed AI operations services. By using our website or services, you agree to the practices described here.

The data controller is [LEGAL ENTITY NAME], registered at [REGISTERED ADDRESS, DUBAI, UAE]. For any privacy questions or requests, contact us at [PRIVACY CONTACT EMAIL].

Information you provide

• Contact and company details submitted through the Workflow Diagnostic form (name, work email, company, role, phone, country, city, team size, industry).
• Workflow information you describe (the function, systems, documents, approvers, bottlenecks, exceptions, and success criteria of the workflow you want to diagnose).
• Any files or notes you choose to upload as part of a diagnostic request.

Information collected automatically

• Usage and device data (pages viewed, referring URLs, approximate location, browser and device type) collected via privacy-respecting analytics.
• Cookies and similar technologies as described in the Cookies section below.

Client operational data (during an engagement)

When we build and operate agents inside your systems, agents process operational records (for example invoices, documents, or CRM entries) under your instructions. This data is processed on your behalf and is governed by the data processing terms in your service agreement.

• To respond to diagnostic requests and schedule and conduct working sessions.
• To provide, operate, monitor, and improve our managed AI operations services.
• To communicate with you about your request, engagement, and relevant updates.
• To maintain the security, integrity, and performance of our website and services.
• To comply with legal, regulatory, and contractual obligations.

We do not use your data, documents, or outputs to train public or third-party foundation models. Where AI models are used to deliver your workflows, we configure private or isolated usage. Client operational data is scoped to the specific workflows that require it.

Where applicable law (including the UAE Personal Data Protection Law and, where relevant, the GDPR) requires a legal basis, we rely on: your consent; performance of a contract or pre-contractual steps at your request; our legitimate interests in operating and improving our business; and compliance with legal obligations.

We do not sell personal information. We share information only with:

• Service providers and processors that support our operations (for example website hosting and analytics, transactional email, and customer-relationship management), bound by appropriate confidentiality and data-protection terms.
• Professional advisers, regulators, or authorities where required by law.
• A successor entity in connection with a merger, acquisition, or asset transfer, subject to this Policy.

We are based in Dubai and operate across the GCC. Where personal information is transferred outside its country of origin, we put in place appropriate safeguards (such as contractual protections) consistent with applicable law. Deployment options including UAE data residency are available and scoped during implementation.

We retain personal information only for as long as necessary for the purposes described in this Policy, to comply with legal obligations, resolve disputes, and enforce agreements. Diagnostic enquiry data is retained for [RETENTION PERIOD] unless a longer period is required. Client operational data retention is defined in your service agreement.

We use technical and organisational measures designed to protect information, including encryption in transit and at rest, scoped and rotatable credentials, least-privilege access controls, and audit logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Subject to applicable law, you may have the right to access, correct, delete, restrict, or object to the processing of your personal information, and to data portability. To exercise these rights, contact us at [PRIVACY CONTACT EMAIL]. You may also have the right to lodge a complaint with the relevant data protection authority.

We use essential cookies to operate the website and privacy-respecting analytics to understand usage and improve the experience. You can control cookies through your browser settings. Disabling some cookies may affect site functionality.

Our website and services are intended for businesses and are not directed to children. We do not knowingly collect personal information from children.

We may update this Policy from time to time. We will post the updated version with a revised “Last updated” date. Material changes will be communicated where appropriate.

For questions about this Policy or our data practices, contact [LEGAL ENTITY NAME] at [PRIVACY CONTACT EMAIL], [REGISTERED ADDRESS, DUBAI, UAE].