Privacy Policy

AIGENT LABS - FZCO ("AIGENT," "we," "us," or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, disclose, and protect personal data when you access or use our website at aigent.ae, our products - including AIGENT Cognis and AIGENT Guardian - and all related services, platforms, dashboards, and communications (collectively, the "Services").

This Privacy Policy is designed to comply with the United Arab Emirates Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE PDPL") and its implementing regulations. Where our Services are accessed by individuals located in the European Economic Area or where the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR") otherwise applies, we also comply with the GDPR.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the collection and processing of your personal data as described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our Services.

The data controller responsible for the processing of your personal data is:

If you have any questions about how we process your personal data, or if you wish to exercise any of your data protection rights, please contact us using the details above.

We collect and process the following categories of personal data, depending on the nature of your interaction with our Services:

We collect personal data through the following means:

• Directly from you - when you create an account, complete onboarding forms, subscribe to our Services, submit enquiries through our website, or communicate with us via email, WhatsApp, or other channels.
• From your use of our Services - we automatically collect usage data, technical data, and performance metrics as you interact with our platform, dashboards, and tools.
• From third-party integrations - when you connect third-party platforms to our Services (such as CRM systems, calendar applications, or communication tools), we may receive data from those platforms in accordance with the permissions you have granted.
• Automatically via cookies and similar technologies - we use cookies, web beacons, and similar technologies to collect technical data about your browsing behaviour and device. Please refer to Section 12 (Cookies & Tracking) for further details.

We process your personal data on the following legal grounds, as applicable under the UAE PDPL and, where relevant, the GDPR:

• Performance of a contract. Processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract. This includes providing the Services, managing your account, processing payments, and delivering onboarding and support.
• Legitimate business interests. Processing is necessary for our legitimate interests, provided those interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include improving and optimizing our Services, ensuring platform security, preventing fraud, conducting internal analytics, and communicating with you about your account.
• Consent. Where we rely on your consent as the legal basis for processing (for example, for certain marketing communications or optional data collection), you have the right to withdraw your consent at any time by contacting us at contact@aigent.ae. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
• Legal obligations. Processing is necessary for compliance with a legal obligation to which we are subject, including tax reporting, regulatory requirements, anti-money laundering obligations, and responding to lawful requests from public authorities.

We use the personal data we collect for the following purposes:

• To provide and maintain our Services - including account creation, platform access, configuration, integration with third-party systems, and ongoing service delivery.
• To process payments and billing - including invoicing, payment processing, managing subscriptions, and maintaining billing records.
• To communicate about your account and Services - including account notifications, service updates, subscription changes, and responses to your enquiries and support requests.
• To send onboarding and verification messages - including email verification, two-factor authentication, WhatsApp onboarding messages, and setup instructions.
• To improve our Services and develop new features - including analysing usage patterns, conducting internal research, testing new functionality, and optimizing platform performance.
• To comply with legal obligations - including tax reporting, regulatory compliance, responding to court orders, and cooperating with regulatory authorities where required by applicable law.
• To protect our rights and prevent fraud - including detecting, investigating, and preventing unauthorized access, abuse, fraud, and other security threats to our platform, our users, and our business.

We do not sell your personal data. We do not rent, trade, or otherwise make your personal information available to third parties for their own marketing purposes.

We may share your personal data with the following categories of recipients, solely to the extent necessary for the purposes described in this Privacy Policy:

• Payment processors. We use PCI DSS-compliant payment processors to complete transactions and handle billing data under applicable contractual and compliance obligations.
• Email service providers. We use Resend for transactional email delivery. Resend receives email addresses and message content necessary to deliver account-related communications on our behalf.
• Hosting and infrastructure providers. Our Services are hosted on cloud infrastructure providers that may process data on our behalf in accordance with strict security and confidentiality obligations.
• Professional advisors. We may share personal data with our legal, accounting, and compliance advisors where necessary for the purposes of obtaining professional advice or managing legal proceedings.
• Regulatory authorities. We may disclose personal data to government or regulatory authorities where required by applicable law, regulation, legal process, or enforceable governmental request.

All third-party processors with whom we share personal data are bound by written data processing agreements that require them to process personal data only on our documented instructions and to implement appropriate technical and organizational security measures.

Your personal data may be processed in the United Arab Emirates and in other jurisdictions where our service providers, hosting partners, and infrastructure providers operate. Some of these jurisdictions may not provide the same level of data protection as the UAE or the European Economic Area.

Where we transfer personal data to countries outside the UAE or the EEA, we ensure that appropriate safeguards are in place in accordance with the UAE PDPL and, where applicable, the GDPR. These safeguards may include:

• Transfers to countries recognized as providing an adequate level of data protection;
• Standard contractual clauses approved by competent authorities;
• Binding corporate rules or other legally recognized transfer mechanisms; and
• Data processing agreements with recipients that include appropriate security and confidentiality obligations.

For further information about the safeguards we apply to international transfers, please contact us at contact@aigent.ae.

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following retention periods apply:

Upon expiration of the applicable retention period, personal data is securely deleted or anonymized in accordance with our internal data management procedures. Backup copies may be retained for a limited additional period as necessary for disaster recovery purposes, subject to the same security measures.

We implement reasonable administrative, technical, and organizational measures designed to protect the confidentiality, integrity, and availability of your personal data. These measures include, but are not limited to:

• Encryption in transit. All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS).
• Encryption at rest. Personal data stored on our systems is encrypted at rest using industry-standard encryption algorithms.
• Access controls and authentication. Access to personal data is restricted to authorized personnel on a need-to-know basis. We use role-based access controls, multi-factor authentication, and secure credential management.
• Regular security reviews. We conduct periodic security assessments and vulnerability testing to identify and address potential risks to our systems and data.
• Incident response procedures. We maintain documented incident response procedures to detect, report, investigate, and remediate security incidents. In the event of a personal data breach, we will notify affected individuals and relevant regulatory authorities as required by applicable law.

While we take commercially reasonable steps to protect your personal data, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining robust protections and continuously improving our security practices.

Under the UAE PDPL and, where applicable, the GDPR, you have the following rights in relation to your personal data:

• Right of access. You have the right to request confirmation of whether we process your personal data and, if so, to obtain a copy of that data along with information about how it is processed.
• Right to rectification. You have the right to request correction of inaccurate personal data or completion of incomplete personal data that we hold about you.
• Right to erasure. You have the right to request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, where you withdraw consent, or where processing is otherwise unlawful, subject to applicable legal retention obligations.
• Right to restriction of processing. You have the right to request that we restrict the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data or where you object to processing pending verification of legitimate grounds.
• Right to data portability. Where technically feasible and where processing is based on consent or contract, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
• Right to object. You have the right to object to the processing of your personal data where processing is based on legitimate interests or where data is processed for direct marketing purposes.

To exercise any of these rights, please contact us by email at contact@aigent.ae. We will respond to your request within thirty (30) days of receipt. We may request verification of your identity before fulfilling your request. If your request is manifestly unfounded, excessive, or repetitive, we reserve the right to charge a reasonable administrative fee or refuse the request in accordance with applicable law.

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse site usage, and support the functionality of our Services. Cookies are small text files stored on your device by your web browser.

Our Services are designed for business-to-business (B2B) use and are intended for individuals who are at least eighteen (18) years of age. We do not knowingly collect, solicit, or process personal data from individuals under the age of eighteen (18).

If we become aware that we have inadvertently collected personal data from an individual under eighteen (18), we will take prompt steps to delete such data from our systems. If you believe that we may have collected personal data from a minor, please contact us immediately at contact@aigent.ae.

Our website and Services may contain links to third-party websites, applications, or services that are not operated or controlled by AIGENT. This Privacy Policy applies solely to personal data collected and processed by AIGENT through our own Services.

We are not responsible for the privacy practices, content, or security of any third-party websites or services. We encourage you to review the privacy policies of any third-party websites you visit before providing them with any personal data. The inclusion of any link on our website does not imply endorsement by AIGENT of the linked site or service.

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or business operations. When we make changes, we will update the "Last updated" date at the top of this page.

For material changes - such as changes to the categories of personal data collected, the purposes of processing, or the rights available to you - we will provide notice by email to the address associated with your account or by displaying a prominent notice on our website prior to the changes taking effect.

Your continued use of our Services after any changes to this Privacy Policy take effect constitutes your acceptance of the revised policy. If you do not agree with the updated policy, you should discontinue use of our Services and contact us to close your account.

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data processing practices, or if you wish to exercise any of your rights under applicable data protection law, please contact us:

We are committed to resolving any complaints regarding the collection or use of your personal data. We will endeavour to respond to all enquiries and complaints within thirty (30) days.