Introduction

About This Policy

This Privacy Policy ("Policy") explains how CNTXT FZCO and its affiliates and subsidiaries operating under the 'CNTXT' brand ("CNTXT AI", "we", "our" or "us") collect, store, use, disclose, and otherwise process personal data about you when you interact with our website www.CNTXT AI.tech ("Website"), our AI data services, annotation platform, and other products or services (collectively, the "Services").

Our Commitment

CNTXT AI is committed to protecting your privacy and ensuring the security of your personal data in accordance with:

• UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data
• Dubai Data Law (Law No. 26 of 2015) as amended
• International Free Zone Authority (IFZA) regulations
• Where applicable, the General Data Protection Regulation (EU) 2016/679 ("GDPR")

Data Controller Information

Acceptance of Terms

By accessing or using our Website and Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with this Policy, please do not use our Services.

Applicable Legislation & Regulatory Framework

This Policy is designed to comply with:

Primary UAE Legislation

• UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data
• Dubai Data Law (Law No. 26 of 2015) as amended
• UAE Cybercrime Law (Federal Decree-Law No. 34 of 2021)
• IFZA Regulations applicable to technology companies
• UAE National Strategy for Artificial Intelligence 2031
• UAE National Cybersecurity Strategy

Sector-Specific Requirements

• Healthcare: UAE Health Data Law where applicable
• Financial Services: UAE Central Bank regulations for fintech
• Government: Enhanced requirements for government contracts
• Telecommunications: TRA (TDRA) requirements where applicable

International Frameworks

• GDPR (Regulation (EU) 2016/679) for EU data subjects
• CCPA for California residents
• ISO/IEC 27701 Privacy Information Management
• ISO/IEC 29100 Privacy Framework
• Other applicable international data protection laws

Industry Standards and Best Practices

• NESA Standards (National Electronic Security Authority)
• Dubai Electronic Security Center Guidelines
• UAE IA Standards (Information Assurance)
• Cloud Security Alliance Guidelines
• AI Ethics Guidelines from UAE AI Office

Definitions

Unless otherwise defined in this Policy, terms shall have the following meanings:

"Personal Data" means any data related to an identified or identifiable natural person as defined under UAE Federal Decree-Law No. 45 of 2021, including but not limited to name, voice, picture, identification number, online identifier, geographic location, or one or more special elements that express the physical, psychological, economic, cultural, or social identity of that person.

"Processing" means any operation or set of operations performed on personal data, whether or not by automated means, including collecting, recording, organizing, structuring, storing, adapting, altering, retrieving, using, disseminating, disclosing, combining, restricting, erasing, or destroying.

"Data Subject" means the identified or identifiable natural person to whom the personal data relates.

"Controller" means the entity that determines the purposes and means of processing personal data.

"Processor" means the entity that processes personal data on behalf of the Controller.

"Sensitive Personal Data" means personal data that reveals or relates to:

• Family details
• Racial or ethnic origin
• Political opinions or affiliations
• Religious or philosophical beliefs
• Criminal records
• Biometric or genetic data
• Health data
• Data determined as sensitive by the UAE Data Office

"Consent" means any freely given, specific, informed, and unambiguous indication of the data subject's agreement to the processing of their personal data.

Scope of This Policy

This Policy applies to personal data collected through:

Direct Collection

• Information you provide when registering for an account
• Data submitted through our Services
• Information provided when contacting us
• Details shared at events or conferences

Automated Collection

• Technical data collected via cookies and similar technologies
• Usage information and analytics
• Device and browser information
• IP addresses and location data

Third-Party Sources

• Authentication providers (e.g., Google OAuth)
• Business partners and resellers
• Public databases and directories
• Social media platforms

Types of Personal Data We Collect

Identity and Contact Information

• Full name and title
• Email address
• Phone number
• Emirates ID number (where legally required)
• Company name and job title
• Professional credentials

Account Information

• Username and password
• Account preferences
• Profile information
• Authentication data
• API keys and access tokens

Technical Information

• IP address
• Browser type and version
• Device information
• Operating system
• Time zone settings
• Location data (with consent)

Usage Information

• How you use our Services
• Pages visited and features used
• Search queries
• Click-through data
• Session duration
• API usage metrics

Transaction Information

• Purchase history
• Billing information
• Payment details (tokenized)
• Contract details
• Invoice records

Communication Data

• Email correspondence
• Support tickets
• Feedback and surveys
• Call recordings (with consent)
• Meeting notes and transcripts

AI Training and Annotation Data

• Data submitted for annotation
• Model training parameters
• Performance metrics
• Quality assurance data
• Dataset metadata
• Arabic language datasets
• Multilingual training data

Marketing Information

• Communication preferences
• Newsletter subscriptions
• Event attendance
• Marketing campaign responses

Government and Enterprise Data

When working with UAE government entities or enterprises:

• Security clearance information (where applicable)
• Project classification levels
• Access authorization data
• Compliance certifications

Google Workspace API Data

When you connect Google Workspace:

• Calendar information
• Email metadata (not content unless explicitly authorized)
• Drive file metadata
• Contact information

Sovereign Data Categories

In alignment with UAE sovereign AI initiatives:

• Data classified under UAE data sovereignty requirements
• National infrastructure project data
• Government service interaction data
• Critical sector information (energy, healthcare, finance)

How We Use Your Personal Data

We process your personal data for the following purposes:

Service Delivery

• Providing access to our AI annotation and data services
• Managing your account and authentication
• Processing transactions
• Delivering customer support
• Fulfilling contractual obligations
• Enabling API access and integrations

AI and Innovation Services

• Facilitating data annotation and labeling services
• Quality assurance and validation processes
• Performance analytics and metrics
• Model training support (not using your confidential data)
• Supporting Arabic language AI development
• Advancing multilingual AI capabilities
• Contributing to UAE's AI ecosystem

Service Improvement

• Enhancing user experience
• Developing new features and capabilities
• Conducting analytics and research
• Personalizing content and recommendations
• Optimizing platform performance
• Innovation in AI technologies

Communication

• Responding to inquiries
• Sending service notifications
• Providing technical support
• Sharing updates and announcements
• Delivering training and educational content

Marketing (with consent where required)

• Sending promotional materials
• Informing about new services
• Event invitations
• Newsletter distribution
• Industry insights and thought leadership

Security and Compliance

• Preventing fraud and abuse
• Ensuring platform security
• Complying with legal obligations
• Enforcing our terms
• Protecting rights and property
• Meeting regulatory requirements

Your Rights

Under UAE data protection laws and GDPR (where applicable), you have the following rights:

Access

• Request copies of your data
• Learn how data is being processed
• Information about retention periods

Rectification

• Correct inaccurate data
• Complete incomplete data
• Update outdated information

Erasure ("Right to be Forgotten")

• Request deletion in certain circumstances
• Removal from marketing databases
• Deletion of unnecessary data

Restriction

• Limit processing in specific situations
• Suspend processing pending verification
• Restrict use for certain purposes

Data Portability

• Receive data in structured format (JSON/CSV)
• Transfer to another controller
• Direct transfer where technically feasible

Objection

• Object to processing based on legitimate interests
• Object to direct marketing (immediate effect)
• Object to automated decision-making
• Object to profiling activities

Consent Management

• Withdraw consent at any time
• Manage communication preferences
• Control cookie settings
• Opt-out of analytics

No Automated Decision-Making

• Right to human review of automated decisions
• Explanation of logic involved
• Challenge automated decisions
• Request human intervention

Additional Rights for EU Residents

EU data subjects have additional rights under GDPR:

• Lodge complaints with supervisory authorities
• Seek judicial remedy
• Compensation for damages

Transparency Rights

• Clear information about data processing
• Notification of data breaches
• Information about third-party sharing
• Access to privacy impact assessments (where applicable)

Exercising Your Rights

To exercise your rights:

• Online Portal: [XX]
• Email: [XX]
• Data Protection Officer: [XX]

Response Timeline:

• Acknowledgment: Within 3 business days
• Initial response: Within 15 days
• Complex requests: Up to 30 days (with notification)
• Extensions: Maximum 60 additional days for complex cases

Verification Process:

• Identity verification required
• Emirates ID or passport copy may be requested
• Additional verification for sensitive requests
• No fees for standard requests

Complaints and Escalation

If you're unsatisfied with our response:

• Internal review by Data Protection Officer
• Escalation to senior management
• File complaint with UAE Data Office
• For EU residents: Lodge complaint with local supervisory authority

Cookies and Tracking Technologies

Types of Cookies

• Essential: Required for site functionality
• Performance: Collect usage information
• Functional: Remember preferences
• Targeting: Deliver relevant content

Cookie Management

You can manage cookies through:

• Browser settings
• Cookie consent banner
• Privacy settings in your account

Third-Party Cookies

Some third-party services may set cookies. Please review their privacy policies. For detailed information, see our [Cookie Policy].

AI Model Development and Data Usage

Our AI Development Principles

Aligned with UAE AI companies' best practices:

• Transparency: Clear disclosure of AI data usage
• Separation: Client data never used for other clients' models
• Innovation: Contributing to Arabic and multilingual AI advancement
• Sovereignty: Supporting UAE's AI independence goals
• Ethics: Adhering to UAE AI Ethics Guidelines

Data Usage in AI Development

For Our Platform Improvement:

• Aggregated usage patterns (anonymized)
• Performance metrics (non-identifiable)
• Error logs and system optimization data
• General quality improvement insights

For Client-Specific Services:

• Training data remains isolated to client environment
• Models trained exclusively for specific client use
• No cross-contamination between client datasets
• Clear data ownership maintained

For Research and Innovation:

• Only with explicit consent
• Fully anonymized or synthetic data
• Contributing to open-source Arabic AI development
• Academic partnerships with data protection agreements

Prohibited AI Uses

We will NEVER:

• Use your data to train models for competitors
• Sell AI insights derived from your data
• Create derivative works without permission
• Use personal data for unauthorized AI training
• Develop surveillance or monitoring capabilities
• Create models for harmful or discriminatory purposes

Arabic Language AI Commitment

As part of UAE's Arabic AI leadership:

• Protecting Arabic language datasets
• Ensuring cultural sensitivity in AI development
• Contributing to sovereign Arabic language models
• Supporting dialect preservation and understanding

Model Security and Privacy

• Encrypted model storage
• Access-controlled model deployment
• Audit trails for all model access
• Privacy-preserving techniques in training
• Regular model security assessments
• Protection against model extraction attacks

Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly:

• Collect data from minors
• Market to children
• Allow minors to create accounts

If we discover data from a minor:

• Immediate deletion upon discovery
• Notification to relevant parties
• Review of collection procedures
• Implementation of additional safeguards

Parents/guardians may contact us at [XX] regarding any concerns.

Training and Awareness

All CNTXT AI employees receive:

• Mandatory data protection training during onboarding
• Regular privacy awareness updates (quarterly)
• Role-specific training for data handlers
• AI ethics and responsible data use training
• Updates on UAE regulatory changes
• Security awareness and incident response training

We also provide:

• Privacy training for our partners
• Best practices guidance for clients
• Regular privacy webinars and workshops
• Contribution to UAE privacy awareness initiatives

Complaints

If you're unsatisfied with our response:

• Request escalation to senior management
• Contact our Data Protection Officer directly
• Lodge a complaint with UAE Data Office
• For EU residents: Contact your local supervisory authority

Governing Law and Dispute Resolution

Governing Law

This Policy is governed by:

• Laws of the United Arab Emirates (Federal)
• Dubai laws (Emirate level)
• IFZA regulations and rules

Dispute Resolution

Any disputes shall be resolved through:

• Good faith negotiations (30 days)
• Mediation through IFZA (60 days)
• Arbitration under Dubai International Arbitration Centre (DIAC) rules
• Seat of arbitration: Dubai, UAE
• Language: English

Sovereign AI and Data Localization

UAE Data Sovereignty Commitment

In alignment with UAE's sovereign AI strategy and following practices of G42, Core42, and other UAE leaders:

• All UAE government and critical infrastructure data remains within UAE borders
• Processing occurs in UAE-based data centers
• No foreign access without explicit government authorization
• Compliance with UAE data localization requirements
• Support for national data independence initiatives

National AI Initiatives

CNTXT AI actively supports UAE's AI ambitions by:

• Contributing to Arabic language model development
• Supporting UAE National Strategy for Artificial Intelligence 2031
• Participating in Dubai AI Roadmap initiatives
• Collaborating with UAE AI Office on best practices
• Enabling the UAE's vision to become the first AI-powered government by 2031
• Supporting the UAE's goal to be a global AI leader

Strategic Technology Partnerships

We collaborate with UAE technology ecosystem while maintaining data privacy:

• Partnerships aligned with national objectives
• Technology transfer initiatives
• Knowledge sharing with local entities
• Support for UAE startup ecosystem
• Collaboration with academic institutions

Language

This Policy is provided in English and may be translated into Arabic for accessibility. Where required by UAE law or IFZA regulations, Arabic translations will be provided. In case of any discrepancy between versions, the English version shall prevail unless otherwise required by UAE courts or regulatory authorities.

Acknowledgment

By using our Services, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal data as described herein, in accordance with UAE Data Protection Law and our commitment to responsible AI development.

We are proud to contribute to the UAE's vision of becoming a global leader in AI while maintaining the highest standards of data privacy and protection.