How we handle your data

This Privacy Policy describes how AYAN LABS FRONTIER SOFTWARE - FZCO ("AYAN", "we", "us") processes personal data when you visit our website, register for an account, or use the AYAN platform (the "Service"). We are headquartered in Dubai, United Arab Emirates, and serve customers globally, including in the European Economic Area (EEA) and the United Kingdom.

This policy applies to personal data of website visitors, prospective customers, customer end-users, and individuals whose data is provided to us by our customers in the course of using the Service.

Account data, name, business email, company, role, and password when you create an account.

Usage data, interactions with the Service such as queries run, modules used, log timestamps, IP address, browser, and device identifiers.

Customer-provided data, brand assets, taxonomies, prompts, audit inputs, and other content you upload to operate the Service.

Communications, messages you send to support, sales, or via forms (e.g. "Book a demo").

Cookies, strictly necessary cookies for authentication and session, plus limited analytics to measure aggregate usage of the website.

We use personal data to: (a) provide, maintain, and improve the Service; (b) authenticate users and secure accounts; (c) communicate about your account, support requests, and product updates; (d) comply with legal obligations and enforce our Terms of Service; (e) detect, investigate, and prevent abuse, fraud, and security incidents.

We do not use customer-provided brand data to train AI models. We query third-party LLMs for perception analysis on your behalf, but your proprietary content is not used to train any model, ours or third parties'.

For individuals in the EEA or UK, we rely on the following legal bases under the GDPR:

• Performance of a contract, to provide the Service you or your organization requested. • Legitimate interests, to secure, improve, and market the Service, balanced against your rights. • Consent, for optional analytics cookies and marketing communications, withdrawable at any time. • Legal obligation, to comply with applicable laws.

We share personal data with vetted sub-processors who provide infrastructure, model inference, email delivery, payment processing, and analytics on our behalf. Sub-processors are bound by written agreements requiring confidentiality, security, and data-processing terms consistent with this policy.

A current list of sub-processors is available on request at [email protected]. We do not sell personal data.

The Service is operated from European and UAE infrastructure. When personal data is transferred outside its country of origin, for example, from the EEA to the UAE, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and equivalent UK addenda, together with supplementary measures where required.

We retain personal data for as long as your account is active and as needed to provide the Service. After termination, we delete or anonymize personal data within a reasonable period, except where retention is required to comply with legal, accounting, or reporting obligations, or to resolve disputes.

We protect data with encryption in transit (TLS 1.3) and at rest (AES-256), tenant isolation, scoped API keys, and continuous monitoring. For a fuller description of our controls, certifications, and infrastructure, see our Security page at /security.

Depending on your jurisdiction, you may have rights to access, rectify, erase, restrict, port, or object to the processing of your personal data, and to withdraw consent at any time. Individuals in the EEA and UK have these rights under the GDPR; individuals in the UAE have analogous rights under the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021).

To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law. You also have the right to lodge a complaint with your local supervisory authority.

We use a minimal set of cookies: strictly necessary cookies to keep you signed in, and aggregated, privacy-respecting analytics to understand how the website is used. We do not use third-party advertising cookies. You can disable non-essential cookies in your browser at any time.

The Service is intended for business use and is not directed to individuals under 18. We do not knowingly collect personal data from minors.

We may update this Privacy Policy from time to time. Material changes will be communicated by email to account administrators or by a prominent notice on the website. The "Last updated" date at the top of this page indicates when this policy was last revised.