Privacy Policy

1. Introduction and Who We Are

This Privacy Policy applies to the website aigovernance.ae ("Site") and the GUARD GRC platform at guard.aigovernance.ae ("Platform"), both operated by GUARD GRC L.L.C-FZ, registered in Meydan Free Zone, Dubai, United Arab Emirates.

GUARD GRC L.L.C-FZ is the data controller responsible for your personal data. For any data protection inquiries, contact: support@guardgrc.com

2. Personal Data We Collect

2.1 Information You Provide

• Account data: name, email address, company name, job title when you register for the Platform
• Payment data: processed by our third-party payment provider; we do not store card details
• Platform data: documents you upload, assessment responses, questionnaire answers, governance data you input
• Communications: emails, form submissions, consultation bookings, e-book download requests

2.2 Information Collected Automatically

• Usage data: pages visited, features used, time spent, interactions
• Device data: browser type, operating system, screen resolution
• Log data: IP address, access times, referring URLs

3. How and Why We Use Your Data

4. AI Processing

The Platform uses artificial intelligence to generate governance outputs including policies, assessments, and regulatory analysis. Data you input may be processed by AI models to produce these outputs. We do not use your data to train third-party AI models. Platform-generated outputs are based on your specific inputs and our regulatory database.

5. Data Sharing

We do not sell your personal data. We may share data with the following categories of service providers under appropriate data processing agreements:

6. International Data Transfers

Some of our service providers are based outside the UAE. When we transfer your data internationally, we ensure appropriate safeguards are in place consistent with applicable data protection laws, including the UAE Personal Data Protection Law (PDPL) and any applicable DIFC or ADGM data protection regulations.

7. Data Retention

• Account data: retained while your account is active. After termination, retained for up to 12 months to allow data export, then deleted.
• Transaction data: retained for 7 years to comply with tax and legal requirements.
• Platform data: retained while your account is active. Deleted within 90 days of account termination.
• Marketing data: retained until you withdraw consent.

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), access controls, and regular security reviews. No system is completely secure; we cannot guarantee absolute security but we are committed to best-practice data protection.

9. Your Data Protection Rights

Regardless of your location, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data (subject to legal retention requirements)
• Restrict processing of your data
• Data portability — receive your data in a structured format
• Object to processing based on legitimate interest
• Withdraw consent at any time for consent-based processing

For clients in the UAE, we apply the principles of the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) in how we handle your data. For DIFC-based clients, we comply with DIFC Data Protection Law No. 5 of 2020.

To exercise any of your rights, contact support@guardgrc.com. We will respond within 30 days.

10. Children's Privacy

The Platform is not intended for individuals under 18. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or Platform notification. The "Last updated" date at the top indicates the latest revision.

12. Contact

GUARD GRC L.L.C-FZ
Meydan Free Zone, Dubai, UAE
Email: support@guardgrc.com