Privacy Policy

This Privacy Policy describes how Munadi AI Solutions FZCO (“Company”, “We”, “Us”, “Our”), a company registered at Building A1, Dubai Digital Park, Dubai, UAE (License #62810), collects, uses, and handles data in connection with the Ordian Agents AI assistant service at ordian.ai (the “Service”).

Ordian Agents requires access to your personal communications and data to function effectively. This policy explains what data we access, how we use it, and how we protect your privacy.

2.1 Account Data

When you create an account, we collect:

• Personal information — Name, email address, and phone number
• Account credentials — Username, password (encrypted), and account settings
• Payment information — Billing details processed by Stripe (we do not store credit card numbers)

2.2 Communications Data

With your explicit permission, your AI agent accesses and processes:

• WhatsApp messages — Content of messages sent and received through your connected WhatsApp account
• Email data — Content, headers, attachments, and metadata from connected email accounts (Gmail, Outlook, etc.)
• Calendar information — Event details, schedules, attendee information, and meeting notes from connected calendar services
• Contact lists — Names, email addresses, phone numbers, and other contact details from your connected accounts

2.3 Agent Interaction Data

• Conversation logs — Records of your interactions with the AI agent
• Agent actions — Logs of actions taken by the agent on your behalf (messages sent, meetings scheduled, etc.)
• Configuration data — Your preferences, agent settings, and behavioral instructions
• Usage analytics — Service usage patterns, feature utilization, and performance metrics

2.4 Technical Data

• Login data — IP addresses, browser information, login timestamps
• Third-party tokens — Encrypted authentication tokens for connected services
• Error logs — Technical information when errors occur

3.1 Service Delivery

We use your data to:

• Power the AI agent — Enable the agent to understand context, respond appropriately, and take actions on your behalf
• Manage communications — Read, process, and respond to messages and emails
• Schedule and coordinate — Manage your calendar and coordinate meetings
• Organize contacts — Maintain and update your contact information

3.2 Service Improvement

• Improve agent responses — Analyze interaction patterns to make the agent more helpful and accurate
• Debug and optimize — Identify and fix technical issues, improve performance
• Develop new features — Understand usage patterns to build better capabilities

3.3 What We DON'T Do

• Train AI models on your personal data — Your messages, emails, and personal information are never used to train our AI models or improve general AI capabilities
• Sell your data — We never sell, rent, or trade your data to third parties
• Use data for advertising — We do not use your data for advertising or marketing purposes
• Share for other purposes — We don't share your data with third parties for their own business purposes

4.1 Third-Party AI Providers

Ordian Agents uses AI services from third-party providers (Anthropic, Google, etc.) to power agent responses. When processing your data:

• Prompts are sent securely — Your messages and context are sent to AI providers via encrypted connections
• No training on your data — Per our agreements with AI providers, your prompts are not stored or used for model training
• Processing is transient — AI providers process your data only to generate responses and do not retain it beyond processing

4.2 Data Minimization

We practice data minimization when sending context to AI providers:

• Only relevant context for the current task is included
• Sensitive information is filtered out when not necessary
• Historical context is limited to what's needed for understanding

5.1 Data Storage Location

Your data is stored on secure servers hosted by Hetzner in Germany. All data is:

• Encrypted at rest — All stored data is encrypted using industry-standard encryption
• Encrypted in transit — All data transfers use TLS encryption
• Access controlled — Only authorized personnel can access servers, with strict access logging

5.2 Security Measures

• Regular security audits and vulnerability assessments
• Multi-factor authentication for administrative access
• Regular backups with encrypted storage
• Network security measures including firewalls and intrusion detection

5.3 Third-Party Access

We use the following third-party processors who may have limited access to your data:

• Stripe — Payment processing (billing information only)
• Hetzner — Infrastructure hosting (encrypted data storage)
• AI providers — Anthropic, Google (transient prompt processing only)

All third-party processors are bound by strict data protection agreements.

6.1 Active Account Data

While your account is active, we retain:

• Account information and settings
• Recent communication data needed for agent context (typically 90 days of message history)
• Calendar and contact data as long as accounts are connected
• Agent interaction logs for service improvement

6.2 Account Deletion

When you delete your account:

• 30-day grace period — Your data is retained for 30 days to allow account recovery
• Complete deletion — After 30 days, all personal data is permanently deleted from our systems
• Anonymized analytics — We may retain anonymized usage statistics that cannot be linked back to you

6.3 Legal Retention

We may retain certain data longer if required by law, for legal proceedings, or to resolve disputes.

7.1 Access Rights

You have the right to:

• Access your data — Request a copy of all personal data we hold about you
• Correct inaccuracies — Update or correct any incorrect personal information
• Delete your data — Request deletion of your personal data (right to erasure)
• Export your data — Receive your data in a portable format

7.2 Control Rights

• Revoke permissions — Disconnect third-party accounts and revoke data access at any time
• Limit processing — Restrict how your data is used within the Service
• Opt out of analytics — Request exclusion from usage analytics and service improvement studies

7.3 Exercising Your Rights

To exercise any of these rights, contact us at privacy@ordian.ai. We will respond within 30 days and may require identity verification for security purposes.

Your data may be processed in multiple jurisdictions as part of providing the Service:

• Primary storage — Germany (Hetzner infrastructure)
• AI processing — Various locations depending on AI provider infrastructure
• Third-party services — WhatsApp, Gmail, etc. may process data in their respective jurisdictions

All international transfers are protected by appropriate safeguards including standard contractual clauses and adequacy decisions where applicable.

9.1 UAE PDPL Compliance

We comply with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and its implementing regulations. This includes:

• Obtaining proper consent for data processing
• Implementing appropriate security measures
• Respecting data subject rights
• Providing transparent privacy information

9.2 GDPR Compliance

For users in the EU/EEA, we comply with the General Data Protection Regulation (GDPR), including:

• Lawful basis for processing (consent and legitimate interest)
• Enhanced rights for EU data subjects
• Data Protection Impact Assessments where required
• Breach notification procedures

10.1 Minimal Cookies

We use only essential cookies for:

• Authentication — Keeping you logged in to your account
• Security — Protecting against cross-site request forgery
• Basic functionality — Remembering your preferences and settings

10.2 No Tracking

We do NOT use:

• Advertising cookies or tracking pixels
• Third-party analytics tools (Google Analytics, etc.)
• Social media tracking or widgets
• Behavioral tracking across websites

Ordian Agents is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service features. Changes will be posted on our website with an updated “Last updated” date.

For material changes that significantly affect how we handle your data, we will:

• Provide 30 days' advance notice via email
• Explain the nature of the changes and their impact
• Offer the option to delete your account if you disagree with the changes

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

For privacy-related inquiries or data requests:

• Privacy Officer: privacy@ordian.ai
• General Support: support@ordian.ai
• Company: Munadi AI Solutions FZCO, Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, UAE (License #62810)
• Website: ordian.ai

Related Legal Documents:

• Terms of Service
• Acceptable Use Policy