Privacy Policy

This Privacy Policy describes how Munadi AI Solutions FZCO (“Company”, “We”, “Us”, “Our”), a company registered at Building A1, Dubai Digital Park, Dubai, UAE (License #62810), collects, uses, and handles data in connection with the Ordian Mail API service at mail.ordian.ai (the “Service”).

Ordian Mail is an API-first service with no user accounts, sign-up forms, or login credentials. Our data collection is minimal and tied directly to service delivery.

2.1 Email Data

When you use the Service to send or receive emails, we process and store:

• Email content — Subject lines, body text, HTML content, and attachments
• Email metadata — Sender and recipient addresses, timestamps, message IDs, delivery status
• Inbox configuration — Inbox addresses, creation time, expiry time, renewal status

2.2 Blockchain Data

• Wallet addresses — The blockchain addresses used to make x402 payments to the Service
• Transaction hashes — Records of payment transactions on the Base blockchain
• Payment amounts — USDC amounts paid for service usage

Note: Blockchain transactions are inherently public. Wallet addresses and transaction details are visible on the Base blockchain to anyone. We do not control this.

2.3 Technical Data

• API request logs — IP addresses, request timestamps, endpoints accessed, HTTP headers, user agent strings
• Error logs — Technical details when errors occur during service delivery

2.4 What We Do NOT Collect

• Names, physical addresses, or phone numbers
• Login credentials (there are none)
• Cookies or browser tracking data (there is no web interface)
• Behavioral analytics or advertising identifiers

We use collected data exclusively for service delivery and operational purposes:

• Email content and metadata: Delivering, storing, and retrieving emails
• Blockchain data: Verifying payments, preventing fraud, maintaining transaction records
• API request logs: Debugging, rate limiting, abuse prevention, service monitoring
• Error logs: Identifying and fixing technical issues

We do not:

• Sell, rent, or trade your data to third parties
• Use your data for advertising or marketing
• Profile users for purposes unrelated to the Service
• Train AI models on your email content
• Share data with third parties for their own purposes

4.1 Email Data

Email content and metadata are retained for the lifetime of the associated inbox:

• When an inbox expires (reaches its expiry time without renewal), all associated email data is scheduled for deletion
• When an inbox is explicitly deleted via API, all associated email data is scheduled for deletion
• Deletion is performed promptly, typically within 24 hours of inbox expiry or deletion

4.2 Blockchain Data

Payment records (wallet addresses, transaction hashes, amounts) are retained indefinitely for:

• Financial record-keeping and tax compliance
• Fraud prevention
• Dispute resolution

This data is already publicly available on the blockchain.

4.3 Technical Logs

API request logs and error logs are retained for up to 90 days, after which they are deleted or anonymized.

We may share data with third parties only in the following limited circumstances:

5.1 Infrastructure Providers

We use third-party infrastructure providers (cloud hosting, email delivery infrastructure) to operate the Service. These providers process data on our behalf and are bound by contractual obligations to protect your data.

5.2 Legal Requirements

We may disclose data if required to do so by law, regulation, legal process, or governmental request. We may also disclose data to:

• Comply with applicable law or legal process
• Enforce our Terms of Service
• Protect the rights, property, or safety of Munadi AI Solutions, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will notify affected users of any change in data handling practices.

We implement reasonable technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS)
• Access controls limiting who can access stored data
• Regular security reviews of our infrastructure

However, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

7.1 Data Access and Deletion

You can:

• Access your email data at any time through the API while your inbox is active
• Delete your inbox and all associated data at any time through the API
• Request information about what data we hold about a specific wallet address by contacting us

7.2 Data Portability

While your inbox is active, you can retrieve all stored emails via the API in standard formats.

7.3 Exercising Your Rights

For data-related requests that cannot be fulfilled through the API, contact us at privacy@ordian.ai. We will respond to legitimate requests within 30 days.

Our infrastructure may be located in multiple jurisdictions. By using the Service, you consent to the transfer of your data to servers outside your country of residence. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

We comply with applicable UAE data protection regulations, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and its implementing regulations.

As a B2B API service primarily handling business communications, much of the data we process may fall outside the scope of personal data regulations. However, where personal data is involved, we apply appropriate protections.

The Service is not directed at individuals under the age of 18. We do not knowingly collect data from minors. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.

11.1 Public Data

All x402 payments occur on the Base blockchain, a public ledger. This means:

• Your wallet address and payment transactions are publicly visible
• Transaction amounts and timestamps are publicly visible
• We have no ability to make this data private — it is a fundamental property of blockchain technology

11.2 Pseudonymity

Blockchain addresses are pseudonymous. We do not attempt to link wallet addresses to real-world identities unless required by law.

We may update this Privacy Policy from time to time. Changes will be posted on our website at ordian.ai with an updated “Last updated” date.

For material changes that significantly affect how we handle your data, we will make reasonable efforts to provide advance notice.

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

For privacy-related inquiries or data requests:

• Privacy: privacy@ordian.ai
• General: support@ordian.ai
• Abuse: abuse@ordian.ai
• Company: Munadi AI Solutions FZCO, Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, UAE (License #62810)
• Website: ordian.ai