Data Privacy Policy

Version 1.1

Purpose

Ketrone LTD (herein referred to as “Organization,” “Company,” “we,” “our,” or “us,” etc.) iscommitted to protecting the privacy of individuals who interact with us. This policy explains howwe collect, use, store, and safeguard personal data to ensure transparency and build trust withour users, customers, and partners.

Scope

This policy applies to all personal data collected through the organization’s websites,applications, services, and other interactions with individuals.

Definition

The following terms shall have the meanings set out below:

  • IP Address: A unique string of characters that identifies each computer using the Internet Protocol to communicate over a network.
  • Personal Data: Any information relating to an identifiable individual (e.g., name, email, IPaddress)
  • Processing: Any operation performed on personal data, such as collection, storage, use,disclosure, or deletion.
  • Data Controller: The entity that determines the purposes and means of processing personal data.
  • Data Processor: The entity that processes data on behalf of the data controller.

Responsibilities

  • Chief Information Security Officer (CISO) is responsible for developing, implementing, maintaining, and enforcing the policy.
  • Employees are responsible and/or accountable to ensure adherence to this policy’s terms during their job duties.

Policy

Data We Collect

We may collect the following types of personal data:

  • Identification Information: Name, email, phone number, address, date of birth, etc.
  • Account Information: Username, password, account preferences.
  • Financial Information: Payment details, billing address.
  • Technical Data: IP address, device identifiers, operating system, cookies, and usage analytics.
  • Sensitive Personal Data (if applicable): Health information, biometric data, or othersensitive data only with explicit consent

AI ETHICS AND MODEL TRAINING

No-Usage Guarantee: We provide an explicit guarantee that neither Personal Data nor Customer Content provided to our services is utilized to train, retrain, or improve our underlying artificial intelligence models or algorithms. Furthermore, our AI systems are developed and utilized in accordance with the "Guide for the Use of Artificial Intelligence in Judicial Services and Judicial Processes," upholding principles of transparency, accountability, and the protection of fundamental rights. Sensitive Personal Data (if applicable): Health information, biometric data, or other sensitive data only with explicit consent.

How We Use Collect Data

We collect personal data through the following methods:

  • Directly from you: When you fill out forms, create accounts, or contact us.
  • Automatically: Through cookies, analytics tools, and logs when you use our website or services.
  • Third Parties: From business partners, service providers, or publicly available sources.
Legal Bases for Processing Personal Data

We process personal data only when permitted by law. The legal bases include:

  • Consent: When you provide explicit consent (e.g., marketing communications).
  • Contractual Necessity: To fulfill a contract with you (e.g., processing orders).
  • Legal Obligation: To comply with legal and regulatory requirements.
  • Legitimate Interests: For fraud prevention, improving services, or ensuring security.
How We Use Personal Data

We use personal data for the following purposes:

  • Providing and improving our services.
  • Processing transactions and managing accounts.
  • Communicating with you regarding updates, offers, and support.
  • Conducting analytics and research to improve user experience.
  • Ensure security, detect fraud, and comply with legal obligations.
Data Sharing and Disclosure

We may share personal data under these circumstances:

  • Service Providers: With vendors or contractors who perform services on our behalf.
  • Legal Compliance: To comply with laws, subpoenas, or other legal processes.
  • Business Transfers: In the event of mergers, acquisitions, or asset sales.
  • Consent: When you explicitly agree to share your data.

INTERNATIONAL DATA TRANSFERS

Your personal data may be transferred to and processed in jurisdictions outside of the ADGM, specifically in the United States and the European Union, where our cloud infrastructure (such as AWS or Azure) is hosted. To ensure a level of protection equivalent to the DPR 2021 and consistent with federal UAE requirements for cross-border data flow, such transfers are governed by Standard Contractual Clauses (SCCs) and further protected by 'Zero-Retention at the edge' technical safeguards to prevent persistent storage on international processing nodes.

TWO-TRACK DATA RETENTION

(a) Customer Content: Personal data and content processed during sessions are subject to immediate deletion via 'Volatile Session'; mode or the 'Immediate Purge'; tool, as detailed in the Enhanced Privacy Controls section. Residual data in backups is handled per the 30-day 'put beyond use'; protocol.

(b) Statutory Records: Notwithstanding the above, certain personal data associated with contracts, financial transactions, and corporate audit trails will be retained for a period of ten (10) years to comply with UAE and ADGM statutory retention requirements.

ENHANCED PRIVACY CONTROLS AND DATA LIFECYCLE

Volatile Session Mode: Users may select a 'Volatile Session'; mode (where applicable). In this mode, Customer Content and the resulting AI analysis are processed entirely in RAM (Random Access Memory) and are never written to persistent disk storage. Once the session is closed or the browser is refreshed, all data associated with that session is immediately and irretrievably purged.

Immediate Purge Functionality: For users who choose to store their history on the platform, Ketrone provides an 'Immediate Purge' tool. Upon the User’s activation of this command, the selected Personal Data and Customer Content shall be deleted from Ketrone’s production databases instantly.

Technical Deletion and Back-ups: (a) Upon a purge request, data is logically deleted from the live environment immediately. (b) Due to the nature of distributed systems and Disaster Recovery (DR) protocols, such data may persist in encrypted system back-ups for a maximum period of 30 days. During this period, the data is 'put beyond use' meaning it is inaccessible for any processing or retrieval and is eventually overwritten by the next backup cycle accordance with the ADGM Data Protection Regulations 2021.

REGULATORY OVERSIGHT

Supervisory Authority: Ketrone is a company registered in the Abu Dhabi Global Market (ADGM). For the purposes of the ADGM Data Protection Regulations 2021, the supervisory authority responsible for the oversight of Personal Data processing is the ADGM Office of Data Protection (ODP). Where applicable to the company’s federal activities, Ketrone also acknowledges its commitment to complying with Federal Decree-Law No. 45/2021 on the Protection of Personal Data, as overseen by the UAE Data Office.

Right to Complain: Data Subjects have the right to lodge a complaint with the ADGM Commissioner of Data Protection if they believe that the processing of their Personal Data by Ketrone infringes their rights under the Data Protection Regulations 2021.

Data Security

We implement industry-standard technical and organizational measures to safeguard personaldata, including:

  • Encryption (at rest and in transit).
  • Access controls and authentication protocols.
  • Regular audits and security assessments; and proactive monitoring and auditing of AI algorithms to prevent bias and ensure data integrity, in accordance with the requirements of the Artificial Intelligence and Advanced Technology Council.
Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request access to your data.
  • Rectification: Correct inaccurate or incomplete data.
  • Deletion: Request deletion of your data.
  • Data Portability: Obtain a copy of your data in a portable format.
  • Restriction: Request a limitation on the processing of your data.
  • Objection: Object to certain processing activities (e.g., direct marketing).
  • Withdraw Consent: Withdraw your consent when processing is based on consent.

To exercise your rights, please contact us at sadry@ketrone.io.

Cookies and Tracking Technologies

We use cookies and other tracking technologies to enhance your browsing experience. You can manage your preferences through our cookie policy or browser settings.

Children’s Privacy

We do not knowingly collect personal data from children under the age of 18. If we become aware of such data, we will delete it promptly.

Third-Party Links

Our website or services may contain links to third-party websites. We are not responsible for their privacy practices and encourage you to review their privacy policies.

Updates to This Policy

We may update this policy periodically to reflect changes in laws, regulations, or business practices.