Draft pending legal review. This Privacy Policy is published in good faith and aligned with the UAE PDPL and GDPR principles, but has not yet been reviewed by qualified counsel. Sub-processor list and data-residency statements must be verified against our live infrastructure before this is treated as final. Questions?
info@hibr.ai.
Privacy Policy
Effective date: 31 May 2026 · Last updated: 31 May 2026 · Version: 1.0
This Privacy Policy explains how Hibr AI ("Hibr", "we", "us") collects, uses, shares, and protects personal data of website visitors, prospects, and customers of our AI consulting services and products. We aim to comply with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("PDPL") and, where it applies, the EU/UK GDPR.
Individual products may have a supplementary privacy notice — for example HIBR 3D and HIBR ERP. Where a product notice applies, it supplements this policy for that product.
1. Who we are (data controller)
The data controller is Hibr AI, established in the United Arab Emirates. For any privacy matter, contact info@hibr.ai. The registered legal entity name, address, and a dedicated data-protection contact are to be confirmed by Hibr before this policy is finalised.
2. What personal data we collect
Information you give us
- Contact & account data: name, work email, phone number, company name, and role, provided when you buy, request a quote, submit the AI assessment, sign up to a newsletter, or contact us.
- Order & billing data: the products you buy, order references, billing country, and tax identifiers where relevant. Card payments are processed by Stripe — we do not receive or store your full card number.
- Engagement content: business information, documents, prompts, and inputs you provide so we can deliver a service or product (for example assessment answers, brand details for content, or data for a lead-qualifier or 3D model).
- Communications: messages you send us by email, contact form, or live chat.
Information we collect automatically
- Usage & device data: IP address, browser and device type, pages viewed, referring page, and interactions, collected via cookies and similar technologies (see Section 10).
- Analytics & advertising identifiers: where you consent, via Google Analytics and the Meta pixel.
3. How we use personal data
- To take and fulfil orders, deliver services and products, and provide support;
- To send transactional messages — receipts/tax invoices, account access, onboarding, and service notices;
- To respond to enquiries, quotes, and assessment requests;
- To operate, secure, and improve our websites and offerings, including fraud prevention;
- To comply with legal, tax, and accounting obligations;
- With your consent, to send marketing communications and to set analytics/advertising cookies. You can opt out of marketing at any time via the unsubscribe link or by emailing us.
We do not use the confidential content you provide for an engagement to train our own AI models without your consent.
4. Legal bases for processing
Where the PDPL or GDPR applies, we rely on:
- Performance of a contract — to deliver what you purchased;
- Legal obligation — for tax, accounting, and record-keeping;
- Legitimate interests — to operate, secure, and improve our business (balanced against your rights);
- Consent — for marketing communications and non-essential cookies, which you may withdraw at any time.
5. Sharing & sub-processors
We do not sell personal data. We share it only as needed to run our business, with providers bound by appropriate data-protection terms:
- Stripe — payment processing (PCI-DSS Level 1).
- Anthropic (and other AI model providers) — to generate AI outputs; we seek no-training / zero-retention processing where available.
- Email & hosting providers — transactional email delivery and website/application hosting.
- Google Analytics and Meta — website analytics and advertising measurement, where you consent.
- Platforms you authorise — for example social or CRM accounts you connect so we can deliver a service on your behalf.
We may also disclose data where required by law or to protect our rights, and to a successor in the event of a merger or acquisition. This sub-processor list must be confirmed against the live deployment (hosting region, email provider, and AI providers actually in use) before finalisation.
6. International data transfers
We operate globally and some providers (for example Stripe, Anthropic, Google, Meta, and email/hosting providers) may process data outside the UAE or your country. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or recognised adequacy mechanisms for those transfers.
7. How long we keep data
- Order, invoice & tax records: retained as required by applicable law (UAE tax and commercial record-keeping generally require 5 years).
- Account & engagement data: for the life of the relationship and a reasonable period afterwards, then deleted or anonymised unless retention is legally required.
- Prospect, assessment & marketing data: until you opt out or it is no longer needed, plus a short period for compliance.
8. Your rights
Subject to applicable law, you may have the right to: access your data; request correction or deletion; object to or restrict processing; request portability; and withdraw consent at any time (without affecting prior processing). To exercise a right, email info@hibr.ai; we aim to respond within 30 days. You also have the right to lodge a complaint with the UAE Data Office or your local data-protection authority.
9. Security
We use technical and organisational measures appropriate to the risk, including encryption in transit (TLS), access controls, and restricted staff access. No method of transmission or storage is completely secure; we cannot guarantee absolute security but work to protect your data and to notify you and regulators of any breach as required by law.
10. Cookies & similar technologies
We use strictly necessary cookies to operate the website. Analytics and advertising cookies (Google Analytics, Meta pixel) are set only where permitted. For full details and how to control them, see our Cookie Policy.
11. Children
Our services are intended for businesses and adults. We do not knowingly collect personal data from children. Product-specific minimum ages are stated in the relevant product terms.
12. Changes to this policy
We may update this policy. We will post the updated version here with a new effective date and, for material changes, take reasonable steps to notify active customers.
- Privacy & data requests: info@hibr.ai
- Regulator (UAE): UAE Data Office
حِبْر← Back to hibr.ai