Privacy Policy

1. Introduction

Aradus AI Limited (“Aradus”, “we”, “us”, “our”) is committed to protecting the privacy of individuals whose personal data we process. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with the operation of the Aradus platform and our business activities, in compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“UAE PDPL”), the EU General Data Protection Regulation (“GDPR”), the Saudi Arabia Personal Data Protection Law (“Saudi PDPL”), and other applicable data protection legislation.

2. Data Controller and Processor Roles

Aradus acts in two distinct roles depending on the category of data:

Data Controller for personal data we collect to operate user accounts and deliver the Service.
Data Processor for business content our customers upload and process through the platform.

3. Data We Collect

3.1 Platform Account Data

Name, email address, profile image, and phone number
Authentication credentials — hashed password or OAuth tokens
Organisation membership, role, and dashboard preferences
Session data — IP address, user-agent string, login timestamps

3.2 Customer Content

Business content you upload or generate — invoices, bills of lading, packing lists, purchase orders, shipment records, supplier and customer contact details.

3.3 Usage and Analytics Data

Consent-gated product analytics and anonymous session recordings with form inputs masked.

4. Legal Bases for Processing

Performance of a contract: processing required to provide platform access.
Legitimate interest: security monitoring, fraud prevention, platform improvement.
Legal obligation: retaining transactional and tax records.
Consent: for optional analytics, session recording, and direct marketing.

5. How We Use Information

Operate and maintain the platform and your account
Classify, extract, and organise uploaded documents
Track shipments and deliver status notifications
Reconcile invoices and surface operational insights
Detect and prevent security incidents
Comply with legal obligations

6. AI Processing

The Aradus platform uses AI to classify and extract data from documents and emails, and to power conversational features.

Aradus does not use customer content to train AI models.
Google's data-handling commitments are governed by the Gemini API Terms ↗.
Where AI output materially affects an automated decision, a human reviewer remains in the loop.

7. Categories of Sub-Processors

We engage sub-processors to deliver the Service, each contractually bound to protective obligations:

Category	Purpose
Cloud hosting and infrastructure	Application hosting, managed databases, and object storage
AI processing	Document classification, data extraction, and conversational features
Email infrastructure	Transactional email delivery and inbound email intake
Shipment-tracking APIs	Tracking of shipments by Bill of Lading and container references
Product analytics and session replay	Consent-gated analytics with form inputs masked
Marketing-site analytics	Consent-gated analytics on public marketing site visits

9. Data Storage and Security

Encryption in transit and at rest
Role-based access controls and authenticated sessions
Audit logging of significant platform actions
Multi-tenant isolation at the database and application layers

10. Data Retention

Account data: retained for the life of the account.
Customer content: retained for the subscription period.
Error logs: 90 days, then deleted.
Billing/tax records: as required by law.

11. Cross-Border Data Transfers

We rely on Standard Contractual Clauses or equivalent transfer mechanisms where applicable.

12. Your Rights

Right to access, rectification, erasure, and portability
Right to restrict or object to processing
Right to withdraw consent
Right not to be subject to solely automated decisions

Contact privacy@aradus.ai. We respond within 30 days.

13. Cookies and Tracking

Strictly necessary: session cookies. Always active.
Analytics (consent-gated): PostHog, Google Analytics, Microsoft Clarity.

14. Children's Data

This is a B2B service not directed at individuals under 18.

15. Data Breach Notification

We notify affected parties within 72 hours of becoming aware of a breach.

16. Compliance Framework

This policy complies with UAE PDPL, GDPR, and Saudi PDPL.

17. Changes to This Policy

Material changes will be communicated by email or through the platform.

18. Contact

Aradus AI Limited

Email: privacy@aradus.ai

1. Introduction

2. Data Controller and Processor Roles

Aradus acts in two distinct roles depending on the category of data:

Data Controller for personal data we collect to operate user accounts and deliver the Service.
Data Processor for business content our customers upload and process through the platform.

3. Data We Collect

3.1 Platform Account Data

Name, email address, profile image, and phone number
Authentication credentials — hashed password or OAuth tokens
Organisation membership, role, and dashboard preferences
Session data — IP address, user-agent string, login timestamps

3.2 Customer Content

Business content you upload or generate — invoices, bills of lading, packing lists, purchase orders, shipment records, supplier and customer contact details.

3.3 Usage and Analytics Data

Consent-gated product analytics and anonymous session recordings with form inputs masked.

4. Legal Bases for Processing

Performance of a contract: processing required to provide platform access.
Legitimate interest: security monitoring, fraud prevention, platform improvement.
Legal obligation: retaining transactional and tax records.
Consent: for optional analytics, session recording, and direct marketing.

5. How We Use Information

Operate and maintain the platform and your account
Classify, extract, and organise uploaded documents
Track shipments and deliver status notifications
Reconcile invoices and surface operational insights
Detect and prevent security incidents
Comply with legal obligations

6. AI Processing

The Aradus platform uses AI to classify and extract data from documents and emails, and to power conversational features.

Aradus does not use customer content to train AI models.
Google's data-handling commitments are governed by the Gemini API Terms ↗.
Where AI output materially affects an automated decision, a human reviewer remains in the loop.

7. Categories of Sub-Processors

We engage sub-processors to deliver the Service, each contractually bound to protective obligations:

Category	Purpose
Cloud hosting and infrastructure	Application hosting, managed databases, and object storage
AI processing	Document classification, data extraction, and conversational features
Email infrastructure	Transactional email delivery and inbound email intake
Shipment-tracking APIs	Tracking of shipments by Bill of Lading and container references
Product analytics and session replay	Consent-gated analytics with form inputs masked
Marketing-site analytics	Consent-gated analytics on public marketing site visits

9. Data Storage and Security

Encryption in transit and at rest
Role-based access controls and authenticated sessions
Audit logging of significant platform actions
Multi-tenant isolation at the database and application layers

10. Data Retention

Account data: retained for the life of the account.
Customer content: retained for the subscription period.
Error logs: 90 days, then deleted.
Billing/tax records: as required by law.

11. Cross-Border Data Transfers

We rely on Standard Contractual Clauses or equivalent transfer mechanisms where applicable.

12. Your Rights

Right to access, rectification, erasure, and portability
Right to restrict or object to processing
Right to withdraw consent
Right not to be subject to solely automated decisions

Contact privacy@aradus.ai. We respond within 30 days.

13. Cookies and Tracking

Strictly necessary: session cookies. Always active.
Analytics (consent-gated): PostHog, Google Analytics, Microsoft Clarity.

14. Children's Data

This is a B2B service not directed at individuals under 18.

15. Data Breach Notification

We notify affected parties within 72 hours of becoming aware of a breach.

16. Compliance Framework

This policy complies with UAE PDPL, GDPR, and Saudi PDPL.

17. Changes to This Policy

Material changes will be communicated by email or through the platform.

18. Contact

Aradus AI Limited

Email: privacy@aradus.ai

Privacy Policy

1. Introduction

2. Data Controller and Processor Roles

3. Data We Collect

3.1 Platform Account Data

3.2 Customer Content

3.3 Usage and Analytics Data

4. Legal Bases for Processing

5. How We Use Information

6. AI Processing

7. Categories of Sub-Processors

8. Data Sharing and Disclosure

9. Data Storage and Security

10. Data Retention

11. Cross-Border Data Transfers

12. Your Rights

13. Cookies and Tracking

14. Children's Data

15. Data Breach Notification

16. Compliance Framework

17. Changes to This Policy

18. Contact

Privacy Policy

1. Introduction

2. Data Controller and Processor Roles

3. Data We Collect

3.1 Platform Account Data

3.2 Customer Content

3.3 Usage and Analytics Data

4. Legal Bases for Processing

5. How We Use Information

6. AI Processing

7. Categories of Sub-Processors

8. Data Sharing and Disclosure

9. Data Storage and Security

10. Data Retention

11. Cross-Border Data Transfers

12. Your Rights

13. Cookies and Tracking

14. Children's Data

15. Data Breach Notification

16. Compliance Framework

17. Changes to This Policy

18. Contact