NibraSec
HomeAgentsPricingSecurityBlogDocs
Get started
Legal
Terms of ServicePrivacy PolicyData Processing AgreementAcceptable Use PolicyCookie Policy
Last updated 28 June 2026

Privacy Policy

This Privacy Policy explains how NibraSec (the “Company”, “we”, “us”) collects, uses, discloses, transfers, and protects Personal Data when you use our software-as-a-service platform at nibrasec.com and related subdomains (the “Service”). It is written to align with the United Arab Emirates Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “UAE PDPL”) and its implementing regulations as issued by the UAE Data Office.

1. Who we are (the Controller)

NibraSec FZ-LLC is a free-zone company established in Dubai, United Arab Emirates [trade-licence / registration number to be inserted], with its registered office at [registered address]. For the purposes of the UAE PDPL, NibraSec is the Controller of the Personal Data described in this Policy. You can reach our Data Protection Officer at dpo@nibrasec.com.

2. Personal Data we collect

  • Account data — your name, work email, organisation, role, country, and authentication data (including multi-factor authentication settings).
  • Workspace content — the baseline questionnaire answers, AI-systems inventory, agent outputs, findings, and evidence artefacts you create. This may contain Personal Data about your own staff or third parties, which you provide to us as described in our Data Processing Agreement.
  • Usage and device data — IP address, browser/device information, log and operational telemetry (latency, error events, credit usage). We do not retain raw query text in observability logs.
  • Payment data — processed by Paddle.com Market Limited as merchant of record. We do not receive or store your full card number.
  • Communications — messages you send us via support, sales, or email.

3. How and why we use Personal Data, and our lawful basis

Under Article 4 of the UAE PDPL we process Personal Data only where a lawful basis applies:

  • Performance of a contract — to create your account, provide the Service, run agents, and bill you.
  • Legitimate interests — to secure the platform, prevent abuse and fraud, and improve reliability, balanced against your rights and freedoms.
  • Legal obligation — to comply with applicable UAE law, tax, and lawful requests from competent authorities.
  • Consent — for optional analytics/marketing cookies and any processing that requires it. Where we rely on consent it is freely given, specific, informed, and unambiguous, and you may withdraw it at any time (see Section 9).

4. Disclosure and sub-processors

We share Personal Data only with vetted service providers (sub-processors) that process it on our behalf under written contracts requiring PDPL-equivalent protections — including cloud hosting, LLM inference under zero-data-retention terms, payment processing, and transactional email. A current register of sub-processors is maintained and made available under NDA via our security pack. We do not sell Personal Data.

5. Cross-border transfers

Workspace content is hosted in-region (UAE / GCC) on the primary path. Where Personal Data is transferred outside the UAE — for example to LLM inference providers — we do so only in accordance with Articles 22 and 23 of the UAE PDPL: to jurisdictions recognised as providing an adequate level of protection, or, where no such recognition exists, under contractual commitments binding the recipient to PDPL-equivalent safeguards, or with your explicit consent. Inference providers operate under zero-data-retention terms and do not use your content to train their models.

6. Data retention

We retain workspace content for the duration of your subscription and for 30 days thereafter, unless a longer period is required by law. Workspaces with no agent activity for nine consecutive months, and their data, are deleted (see pricing). Audit logs are retained for 12 months. We retain only what is necessary for the purposes set out in this Policy.

7. Your rights under the UAE PDPL

Subject to the conditions and exceptions in the UAE PDPL, you have the right to:

  • be informed about, and request access to and a copy of, your Personal Data;
  • request correction of inaccurate or incomplete data;
  • request erasure of your Personal Data;
  • request restriction of, or object to, certain processing;
  • receive your data in a structured, machine-readable, portable format;
  • not be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects;
  • withdraw consent at any time, without affecting prior lawful processing;
  • lodge a complaint with the UAE Data Office.

8. How to exercise your rights

Email privacy@nibrasec.com. We will verify your identity and respond within the period required by the UAE PDPL. There is no fee unless the request is manifestly unfounded or excessive.

9. Security

We apply technical and organisational measures appropriate to the risk — encryption in transit and at rest, per-tenant isolation, access control, and audit logging. See our Security page for detail.

10. Personal Data breaches

If a Personal Data breach occurs that poses a risk to the privacy, confidentiality, or security of data subjects, we will notify the UAE Data Office without undue delay and within the timeframe required under the UAE PDPL (within 72 hours of becoming aware where applicable), and we will inform affected data subjects where the law requires.

11. Children

The Service is intended for business use and is not directed to individuals under 18. We do not knowingly collect Personal Data from children.

12. Changes to this Policy

We may update this Policy. Material changes will be notified by email and/or in-product at least 30 days before they take effect.

13. Contact and complaints

Data Protection Officer: dpo@nibrasec.com. You may also contact us via /contact. If you believe your rights have been infringed, you may complain to the UAE Data Office.

NibraSec

AI-native compliance for organizations operating in the Middle East. Five agents, one team, continuous coverage.

Product
AgentsHow it worksWorkspacePricing
Resources
BlogDocumentationChangelog
Company
AboutWho it's forCareersContact
Legal
PrivacyTermsDPASecurity
© 2026 NibraSec. All rights reserved.
🌍 English