HumaiHumai

Humai FZCO — Privacy Policy

Effective date: 11 August 2025

Who we are
Humai FZCO (DMCC), Dubai, UAE (“Humai”, “we”).
Contacts
[email protected]| [email protected]| [email protected]

This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our sites, use our apps/APIs/AI models/agents, or otherwise interact with us (the “Services”). It applies to both B2B and B2C users globally. Region‑specific rights and notices (EU/UK GDPR, California CPRA, UAE PDPL) are included below.

If you use Humai under an enterprise contract, our Data Processing Addendum (DPA) governs when we process personal data on your behalf as a processor: humai-ai.com/dpa (link when live).

1) Data We Collect

a) You provide

  • Account details (name, email, password), profile info, billing details, company details (B2B), support requests.
  • Your Content: prompts, inputs, files, messages, and resulting Outputs.
  • Marketing preferences and consents.

b) Collected automatically

  • Device and usage data (IP address, approximate location, device identifiers, browser/app version, time zone, language, pages viewed, referring URLs).
  • Event logs (sign‑ins, API calls, rate‑limit hits, feature interactions), crash/diagnostic data, security telemetry.

c) From third parties (where lawful)

  • Payment processors, identity verification providers, analytics, marketing partners, and integrations you connect (e.g., cloud drives, messaging apps, third‑party LLMs/tools).

Sensitive data. We do not require sensitive personal data. If you choose to provide sensitive data, you must have a lawful basis and comply with our AUP; we may restrict or delete such data.

2) How We Use Personal Data (Purposes & Legal Bases)

  • Provide the Services (create/manage accounts, deliver features/Outputs, customer support, troubleshooting, service communications). Legal bases: contract; legitimate interests.
  • Secure and prevent abuse (monitoring, fraud prevention, rate limits, incident response). Legal bases: legitimate interests; legal obligation.
  • Improve and develop (analytics, quality, reliability, safety testing, A/B tests). Legal bases: legitimate interests; model training only if you opt in (consent).
  • Billing and payments (process payments, invoicing, tax compliance). Legal bases: contract; legal obligation.
  • Marketing and communications (product updates, offers—only where permitted; you can opt out). Legal bases: consent where required; legitimate interests otherwise.
  • Compliance (respond to lawful requests, enforce terms, sanctions/export compliance). Legal bases: legal obligation; legitimate interests.

3) Model Training & AI Safety

Default stance: We do not use Your Content (prompts/Uploads/Outputs) to train our models for generalized improvements unless you opt in.

Aggregated/de‑identified analytics may be used to improve safety and reliability.

You can change training preferences in your account or via your MSA.

4) Cookies & Similar Technologies

We use cookies and similar technologies for functionality, security, analytics, and (optional) marketing. You can manage preferences via our cookie banner and Cookie Settings page. For details, see our Cookie Policy: humai-ai.com/cookies (link when live).

5) How We Share Personal Data

We share personal data only as necessary to operate the Services:

  • Service providers/processors (cloud hosting, storage, analytics, support, communications, security, payment processing).
  • Integration partners/LLMs you choose to connect.
  • Affiliates (common ownership/control) for the purposes in this Policy.
  • Legal disclosures (to comply with law, protect rights/safety, respond to lawful requests).
  • Business transfers (merger, acquisition, reorganization).

We do not sell personal information and do not share it for cross‑context behavioral advertising as defined by the CPRA, unless you enable marketing cookies/consents—at which point you may opt out at any time via “Do Not Sell or Share”/Cookie Settings.

6) International Transfers

We may process and store data in the UAE and other countries.

EEA/UK/Swiss transfers: We use appropriate safeguards (e.g., EU Standard Contractual Clauses, UK IDTA/Addendum) plus supplementary measures where needed.

UAE PDPL: Cross‑border transfers follow PDPL requirements, including adequacy or appropriate safeguards.

Details and a current list of subprocessors: humai-ai.com/subprocessors (link when live).

7) Data Retention

We keep personal data only as long as necessary for the purposes above:

  • Account/profile: for the life of the account.
  • Logs/telemetry: typically 12–18 months (shorter where possible).
  • Billing/invoices: 7 years (or as required by tax laws).
  • Support records: typically 24 months.
  • Model‑training opt‑in data: retained per your settings and can be withdrawn at any time; we’ll stop future training and use reasonable efforts to cease further use in training pipelines.

8) Your Rights

Your rights vary by region and may include:

  • Access, correction, deletion, portability (GDPR/UK GDPR/PDPL).
  • Restriction or objection to processing (GDPR/UK GDPR/PDPL).
  • Withdraw consent (where processing is based on consent).
  • CPRA (California): know, delete, correct, opt‑out of selling/sharing, limit use of sensitive personal information, and non‑discrimination.

To exercise rights, email [email protected]. We may request verification of identity and will respond within the time frames required by law.

9) Children

The Services aren’t directed to children under 13 (or older, where local law requires). We don’t knowingly collect data from such children. If you believe a child provided data, contact us to delete it.

10) Security

We use appropriate technical and organizational measures (encryption in transit, access controls, monitoring, backups). However, no system is perfectly secure. You’re responsible for maintaining the security of your account, devices, and credentials.

11) Third‑Party Services & Links

Third‑party services you connect are governed by their own terms and privacy practices. We’re not responsible for third‑party content or practices.

12) How to Contact Us & Complaints

Humai FZCO (DMCC) — [Full DMCC Address], Dubai, UAE

Email: [email protected]

If you’re in the EEA/UK, you may lodge a complaint with your local supervisory authority (e.g., your DPA or the UK ICO). In the UAE, you may contact the UAE Data Office. We welcome the chance to resolve concerns directly first.

13) Changes to This Policy

We make periodic suggested adjustments to keep this Policy accurate. Material changes will be notified (e.g., banner, in‑product, or email) and take effect on the stated date. If you disagree, you may stop using the Services and request deletion of your account.

Region‑Specific Notices

A) EEA/UK (GDPR/UK GDPR)

Controller: Humai FZCO is the controller for personal data described here (unless acting as processor under a DPA).

Lawful bases: performance of contract; legitimate interests (e.g., safety, improvement); consent (marketing, cookies, optional training); legal obligation.

Data Protection Officer (if appointed): [DPO Name], [email protected] (or contact [email protected]).

Automated decision‑making: We don’t make decisions with legal or similarly significant effects solely by automated means. If that changes, we’ll provide required disclosures and options.

B) California (CPRA)

No sale/share (default). We don’t sell/share personal information for cross‑context behavioral advertising by default. If you enable marketing cookies, you can opt out at any time via Do Not Sell or Share and Cookie Settings.

Categories collected: identifiers (e.g., email, IP), commercial info (transactions), internet/network activity (usage), geolocation (approximate), inferences (basic product usage patterns), and professional info (B2B contacts).

Sensitive PI: We don’t seek SPI; if provided (e.g., government ID for verification), we use it only for limited, disclosed purposes and allow you to limit use where applicable.

C) UAE (PDPL)

We process personal data in accordance with Federal Decree‑Law No. 45 of 2021 and implementing regulations, including principles of transparency, purpose limitation, data minimization, accuracy, storage limitation, and security, and we honor PDPL rights (access, correction, deletion, processing stop, portability). Cross‑border transfers follow PDPL adequacy/safeguards.

Back to topTerms of Use