Privacy Policy

• Full name, nationality, date of birth
• Email address, phone number, business address
• Identification documents (e.g., passport, Emirates ID, KSA ID)

• Business trade name, license number, legal form
• Company registration documents and ownership data
• Tax registration details and filing status
• KYC/AML documents and UBO declarations

• Platform activity logs and feature usage
• Chatbot interactions and prompt history
• Selected service packages and workflows triggered
• Device ID, IP address, location (approximate)

• Files uploaded by the user (PDF, ID scans, etc.)
• Documents generated through the platform (MOAs, invoices, tax filings)
• Internally created reports and checklists linked to your account

• Payment method (masked card info, IBAN)
• Transaction history, invoice records, and timestamps
• No credit card details are stored by Incorpify directly (handled via secure third-party processors)

Collected via tools such as Google Analytics and Hotjar, including:

• Session behavior, clickstreams, bounce rates
• Device type, browser version, operating system
• Cookie identifiers (subject to our Cookie Policy)

To deliver the services you request and manage your account, including:

• Registering and maintaining your user profile;
• Verifying your identity and performing KYC/AML checks;
• Preparing, submitting, and renewing company licenses, tax registrations, trademarks, visas, and other filings;
• Generating invoices, reports, and business documentation;
• Providing customer support, document reviews, and compliance assistance.

To comply with applicable laws and regulations in the UAE, KSA, ADGM, and other jurisdictions, including:

• Tax law, company law, and commercial licensing obligations;
• Anti-money laundering (AML) and counter-terrorist financing (CTF) frameworks;
• Data retention obligations (e.g., 10-year document storage).

To protect our operations and improve your experience:

• Service improvement and feature development;
• Internal analytics and AI training (with safeguards);
• Fraud detection, abuse prevention, and security monitoring;
• Handling claims, disputes, or legal proceedings.

All such processing is performed with due consideration for your rights and does not override your fundamental freedoms.

• Sending platform updates, service announcements, and referral offers;
• Sending newsletters or product updates (only if opted-in);
• Sharing your data (limited to name, company, email) with verified business partners (e.g., insurers, banks, legal firms) only if you use or opt into those services.

You may opt out of marketing at any time using dashboard preferences or unsubscribe link in emails.

Processing is necessary to:

• Provide you with the services requested;
• Execute filings, generate documents, or handle subscriptions;
• Respond to customer support requests.

If you do not provide the required data, we may not be able to deliver the services.

We process your data where required to:

• Comply with tax, AML, licensing, and corporate law requirements in the UAE, KSA, and ADGM;
• Retain company-related data for 10 years under local recordkeeping laws;
• Respond to lawful requests from regulatory or enforcement authorities.

Processing is necessary for our legitimate business interests, provided your rights do not override them. This includes:

• Monitoring platform performance;
• Detecting misuse or fraud;
• Improving our AI models using anonymized prompt/response logs;
• Handling legal claims or compliance risk.

You may object to processing on this basis, as detailed in Section 9.

Some activities will require your explicit consent, such as:

• Receiving marketing emails or partner offers;
• Sharing data with external third parties not directly involved in service delivery;
• Using cookies or third-party tracking tools.

You may withdraw consent at any time without affecting the lawfulness of prior processing.

Personal data is processed using:

• Automated systems (AI agents, workflow triggers, API calls);
• Manual operations by Incorpify staff for regulatory tasks, compliance checks, and document verification.

All access and actions are logged and role-restricted.

All data processing is hosted on Microsoft Azure, ensuring:

• Compliance with ISO/IEC 27001, SOC 2, and GDPR standards;
• Redundant storage and disaster recovery within secure, audited data centers;
• Geo-specific routing when mandated by UAE/KSA law.

Incorpify applies strong encryption and access control protocols:

• AES-256 encryption for data at rest;
• TLS 1.2+ encryption for all data in transit;
• Two-factor authentication (2FA) for all internal accounts;
• Device and IP-based access control;
• Continuous security audits and intrusion detection monitoring.

Files uploaded to the platform (e.g., IDs, licenses) are scanned in isolated environments to prevent malware and unauthorized code execution.

AI systems analyze user inputs to generate insights, complete workflows, and automate compliance checks. To protect user data:

• AI prompt logs are anonymized and stored securely;
• No personal data is shared with public AI models or third-party LLMs;
• All AI usage is monitored, and potentially abusive prompts are flagged or blocked;
• High-risk queries are either escalated to human review or restricted.

Incorpify shares your personal data only when strictly necessary to fulfill service delivery or comply with legal obligations. This includes:

• Internal staff involved in incorporation, compliance, and customer support;
• Verified service partners such as:
  • Government portals (e.g., DED, MoE, GAZT, FTA)
  • Banks and financial institutions
  • Insurance providers, accountants, and legal advisors
• Infrastructure and technology providers, such as Microsoft Azure (AI and hosting), cloud storage, and analytics platforms.

All partners and processors are contractually bound to maintain confidentiality, comply with applicable data protection laws, and only process data on Incorpify’s instructions.

Some personal data may be transferred outside the UAE or KSA to countries offering an adequate level of protection, including:

• The European Economic Area (EEA)
• The United Kingdom
• Other jurisdictions where Microsoft Azure or service partners operate

If transfers occur to countries without an adequacy decision, Incorpify ensures that:

• Standard Contractual Clauses (SCCs) or similar safeguards are in place;
• Transfer is necessary for performance of a contract or legal compliance;
• Additional technical measures (e.g., encryption, pseudonymization) are applied.

Incorpify does not sell, rent, or commercially disclose your personal data to third parties for marketing purposes.

Data shared with service partners (e.g., an insurance broker or payroll provider) is limited to what’s required to deliver the selected service and is subject to your consent or active usage.

We retain the following categories of data for 10 years, in line with UAE and KSA legal obligations:

• Company incorporation records and trade licenses;
• Tax filings and compliance documents;
• Visa, payroll, and regulatory filings;
• Invoices and financial transaction records.

This applies even after account closure, service termination, or user deletion requests, unless overridden by a competent authority.

We retain non-regulatory data for shorter durations:

• Chatbot logs and prompt history: 12 months (anonymized if used for AI training)
• Session and analytics data (e.g., Google, Hotjar): 12–24 months, per tool policy
• Support interactions and email logs: 24 months
• Deleted account metadata (timestamp, action): 12 months

Upon user request and subject to legal constraints, we may:

• Delete or anonymize personal data not required by law;
• Restrict processing of inactive accounts or disputed records;
• Archive data for litigation hold if under regulatory investigation.

Requests can be submitted via your dashboard or by emailing privacy@incorpify.ai.

You have the right to request a copy of the personal data we hold about you, along with information on how and why it is processed.

You may request the correction of inaccurate or incomplete personal data at any time.

You may request deletion of your personal data if:

• It is no longer necessary for the purpose it was collected;
• You withdraw consent (where applicable);
• Processing was unlawful.

Note: We may retain data required under law (e.g., licensing, tax, compliance) even after such requests.

You may request the restriction of processing where:

• You contest the accuracy of data;
• Processing is unlawful but deletion is not desired;
• You need the data to establish, exercise, or defend legal claims.

You can object to:

• Processing based on legitimate interest;
• Receiving marketing or promotional content (unsubscribe available in all communications).

If processing is based on consent or contract and carried out by automated means, you may request to receive your data in a structured, machine-readable format and transmit it to another controller.

Where processing is based on your consent (e.g., marketing, third-party sharing), you may withdraw it at any time without affecting the lawfulness of prior processing.

You may lodge a complaint with the competent authority:

• ADGM Commissioner of Data Protection

Requests must be submitted via your Incorpify account dashboard or by emailing privacy@incorpify.ai.

Material changes to this Policy will be:

• Announced via email to registered users;
• Communicated through dashboard notifications;
• Published on the Incorpify website with a revised “Last Updated” date.

We encourage users to review this Policy periodically. Continued use of the Platform after a Policy update constitutes acceptance of the revised terms.