Legal
Data Policy
Your data is always kept private and protected. This page explains YPD Technology Services' security framework, data protection standards, and enterprise-grade practices — applied to every engagement.
Standards
Our Data Protection Commitments
Eight principles that govern how we handle every piece of data — yours, your team's, and your clients'.
UAE PDPL Aligned
Primary Jurisdiction
Our data practices are designed in alignment with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data — the UAE's primary data protection law.
DPDP 2023 Compliant
Secondary Jurisdiction
For all engagements involving Indian data subjects, we comply with the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000.
ISO 27001 Aligned
In Progress
Our security management practices are structured in alignment with ISO 27001 information security principles. Formal certification is in progress.
SOC 2 Aligned
In Progress
Our operational controls for security, availability, and confidentiality are structured in alignment with the SOC 2 Trust Services Criteria. Formal audit is in progress.
Ethical AI Framework
Applied to Every Engagement
Every AI system we build is reviewed for bias, transparency, and data minimisation. We do not deploy AI outputs in critical processes without documented human oversight.
No Ads. No Tracking.
Zero Third-Party Surveillance
We do not sell, share, or broker client data with advertising networks. We do not use behavioural tracking tools. Your data is used only to deliver your engagement.
Controlled Data Access
Least-Privilege by Design
Access to client data is restricted to personnel directly involved in your engagement, on a need-to-know basis, enforced by role-based access controls.
UAE-Hosted Infrastructure
With Global Redundancy
Primary data and operational infrastructure is hosted within the UAE. Backup and redundancy systems operate in jurisdictions with equivalent security standards.
Framework
Our Security Commitment
At YPD Technology Services, we understand that trust is the foundation of every client relationship — particularly in the context of AI adoption, where we are often entrusted with sensitive business processes and data. We implement multiple layers of security across our entire operation.
Data Encryption
- End-to-end encryption for all data in transit using TLS 1.2+
- Encryption at rest for all sensitive client and personal data
- Encrypted communication channels for all internal and external correspondence
Access Control
- Role-based access control (RBAC) with least-privilege principle
- Multi-factor authentication for all internal systems
- Regular access reviews and immediate revocation upon engagement close
- Logical segregation of client data environments
AI System Security
- Prompt injection and adversarial input safeguards on all deployed AI systems
- Output review and filtering mechanisms for high-stakes AI applications
- Model access controls preventing unauthorised extraction or replication
- Audit logs for all AI system interactions in client environments
Personnel & Vendors
- Confidentiality and data protection agreements for all staff and specialists
- Vendor due diligence for all third-party AI infrastructure providers
- Data Processing Agreements (DPAs) with all sub-processors
- Annual security awareness training for all personnel with data access
Monitoring & Response
- Continuous security monitoring of production systems
- Regular vulnerability assessments and penetration testing
- Incident response plan with defined escalation paths
- 72-hour data breach notification to UAE Data Office (UAE PDPL requirement)
Data Lifecycle
- Data minimisation — we collect only what is necessary for the engagement
- Defined retention periods per our Privacy Policy retention schedule
- Secure deletion of client data following retention period or on request
- Data export available to clients upon request in structured formats
Compliance
Regulatory Framework
UAE — Primary Jurisdiction
UAE PDPL 2021
Federal Decree-Law No. 45 of 2021 on Personal Data Protection
UAE Cybercrime Law
Federal Decree-Law No. 34 of 2021 on Combating Cybercrimes
UAE E-Transactions
Federal Law No. 1 of 2006 on Electronic Commerce and Transactions
Corporate Tax
Federal Decree-Law No. 47 of 2022 (TRN: 105203337800001)
India — Secondary Jurisdiction
DPDP Act 2023
Digital Personal Data Protection Act, 2023
IT Act 2000
Information Technology Act, 2000 and applicable rules
Cert-In Framework
CERT-In Directions for cybersecurity incident reporting
Consumer Protection
Consumer Protection Act, 2019 (where applicable to Indian engagements)
Contact
Security Contact
If you have questions about our data security practices, wish to request a Data Processing Agreement, or need to report a security concern, please contact us:
An Arabic-language version of this policy is available upon request. Contact legal@youthpulsedigital.com.