Legal

Data Policy

Your data is always kept private and protected. This page explains YPD Technology Services' security framework, data protection standards, and enterprise-grade practices — applied to every engagement.

Last Updated: May 2026UAE PDPL 2021 AlignedDPDP India 2023 Compliant

Standards

Our Data Protection Commitments

Eight principles that govern how we handle every piece of data — yours, your team's, and your clients'.

🔐

UAE PDPL Aligned

Primary Jurisdiction

Our data practices are designed in alignment with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data — the UAE's primary data protection law.

🇮🇳

DPDP 2023 Compliant

Secondary Jurisdiction

For all engagements involving Indian data subjects, we comply with the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000.

🛡️

ISO 27001 Aligned

In Progress

Our security management practices are structured in alignment with ISO 27001 information security principles. Formal certification is in progress.

SOC 2 Aligned

In Progress

Our operational controls for security, availability, and confidentiality are structured in alignment with the SOC 2 Trust Services Criteria. Formal audit is in progress.

🤖

Ethical AI Framework

Applied to Every Engagement

Every AI system we build is reviewed for bias, transparency, and data minimisation. We do not deploy AI outputs in critical processes without documented human oversight.

🚫

No Ads. No Tracking.

Zero Third-Party Surveillance

We do not sell, share, or broker client data with advertising networks. We do not use behavioural tracking tools. Your data is used only to deliver your engagement.

🔑

Controlled Data Access

Least-Privilege by Design

Access to client data is restricted to personnel directly involved in your engagement, on a need-to-know basis, enforced by role-based access controls.

🌐

UAE-Hosted Infrastructure

With Global Redundancy

Primary data and operational infrastructure is hosted within the UAE. Backup and redundancy systems operate in jurisdictions with equivalent security standards.

Framework

Our Security Commitment

At YPD Technology Services, we understand that trust is the foundation of every client relationship — particularly in the context of AI adoption, where we are often entrusted with sensitive business processes and data. We implement multiple layers of security across our entire operation.

Data Encryption

  • End-to-end encryption for all data in transit using TLS 1.2+
  • Encryption at rest for all sensitive client and personal data
  • Encrypted communication channels for all internal and external correspondence

Access Control

  • Role-based access control (RBAC) with least-privilege principle
  • Multi-factor authentication for all internal systems
  • Regular access reviews and immediate revocation upon engagement close
  • Logical segregation of client data environments

AI System Security

  • Prompt injection and adversarial input safeguards on all deployed AI systems
  • Output review and filtering mechanisms for high-stakes AI applications
  • Model access controls preventing unauthorised extraction or replication
  • Audit logs for all AI system interactions in client environments

Personnel & Vendors

  • Confidentiality and data protection agreements for all staff and specialists
  • Vendor due diligence for all third-party AI infrastructure providers
  • Data Processing Agreements (DPAs) with all sub-processors
  • Annual security awareness training for all personnel with data access

Monitoring & Response

  • Continuous security monitoring of production systems
  • Regular vulnerability assessments and penetration testing
  • Incident response plan with defined escalation paths
  • 72-hour data breach notification to UAE Data Office (UAE PDPL requirement)

Data Lifecycle

  • Data minimisation — we collect only what is necessary for the engagement
  • Defined retention periods per our Privacy Policy retention schedule
  • Secure deletion of client data following retention period or on request
  • Data export available to clients upon request in structured formats

Compliance

Regulatory Framework

UAE — Primary Jurisdiction

UAE PDPL 2021

Federal Decree-Law No. 45 of 2021 on Personal Data Protection

UAE Cybercrime Law

Federal Decree-Law No. 34 of 2021 on Combating Cybercrimes

UAE E-Transactions

Federal Law No. 1 of 2006 on Electronic Commerce and Transactions

Corporate Tax

Federal Decree-Law No. 47 of 2022 (TRN: 105203337800001)

India — Secondary Jurisdiction

DPDP Act 2023

Digital Personal Data Protection Act, 2023

IT Act 2000

Information Technology Act, 2000 and applicable rules

Cert-In Framework

CERT-In Directions for cybersecurity incident reporting

Consumer Protection

Consumer Protection Act, 2019 (where applicable to Indian engagements)

Contact

Security Contact

If you have questions about our data security practices, wish to request a Data Processing Agreement, or need to report a security concern, please contact us:

Data Protection OfficerAniruddha Basu Choudhari
DPO / Securitydpo@youthpulsedigital.com
General Supportsupport@youthpulsedigital.com
Legal & DPA Requestslegal@youthpulsedigital.com
Response TimeAcknowledgement within 72 hours

An Arabic-language version of this policy is available upon request. Contact legal@youthpulsedigital.com.

Ask me anything