Legal
Privacy Policy
YPD Technology Services FZCO is committed to protecting your personal and business data. This policy explains how we collect, use, and safeguard information across our dual-jurisdiction operations.
01
About This Policy
This Privacy Policy applies to all visitors to the YPD Technology Services website, prospective and current clients, and any individual whose personal data is processed in connection with our AI consulting engagements. It covers our AI-powered advisory tools (including the Aria and Aryan AI advisors on this website), client discovery and onboarding processes, consulting project delivery, and all associated communications.
YPD Technology Services FZCO operates under a dual-jurisdiction data protection framework. Our primary obligations arise under UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL). For engagements involving individuals in India, we additionally comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000.
This policy is written in English. An Arabic version is available upon request. Contact legal@youthpulsedigital.com.
02
Who We Are
YPD Technology Services FZCO is a specialist AI adoption studio registered in the United Arab Emirates. We diagnose, design, and deploy working AI systems for UAE and India businesses across five service lines: AI Readiness Audit, AI Workflow Automation, AI Training & Enablement, AI Customer Systems, and AI Strategy & Roadmap.
03
Information We Collect
Business Contact Information
Name, business email address, phone number, company name, job title, and country, collected when you submit an inquiry, book a discovery call, or use our contact form.
Engagement & Project Data
Business process documentation, operational data, workflow descriptions, and strategic information shared during the course of a consulting engagement. This data is treated as strictly confidential and subject to the Non-Disclosure provisions in our Terms of Service.
AI Interaction Data
Conversations with our AI advisors (Aria and Aryan) on this website, including questions asked, information voluntarily provided, and feedback on AI-generated responses. These interactions are session-based and processed to deliver your requested guidance.
Client Employee & Operational Data (as Data Processor)
During AI system deployment engagements, we may process data relating to your employees, customers, or operational workflows solely to deliver the contracted service. In this context, we act as a Data Processor on your behalf. See Section 6 for our dual-role disclosure.
Technical & Website Data
IP address, browser type, device information, referring URLs, and page interaction data, collected automatically via standard web analytics to improve site performance and security.
04
How We Use Your Information
- Service Delivery: Conducting AI readiness audits, designing automation workflows, delivering training programmes, building customer AI systems, and producing strategic roadmaps for your business.
- Client Communication: Responding to inquiries, scheduling engagements, providing project updates, and post-delivery support.
- AI Advisory: Powering our website AI advisors to answer your questions and route you to the right service.
- Proposal & Scoping: Preparing engagement proposals, Statements of Work, and pricing based on your disclosed business requirements.
- Legal & Compliance: Meeting our obligations under UAE federal law, DPDP India, and any applicable sector regulations.
- Service Improvement: Using anonymised, aggregated analytics to improve our AI models, website experience, and service methodology; never using identifiable client data for model training without explicit written consent.
- Marketing: Sending occasional insights, case studies, or service announcements where you have opted in or where we have a legitimate interest. You may opt out at any time.
05
Legal Bases for Processing
Under the UAE PDPL 2021, we process personal data on the following lawful bases:
Contract
Processing necessary to perform or prepare for a consulting engagement you have requested.
Legitimate Interests
Business development communications, website analytics, service improvement, and fraud prevention, where these interests are not overridden by your rights and freedoms.
Consent
AI chat interactions initiated by you, marketing communications, and any processing of sensitive data categories. Consent may be withdrawn at any time.
Legal Obligation
Where processing is required to comply with UAE federal law, regulatory requirements, or judicial orders.
For data subjects in India, processing is additionally governed by the DPDP Act 2023, which requires a valid lawful basis ('consent' or 'legitimate use') for all digital personal data processing.
06
Our Dual Role: Data Controller & Data Processor
YPD Technology Services operates in two distinct data roles depending on the context:
Data Controller
When we determine the purposes and means of processing: for example, processing data from website visitors, managing prospective client inquiries, maintaining our own business records, and sending marketing communications. In this role, we are directly accountable to you under applicable data protection laws.
Data Processor
When we process personal data on behalf of a client organisation during an AI deployment engagement: for example, processing your employees' workflow data or customer interaction records to build and train an AI system. In this role, we act strictly on your documented instructions and do not use client data for any independent purpose.
Enterprise clients whose engagements involve the processing of their employees' or customers' personal data are required to execute a Data Processing Agreement (DPA) with YPD prior to the commencement of work. Contact legal@youthpulsedigital.com to request our standard DPA.
07
AI Technology Disclaimer
Important Notice
Our website AI advisors (Aria and Aryan) and the AI systems we build for clients use large language models and proprietary AI frameworks to generate guidance and recommendations. AI-generated content is for informational and advisory purposes only and does not constitute professional legal, financial, medical, or regulatory advice. Business decisions should not be made solely on the basis of AI-generated outputs without appropriate human expert review.
AI interaction logs from website conversations are retained for a limited period solely for service quality and security purposes, then anonymised or deleted. We do not use personal AI conversation data to train our models without your explicit written consent.
Third-party AI infrastructure providers engaged by YPD (such as large language model API providers) are bound by data protection agreements aligned with our standards and applicable law.
09
Cross-Border Data Transfers
Our operations span the UAE and India. Data may therefore flow between these jurisdictions in the ordinary course of providing our services. We ensure all such transfers are governed by adequate contractual safeguards consistent with UAE PDPL and DPDP requirements.
Where data is transferred to third-party AI service providers operating outside the UAE or India (for example, LLM API providers), we ensure such transfers are subject to data processing agreements providing protections equivalent to those required under applicable law.
We maintain primary data hosting within the UAE. Backup and redundancy infrastructure may be located in other jurisdictions with equivalent security standards.
10
Data Security
We implement technical and organisational measures aligned with industry best practices to protect personal and business data against unauthorised access, disclosure, alteration, or destruction. These include:
- End-to-end encryption for data in transit and encryption at rest for sensitive data
- Role-based access controls with least-privilege principles
- Logical segregation of client data environments
- Regular security assessments and vulnerability reviews
- Secure AI model deployment with prompt and output safeguards
- Confidentiality agreements for all personnel and specialists with access to client data
For our full security framework and certifications status, see our Data Policy.
11
Data Retention
We retain data only for as long as necessary for the purpose for which it was collected, or as required by applicable law.
| Data Type | Retention Period | Basis |
|---|---|---|
| Business contact / lead data | 3 years from last interaction | Legitimate interest (business development) |
| Engagement & project data | 5 years from project close | UAE Commercial Transactions Law |
| Client operational data (as Processor) | Contract duration + 90 days, then deleted | DPA terms; client instruction |
| AI interaction logs (website) | 30–90 days, then anonymised | Service improvement; security |
| Financial & invoicing records | 8 years | UAE & Indian tax law |
| Legal correspondence & contracts | 7 years from contract end | UAE limitation periods |
| Grievance & complaint records | 3 years | DPDP & consumer law compliance |
| Website technical logs | 12 months | Security monitoring |
12
Your Rights & Choices
Under UAE PDPL 2021
- Access: Request a copy of the personal data we hold about you
- Correction: Request rectification of inaccurate or incomplete data
- Erasure: Request deletion of your data (subject to legal retention obligations)
- Restriction: Request that we limit how we process your data
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Where processing is based on consent, withdraw it at any time
Additional Rights Under India DPDP Act 2023
- Information: Right to information about processing activities
- Nomination: Right to nominate another person to exercise rights on your behalf
- Grievance Redressal: Right to a timely response to your privacy concerns
To exercise any of these rights, contact our Data Protection Officer at dpo@youthpulsedigital.com. We will acknowledge your request within 72 hours and respond within 30 days (UAE PDPL) or 30 days (DPDP), as applicable.
13
Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we are obligated under the UAE PDPL 2021 to notify the UAE Data Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in high risk to affected individuals, we will also notify you directly without undue delay.
For engagements involving Indian data subjects, parallel notification obligations under the DPDP Act and the Cert-In framework apply.
If you discover or suspect a data security issue involving YPD, please contact us immediately at dpo@youthpulsedigital.com.
15
Children's Privacy
YPD Technology Services is a business-to-business AI consulting firm. Our services are directed exclusively at business organisations and their authorised adult representatives. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently received data relating to a minor, please contact us at dpo@youthpulsedigital.com and we will delete it promptly.
16
Policy Updates
We may update this Privacy Policy to reflect changes in our services, applicable laws, or data protection practices. Material changes will be communicated via email notification to active clients and by updating the "Last Updated" date on this page. We encourage you to review this policy periodically.
Continued use of our services following notification of a material change constitutes acceptance of the updated policy.
17
Contact & Grievance Redressal
For any privacy-related questions, data subject rights requests, or grievances, please contact our Data Protection Officer:
If you are unsatisfied with our response to a data protection grievance, you may escalate to:
- UAE: The UAE Data Office (uaedataoffice.gov.ae) established under the UAE PDPL 2021
- India: The Data Protection Board of India, established under the DPDP Act 2023
Registered Address
YPD Technology Services FZCO
A1, IFZA Business Park, Dubai Digital Park
Dubai Silicon Oasis, Dubai, UAE
Phone: +971 55 747 0097
This Privacy Policy is governed by the laws of the United Arab Emirates as primary jurisdiction. By using our services, you acknowledge that you have read and understood this policy.