Legal

Privacy Policy

How AI Noven — the company that operates AI Noven — collects, uses and protects your information under the laws of the United Arab Emirates.

Last updated: 25 April 2026

Important. This summary is provided for transparency. It is not a substitute for legal advice. By using AI Noven you agree to these terms in full.

AI output disclaimer. AI Noven outputs (drawings, calculations, datasheets, reports, schedules, BoQs and any other deliverables) are generated by automated systems and large-language models. They are not professional engineering advice, are not sealed drawings, and must be independently reviewed, verified and stamped by a licensed professional engineer before being relied upon for design, procurement, construction, regulatory submission or safety decisions. AI Noven accepts no liability for any use of AI outputs without such review.

1. Who we are

This service ("AI Noven", the "Service", "we", "us") is owned and operated by AI Noven, a free-zone company duly registered in the United Arab Emirates ("UAE"). All references to "we" or "the Company" in this policy refer to AI Noven.

We act as the data controller for personal data we collect about our customers, users and website visitors. For content that customers upload to their workspace, we act as a data processor on the customer's behalf.

2. Governing law

This policy is issued in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("PDPL") and any implementing regulations issued by the UAE Data Office, together with applicable Dubai and free-zone data-protection regulations that apply to AI Noven.

3. What we collect

  • Account data — name, work email, password hash, organisation, role.
  • Billing data — handled by Stripe; we do not store full card numbers on our servers. We retain billing references, invoice history and tax identifiers.
  • Customer content — documents, drawings, specifications, transcripts, BoQs, schedules and any other material you upload to your workspace.
  • Usage telemetry — anonymised event logs, feature usage, performance metrics and error traces used to keep the Service stable and improve it.
  • Cookies and similar technologies — strictly-necessary cookies for authentication and session, plus optional analytics cookies you can decline.

4. How we use your data

  • To deliver the Service and the modules you have subscribed to.
  • To improve product quality, fix bugs and develop new features.
  • To monitor security, detect abuse, run audits and meet legal and regulatory obligations.
  • To bill you, recover unpaid amounts and provide customer support.
  • To send service-related communications (we do not send marketing without consent).

5. Legal bases

We process personal data on one or more of the following bases recognised by the PDPL: (a) performance of a contract with you or your organisation; (b) compliance with our legal obligations under UAE law; (c) our legitimate business interests in operating, securing and improving the Service; and (d) your explicit consent, where required.

6. Sub-processors

We use carefully selected sub-processors. Each is bound by contractual confidentiality and data-protection obligations:

  • OpenAI — large-language-model inference for AI features (only when the customer routes traffic to OpenAI).
  • Stripe — payment processing, billing and customer portal.
  • Amazon Web Services (AWS) — cloud hosting, storage and backups.
  • Resend — transactional email delivery.
  • Cloudflare — DNS, CDN, edge caching and DDoS protection.

Customers on Professional and Enterprise plans may opt for self-hosted or on-prem deployment, in which case some sub-processors above are not used.

7. Data retention

We retain account and billing data for as long as your subscription is active and for up to seven (7) years thereafter to satisfy UAE tax, accounting and audit requirements. Customer content is retained for the lifetime of the workspace and deleted within thirty (30) days of workspace deletion, subject to backup-rotation cycles of up to a further sixty (60) days.

8. Your rights under the UAE PDPL

Subject to the limits and conditions set out in the PDPL, you have the right to:

  • Access — request a copy of personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion where the lawful basis for processing has lapsed.
  • Restriction — limit how we process your data in certain circumstances.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent — at any time, where processing is based on consent.

To exercise any right, write to dpo@ainoven.com. We will respond within the period required by the PDPL.

9. Security

We apply administrative, technical and physical safeguards proportionate to the risk:

  • TLS 1.2+ in transit; AES-256 at rest for managed storage.
  • Role-based access control with least-privilege defaults.
  • Audit logs, intrusion detection and rate-limiting on production endpoints.
  • Encrypted backups with rotation; periodic disaster-recovery drills.
  • Mandatory MFA for engineering staff with production access.

No system is perfectly secure. We disclaim, to the maximum extent permitted by law, liability for unauthorised access caused by events beyond our reasonable control.

10. International data transfers

Where personal data is transferred outside the UAE — for example to a cloud region operated by a sub-processor — we rely on transfer mechanisms permitted by the PDPL, including adequacy findings, contractual safeguards and your explicit consent where required.

11. Children's data

AI Noven is a business-to-business platform intended exclusively for use by professionals over the age of eighteen (18). The Service is not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe we have done so, contact us and we will delete it.

12. Disclaimers and limitation of liability

The Service is provided on an "as is" and "as available" basis. To the maximum extent permitted by applicable UAE law:

  • AI Noven makes no warranty of any kind regarding the accuracy, completeness, fitness for purpose, reliability or suitability for any particular use of any AI-generated output.
  • AI outputs (including but not limited to drawings, schedules, BoQs, calculations, RFI responses and reports) are guidance only. They must be reviewed and signed off by a licensed professional engineer before use. You are solely responsible for any reliance placed on AI outputs.
  • AI Noven shall not be liable for any indirect, incidental, special, consequential or punitive damages, including loss of profits, loss of revenue, loss of data, loss of goodwill or business interruption, even if advised of the possibility.
  • Our aggregate liability under this policy and the Terms is capped at the fees actually paid by the customer to AI Noven for the Service in the twelve (12) months preceding the event giving rise to the claim.
  • We disclaim liability for data loss arising from acts of the customer, third-party platforms, network failures or other events outside our reasonable control.

13. Force majeure

AI Noven shall not be liable for any failure or delay in performance caused by events beyond its reasonable control, including but not limited to acts of God, war, terrorism, civil unrest, pandemic, governmental action, sanctions, internet outages, cloud-provider failures or labour disputes.

14. Changes to this policy

We may update this policy from time to time. Material changes will be notified via in-product banner or email at least fourteen (14) days before they take effect. The current version is always available at this URL with the "Last updated" date at the top.

15. Contact us

For privacy questions, complaints or PDPL rights requests:

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by