Back to Home

Privacy Policy

Last Updated: December 31, 2025

This Privacy Policy explains how AIFortess Infosec FZCO ("AIFortess," "we," "us," or "our") collects, uses, and protects your information when you use our products and services. We believe in being straightforward about data practices.

The short version: We collect what we need to provide our services. We do not sell your data. We take reasonable steps to protect it.

1. Information We Collect

1.1 Information You Provide

When you use our services, you may provide:

  • Account Information: Name, email address, company name, job title
  • Payment Information: Billing details processed through our payment provider
  • Communications: Messages you send us, support requests, feedback

1.2 Information You Enter Into Our Products

When using AIFortess Assessor, you may enter:

  • AI System Information: Descriptions of AI systems you are assessing
  • Assessment Data: Responses to assessment questions, control status, gap analysis
  • Documentation: Files and documents you upload

1.3 Information Collected Automatically

  • Usage Data: How you interact with our products
  • Device Information: Browser type, operating system, IP address
  • Cookies: Session and preference data (see Section 7)

2. How We Use Your Information

2.1 To Provide Services

  • Create and manage your account
  • Deliver the features and functionality you use
  • Process payments
  • Provide support when you reach out

2.2 To Improve Our Products

  • Understand how users interact with our products
  • Identify and fix issues
  • Develop new features based on usage patterns

2.3 To Communicate With You

  • Respond to your questions and requests
  • Send service updates and announcements
  • With your consent, send product updates or relevant information

3. How We Share Information

3.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties.

3.2 Service Providers

We work with service providers who help us operate our business:

  • Hosting: Cloud infrastructure providers
  • Payments: Payment processing services
  • Analytics: Usage analytics tools
  • Email: Email delivery services

These providers only access data necessary to perform their services and are required to protect it.

3.3 Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes
  • Respond to government requests
  • Protect our rights or safety
  • Prevent fraud

3.4 With Your Consent

We may share information when you explicitly ask us to or give permission.

4. Data Security

We implement reasonable security measures to protect your data:

  • Encryption: Data is encrypted in transit using TLS
  • Access Controls: Access to data is restricted to those who need it
  • Secure Infrastructure: We use reputable cloud providers with strong security practices

No system is perfectly secure. We take reasonable precautions, but cannot guarantee absolute security.

5. Data Retention

5.1 While Your Account Is Active

We retain your data while your account is active and you are using our services.

5.2 After Account Closure

  • 30 days: Data available for export
  • 90 days: Data deleted from active systems
  • Longer: Some data may be retained in backups or for legal compliance

6. Your Rights

6.1 Access and Export

You can access your data through your account. You can export your data in standard formats.

6.2 Correction

You can update your account information at any time.

6.3 Deletion

You can request deletion of your account and data by contacting us. Some data may be retained for legal compliance.

6.4 Marketing Communications

You can opt out of marketing emails using the unsubscribe link in any email.

6.5 Additional Rights

Depending on your location, you may have additional rights under laws like GDPR or CCPA. Contact us to exercise these rights.

7. Cookies

We use cookies to:

  • Keep you logged in
  • Remember your preferences
  • Understand how you use our products

You can control cookies through your browser settings. Disabling cookies may affect functionality.

8. Third-Party Links

Our services may contain links to third-party websites. We are not responsible for their privacy practices. Review their policies before providing information.

9. Children

Our services are not intended for individuals under 18. We do not knowingly collect data from minors. If you believe we have, please contact us.

10. International Transfers

Your data may be processed in countries other than your own. We take steps to ensure appropriate protections are in place when transferring data internationally.

11. Changes to This Policy

We may update this policy. Material changes will be communicated via email. The date at the top indicates when this policy was last updated.

12. Contact Us

For privacy questions or to exercise your rights:

  • Email: rohit@aifortess.com
  • Subject: Privacy Request
  • Phone: +91-9816670056
  • Address: Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates

We respond to privacy requests within 30 days.

Effective Date: December 31, 2025

Questions? Reach out to rohit@aifortess.com.