Privacy Policy

1. Who We Are

Solvagence AI Consulting Limited ("Solvagence", "we", "us", "our") is a company registered and operating from the Dubai International Financial Centre (DIFC), Dubai, United Arab Emirates. Solvagence Agency is a division and service line of Solvagence AI Consulting Limited, providing AI-native digital and enterprise transformation services accessible at agency.solvagence.com. The wider Solvagence Group is accessible at solvagence.com.

As a DIFC-registered entity, we are subject to and fully comply with the DIFC Data Protection Law No. 5 of 2020 (the "DIFC DP Law") as our primary data protection framework. Where we engage with individuals in the European Economic Area, the General Data Protection Regulation (GDPR) also applies. Where we engage with individuals in the UAE mainland, UAE Federal Decree-Law No. 45 of 2021 (UAE PDPL) applies.

2. What Data We Collect

2.1 Data You Submit to Us

When you complete the enquiry form on our website, you provide us with the following personal data:

• First name and last name
• Business email address
• Company or organisation name
• Job title or role
• Service area of interest
• Message content describing your challenge or requirements

This information is voluntarily submitted by you and is used solely to respond to your enquiry and to conduct initial scoping for potential engagement.

2.2 Data Collected Automatically

When you visit our website, standard web server logs may capture your IP address, browser type, referring URL, and pages visited. This data is used for security monitoring and to maintain the technical integrity of our website. We do not use third-party analytics or advertising tracking scripts on this website.

2.3 Business Contact Data

In the course of business development, we may process contact information of representatives of organisations we engage with — including names, business email addresses, job titles, and telephone numbers — received through direct correspondence, professional networking platforms (such as LinkedIn), or referrals.

2.4 Data We Do Not Collect

We do not collect, process, or store special categories of personal data (such as health, biometric, racial, ethnic, political, or religious data) through this website. We do not collect payment card data through this website.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

• Responding to enquiries — to reply to messages submitted through our contact form or sent directly to our team
• Client engagement — to conduct discovery calls, prepare proposals, and manage client relationships
• Business communications — to send relevant updates, insights, or service information where you have indicated interest or where we have a legitimate business relationship
• Legal and contractual obligations — to fulfil our obligations under applicable law and under any contracts we enter into with you
• Security and fraud prevention — to protect our website and business operations

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

We do not sell, rent, or trade personal data to third parties for commercial purposes.

4. Legal Basis for Processing

Under the DIFC DP Law and GDPR, we rely on the following lawful bases for processing personal data:

• Consent — where you have freely and unambiguously submitted your details through our enquiry form, you have consented to us processing that data to respond to you. You may withdraw consent at any time by contacting us at the address below.
• Legitimate interests — we process business contact data on the basis of our legitimate interest in conducting business development activities, provided this does not override your fundamental rights and freedoms.
• Performance of a contract — where we have entered into a client engagement or services agreement with you, we process data as necessary to perform that contract.
• Legal obligation — where processing is required to comply with applicable law, including DIFC regulations and UAE law.

5. Data Sharing

We share personal data only in the following limited circumstances:

5.1 Within the Solvagence Group

Personal data may be shared internally across the Solvagence AI Consulting Limited group for the purposes of client service delivery, where relevant team members are located in our UAE, India, or USA offices. All such sharing is subject to appropriate confidentiality obligations.

5.2 Service Providers

We engage a limited number of trusted third-party service providers who process data on our behalf — for example, cloud infrastructure providers (Microsoft Azure, Amazon Web Services, or Google Cloud), email platforms, and project management tools. All such providers are subject to data processing agreements that require them to protect personal data to a standard consistent with applicable law.

5.3 Legal Requirements

We may disclose personal data where required to do so by law, by a DIFC authority, by a UAE regulatory body, or by a court of competent jurisdiction.

5.4 No Sale of Data

We do not sell, license, or otherwise commercially exploit personal data. We do not share personal data with advertisers or data brokers.

6. International Transfers

Our primary operations are based in DIFC, Dubai, UAE. We also have operational presence in Bengaluru, India and New Jersey, USA. Personal data may be transferred to and processed in these locations for the purposes of service delivery.

All international transfers of personal data are conducted in accordance with the DIFC DP Law transfer mechanisms, including reliance on adequate jurisdictions or appropriate safeguards such as standard contractual clauses where applicable.

Where data is transferred to India or the USA, we ensure that appropriate contractual protections are in place with the relevant personnel and entities.

7. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, or as required by law:

• Enquiry data — retained for up to 24 months from the date of the last meaningful interaction, or until a formal business relationship commences, at which point it is governed by our client data retention policy.
• Client data — retained for the duration of the engagement and for a period of six years thereafter, in accordance with UAE commercial law requirements and DIFC regulations.
• Business contact data — retained for as long as the professional relationship remains active and relevant, or until you request deletion.

When data is no longer required, we securely delete or anonymise it.

8. Your Rights

Under the DIFC DP Law, UAE PDPL, and GDPR (where applicable), you have the following rights in relation to your personal data:

• Right of access — to request a copy of the personal data we hold about you
• Right to rectification — to request correction of inaccurate or incomplete personal data
• Right to erasure — to request deletion of your personal data, subject to our legal retention obligations
• Right to restriction — to request that we restrict processing of your personal data in certain circumstances
• Right to object — to object to processing based on legitimate interests
• Right to data portability — to receive your personal data in a structured, commonly used format (where processing is based on consent or contract)
• Right to withdraw consent — to withdraw consent at any time where processing is consent-based, without affecting the lawfulness of processing before withdrawal

To exercise any of these rights, please contact our Data Protection Officer at the address below. We will respond within 30 days of receiving your request. Where requests are complex or numerous, we may extend this period by a further 60 days, in which case we will notify you.

If you are unsatisfied with our response, you have the right to lodge a complaint with the DIFC Commissioner of Data Protection at difc.ae.

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. These measures include:

• Encryption of data in transit (TLS) and at rest where applicable
• Access controls and role-based permissions limiting data access to authorised personnel
• Regular review of security practices aligned to our ISO 9001:2015 certified Quality Management System and our in-progress ISO 27001 Information Security programme
• Contractual data protection obligations with all relevant service providers

No method of transmission over the internet is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the DIFC Commissioner of Data Protection and, where required, the affected individuals, in accordance with the timelines stipulated in the DIFC DP Law.

10. Children's Data

Our services are directed at organisations and business professionals. We do not knowingly collect personal data from individuals under the age of 18. If you are under 18, please do not submit personal data through our website. If we become aware that we have inadvertently collected personal data from a minor, we will delete it promptly. If you believe a minor has submitted personal data to us, please contact us immediately.

11. Contact & DPO

For any questions relating to this Privacy Policy, or to exercise your data protection rights, please contact: