Clear Institutional Privacy
No vague promises. No overstated claims. This is a privacy policy written for organizations that handle sensitive data and need clear answers.
Last updated: May 2025 This policy applies to the AQLIYA platform and all its systems
Overview
AQLIYA is an institutional intelligence platform built for organizations that handle sensitive data and high-stakes decisions. This policy describes how we collect, store, process, and protect data with full transparency and without overstated claims.
Data We Collect
Platform Operations Data
Documents and data that your organization uploads for processing within AQLIYA systems (AuditOS, DecisionOS, LocalContentOS). This data is your organization's property and is processed exclusively within your isolated tenant environment.
Account and User Data
User names, institutional email addresses, job roles, and session records to enable RBAC and identity verification.
Audit and Activity Logs
Every action within the platform is recorded in an immutable audit log. These logs are your organization's property and are available for export at any time.
Diagnostic Usage Data
Anonymized data about platform performance and technical errors to improve service stability. Contains no business content or personal data.
What We Do Not Do
No Training on Your Data
Your organization's data is never used in any form to train AI models whether our internal models or third-party models.
No Cross-Tenant Sharing
Your organization's data is fully isolated. No other tenant can access or benefit from it in any way.
No Data Sale
We do not sell, rent, or trade customer data to any third party under any circumstances.
No Commercial Analysis of Customer Data
We do not use your document content or decision data for our own commercial analytics or marketing purposes.
AI Processing
When your data is sent to an AI model (whether internal or external), it is processed instantly and in real time. Model providers do not retain this data for training purposes under active enterprise service contracts. We treat AI models as real-time analytical tools not as permanent data repositories.
Data Residency and Hosting
AQLIYA hosts data by default in a Saudi or Gulf cloud region. Data is not transferred outside the agreed region without explicit written consent from the customer. We are committed to local data residency requirements and work with your team to verify compliance.
Your Organization's Rights
Full Access Right
You may request a complete report of all data we hold about your organization at any time.
Right to Correction
You may request correction of any inaccurate data related to your organization.
Right to Full Deletion
Upon contract termination, you may request deletion of all your organization's data, with written proof of execution provided within 30 days.
Right to Data Portability
You may request a full export of your data in machine-readable formats at any time.
Data Retention Policy
Data retention periods are defined by agreement with each customer in the service contract. Audit logs are retained for a minimum of 7 years for institutional compliance purposes unless the customer requests otherwise. Upon expiry of the agreed retention period, data is securely deleted with a deletion certificate provided.
Security Measures
We enforce TLS 1.3 for all communications and encryption for data at rest. Access to customer data is restricted to authorized personnel on a need-to-access basis, and all access is logged. For further details on the complete security architecture, refer to our Enterprise Security page.
Policy Updates
Any material change to this policy will be communicated to customers in writing at least 30 days before it takes effect. Changes will not retroactively affect existing data without customer consent.
Questions about privacy or data?
Our technical team is ready to answer any institutional questions about how we handle your organization's data before or after signing.