TALK TO US RAISEOS BY KLUB.AI — PRIVACY POLICY
DIFC-registered with an AI Innovation License
Introduction
This Privacy Policy explains how RaiseOS by klub.ai (“we”, “us”) collects, uses, discloses and protects personal data processed through the RaiseOS service (“Service”). We operate from the Dubai International Financial Centre (DIFC) and aim to comply with applicable data-protection laws, including the DIFC Data Protection Law 2020 (as amended) and the UAE Federal Personal Data Protection Law (PDPL), as applicable. Where we operate in other countries, local addenda may apply.
Roles and how we process data
- For personal data in Customer Content supplied to meet Customer requirements, the Customer is the controller and RaiseOS acts as processor.
- For limited platform operations where we determine purposes and means (e.g., security monitoring, telemetry, abuse prevention, billing/contact records), RaiseOS acts as controller.
- Third-Party Services that a Customer chooses to connect are separate services governed by their own terms and privacy policies.
Personal data we process
- Account and profile: name, business contact details, company/role, login and role metadata.
- Operational content: files, forms, messages, task records and other materials that Customer uploads or instructs us to ingest.
- Usage and telemetry: device/browser information, IP addresses, event logs, performance metrics and diagnostics.
- Support and communications: tickets, feedback and correspondence.
- Marketing and websites: form submissions and interaction data from our sites (where applicable and subject to consent where required).
Sources of data
- Directly from Customers and authorised users via the Service (forms/uploads/chat).
- From systems Customers ask us to connect (APIs, storage, email ingestion).
- Automatically through cookies or similar technologies used for authentication, security and (where permitted) analytics.
- From service providers that support the Service.
Purposes and legal bases
- Provide, operate and secure the Service and requested connections (contract; legitimate interests).
- Generate outputs from Customer inputs and requirements (contract; legitimate interests).
- Provide support, troubleshoot and improve reliability, safety and performance (legitimate interests; consent where required for analytics).
- Manage our relationship with Customers, including billing and notices (contract; legitimate interests).
- Comply with law and respond to lawful requests (legal obligation).
Where we rely on legitimate interests, we balance those interests against data-subject rights. Where consent is required by law, we obtain and record it and provide a withdrawal mechanism.
Disclosures and recipients
We may share personal data with service providers and sub-processors (hosting, storage, support, monitoring), professional advisers, corporate affiliates, and authorities where legally required. We may pass data to Third-Party Services that a Customer chooses to connect to the Service, as necessary to fulfil the Customer’s instructions. We do not sell personal data.
Current sub-processors: see Sub-processor Register.
International transfers
Personal data may be processed outside the DIFC or the United Arab Emirates. Where required, we use recognised transfer tools (e.g., adequacy, contractual safeguards or other permitted mechanisms) and maintain appropriate records and assessments. See the Sub-processor Register for regions and safeguards.
Security overview
We maintain administrative, technical and physical measures appropriate to risk, including access controls, encryption in transit and at rest where applicable, monitoring, backup and disaster recovery, incident response and vendor due-diligence. Customers manage their user access and endpoint protections. If you need additional detail, contact privacy@klub.ai.
Retention
We retain personal data for the term of the customer relationship and as required for legal, accounting and audit purposes. After that, we delete or anonymise data in line with our retention schedules and the Data Processing Addendum in the Terms, subject to legal holds.
Data-subject rights
Depending on applicable law, individuals may have rights to access, rectify, erase, restrict or object to processing, port data and complain to a supervisory authority. Where processing is based on consent, individuals may withdraw consent. Requests can be made to privacy@klub.ai. We will respond within applicable statutory timelines. When we act as processor, we will forward or support responses to Customer-directed requests.
Children
The Service is intended for business use and is not directed to individuals under 18.
Sub-processors
We use carefully selected sub-processors to host and operate the Service. A current list, with regions and purposes, is available in our Sub-processor Register. We provide advance notice of material changes and require contractual protections and appropriate safeguards.
Incident response and breach notification (summary)
Detection and triage; containment and eradication; assessment of impact and obligations; notifications to Customers, regulators and data subjects where required; post-incident review and remediation tracking. RaiseOS notifies Customers without undue delay upon becoming aware of a personal-data breach affecting the Service.
Contact
Data protection contact: [name or title]
Email: privacy@klub.ai
Address: DIFC, Dubai, United Arab Emirates
Changes to this policy
We may update this Privacy Policy for legal, technical or business reasons. For material changes we will notify you in product or by email before the effective date. Effective date and version are shown at the top of this page.
Annex A — Country and regulator addenda (framework)
- A1. DIFC Data Protection Law 2020 (as amended): roles, ROPAs, DPIAs, recognised transfer tools, notices.
- A2. UAE Federal PDPL: principles, rights, transfer rules or permitted derogations.
- A3. Additional countries on expansion: add regulator contact and local transfer mechanisms.
End of Privacy Policy
