sandan AI

Privacy Policy

Effective Date: September 1, 2025

1. Introduction

sandan.ai ("Company", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website sandan.ai and use our software-as-a-service platform (collectively, the "Service").Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

Register for an account
Use the Service
Contact us for support
Subscribe to our newsletter
Participate in surveys or promotions
This information may include:
Name and contact information (email address, phone number)
Account credentials (username, password)
Payment information (credit card details, billing address)
Profile information and preferences
Communications with us

2.2 Information Automatically Collected

When you access the Service, we automatically collect certain information, including:

IP address and location data
Browser type and version
Operating system
Device information
Usage data (pages visited, time spent, features used)
Cookies and similar tracking technologies

2.3 Information from Third Parties

We may receive information about you from third parties, such as:

Social media platforms (if you connect your accounts)
Payment processors
Analytics providers
Marketing partners

3. Legal Basis for Processing (GDPR & UAE PDPL)

We process your personal data based on the following legal grounds:

3.1 Contract Performance

Processing necessary to perform our contract with you or to take steps at your request before entering into a contract.

3.2 Legitimate Interests

Processing necessary for our legitimate interests, such as:

Providing and improving the Service
Ensuring security and preventing fraud
Marketing and business development
Complying with legal obligations

3.3 Consent

Where you have given explicit consent for specific processing activities, such as:

Marketing communications
Non-essential cookies
Special categories of personal data

3.4 Legal Obligation

Processing necessary to comply with legal obligations under UAE, EU, or other applicable laws.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Provision

Creating and managing your account
Providing access to the Service
Processing payments and transactions
Providing customer support
Communicating about the Service

4.2 Service Improvement

Analyzing usage patterns and trends
Developing new features and functionality
Conducting research and analytics
Testing and optimization

4.3 Marketing and Communications

Sending promotional materials (with consent)
Providing updates about the Service
Conducting surveys and market research
Personalizing your experience

4.4 Legal and Security

Complying with legal obligations
Protecting against fraud and abuse
Enforcing our Terms and Conditions
Resolving disputes

5. Information Sharing and Disclosure

5.1 Service Providers

We may share your information with third-party service providers who perform services on our behalf, including:

Cloud hosting providers
Payment processors
Analytics providers
Customer support platforms
Marketing service providers

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5.3 Legal Requirements

We may disclose your information when required by law or in response to:

Court orders or legal processes
Government requests
Protection of our rights and property
Public safety concerns

5.4 Consent

We may share your information with your explicit consent for specific purposes.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United Arab Emirates, United States, and European Union. We ensure appropriate safeguards are in place for such transfers, including:

Adequacy decisions by relevant authorities
Standard Contractual Clauses
Binding Corporate Rules
Other approved transfer mechanisms

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

Account information: Until account deletion plus 7 years for legal compliance
Payment information: 7 years for tax and accounting purposes
Usage data: 2 years for analytics and service improvement
Marketing data: Until you unsubscribe or object to processing

8. Your Data Protection Rights

8.1 Rights Under GDPR (EU Residents)

If you are in the European Union, you have the following rights:

Right of Access: Request copies of your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your data
Right to Restrict Processing: Request limitation of processing
Right to Data Portability: Request transfer of your data
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time

8.2 Rights Under UAE PDPL (UAE Residents)

If you are in the UAE, you have similar rights including:

Right to access your personal data
Right to correct inaccurate data
Right to request deletion
Right to restrict processing
Right to data portability
Right to object to processing

8.3 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days (or as required by applicable law).

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

Essential Cookies: Necessary for the Service to function
Analytics Cookies: Help us understand how you use the Service
Marketing Cookies: Used to deliver relevant advertisements
Preference Cookies: Remember your settings and preferences

9.2 Cookie Consent

We obtain your consent before using non-essential cookies. You can manage your cookie preferences through our cookie consent banner or browser settings.

9.3 Third-Party Cookies

Our Service may contain cookies from third parties such as Google Analytics, social media platforms, and advertising networks.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

For users between 13 and 16 years of age, we require parental consent before collecting their personal information.

11. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit and at rest
Access controls and authentication
Regular security assessments
Employee training on data protection
Incident response procedures
However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

12. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours
Notify affected individuals without undue delay
Provide information about the breach and steps being taken
Maintain a record of all data breaches

13. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the updated policy on our website
Sending an email notification
Providing notice through the Service
Your continued use of the Service after such modifications constitutes your acceptance of the updated Privacy Policy.

15. Contact Information

15.1 Data Controller

sandan AI Ltd is the data controller for your personal information.

For EU commercial offers and enterprise solutions, the data controller is OnePercent GmbH (currently being renamed to sandan KI GmbH), Rankestraße 8, 10789 Berlin, Germany.

15.2 Contact Details

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@sandan.ai

Address: sandan AI Ltd
Innovation One, Trade Centre DIFC
Dubai, United Arab Emirates

15.3 Data Protection Officer

If required by applicable law, our Data Protection Officer can be contacted at: Email: dpo@sandan.ai

15.4 Supervisory Authorities

You have the right to lodge a complaint with the relevant supervisory authority:

UAE: UAE Data Office

EU: Your local data protection authority

16. Special Provisions

16.1 Automated Decision-Making

We may use automated decision-making processes for fraud prevention and service personalization. You have the right to request human intervention and challenge such decisions.

16.2 Marketing Communications

You can opt-out of marketing communications at any time by: