AiAiya
Legal

Privacy Policy

Last updated: 7 June 2026

This Privacy Policy explains how Aiya (“Aiya”, “we”, “us”) handles personal data collected through aiyahr.com and through the Aiya AI workforce management platform. We have written this policy to align with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, “PDPL”).

1. Who is responsible for your data

Aiya is operated by CloudSync Technologies LLC, a company registered in the United Arab Emirates. We act as a data controller for data you provide directly through this website (for example, the lead forms on the /demo and /contact pages) and as a data processor for workforce data your organisation uses Aiya to process.

2. What we collect

From this website

  • Contact details you submit — name, email, company, staff count, message.
  • Technical data — IP address, browser, device, referrer, pages visited (analytics).
  • Cookies and similar storage — see our Cookie Policy.

From the Aiya platform (only for customers)

  • Workforce identifiers — staff name, role, employer-issued ID, contact details.
  • Biometric data — facial geometry derived from an enrolled photo, used only for attendance verification.
  • Location data — GPS coordinates captured at the moment of check-in or check-out. We do not track location continuously.
  • Attendance and roster records — shifts, leave, overtime, working-hour totals.
  • Document expiry data — visa, labour card, medical-fitness, professional licence (where applicable).

3. Why we use it

  • Respond to enquiries and demo requests submitted through this site.
  • Run, secure, and improve the Aiya platform on behalf of customers.
  • Meet UAE Labour Law and other regulatory record-keeping requirements (working-hour records, payroll exports).
  • Measure how this website is used, with your consent (analytics).

4. Legal bases

We rely on (a) your consent for biometric data and for analytics cookies; (b) performance of a contract with our customers and their staff use of the platform; (c) our legitimate interests in running this website, responding to enquiries, and securing our services; and (d) compliance with a legal obligation where the law requires us to keep records.

5. Biometric data — how we handle it

Aiya uses facial geometry for attendance verification, which is classified as biometric data under the PDPL. We apply the following safeguards by default:

  • Explicit consent is captured from the staff member before any biometric data is processed.
  • Encryption at rest and in transit.
  • UAE-aligned regional data centre — biometric data is not sent to third-party AI providers.
  • Configurable retention — biometric records are auto-deleted after a window your organisation configures. The audit trail (who, when, where, with what confidence) is kept separately, without the biometric image.
  • Data-subject rights — staff can request access to, correction of, or erasure of their biometric data through their organisation, who can act on the request in the platform.

6. Sharing

We do not sell personal data. We may share data with:

  • Sub-processors we use to operate the platform (hosting, email delivery, error monitoring). Each sub-processor is bound by appropriate contractual safeguards.
  • Authorities and regulators, where we are legally required to do so.
  • Professional advisers (auditors, lawyers) under confidentiality obligations.

7. Retention

  • Lead enquiries — up to 24 months from the last contact, unless you ask us to delete sooner.
  • Workforce attendance records — for the legally required period under UAE Labour Law, plus a reasonable buffer for audit.
  • Biometric data — only for the configured retention window (see section 5).
  • Backups — deletion in backups follows our backup rotation schedule.

8. Your rights

Under the UAE PDPL you have the right to:

  • Access the personal data we hold about you.
  • Ask us to correct inaccurate data.
  • Ask us to delete data, where there is no overriding legal requirement to retain it.
  • Object to or restrict certain processing.
  • Withdraw any consent you have given.
  • Lodge a complaint with the UAE Data Office.

To exercise any of these rights, contact us at privacy@aiyahr.com. We will respond within the timeframes set by the PDPL.

9. International transfers

We prefer to keep your data in a UAE-aligned regional data centre. Where we transfer data outside the UAE (for example, to a sub-processor running an error-monitoring service), we ensure the transfer relies on a lawful basis under the PDPL and is protected by appropriate safeguards.

10. Children

Aiya is intended for organisational use. We do not knowingly collect personal data from anyone under 18 in connection with this website. The Aiya platform processes workforce data, and staff under 18 are subject to additional UAE labour-law protections that your organisation is responsible for upholding.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the date of the most recent change. Material changes will be highlighted on the homepage or sent to customers via email.

12. Contact

Aiya / CloudSync Technologies LLC
Email: privacy@aiyahr.com
Website: /contact