Privacy Policy · Sai

1. Introduction

This Privacy Policy describes how SAI, operated by Seqoon Smart Solutions ("Seqoon AI", "SAI", "we", "us", or "our"), collects, uses, stores, and shares Personal Data in connection with the SAI platform, website, and related services (collectively, the "Services").

SAI is provided on a business-to-business (B2B) basis. This Policy therefore addresses the obligations of Seqoon AI as a Data Processor acting on behalf of its business customers (Data Controllers), as well as Seqoon AI's own data practices in operating the platform.

This Policy is governed by the Egyptian Personal Data Protection Law No. 151 of 2020 (the "PDPL") and, where applicable, the EU General Data Protection Regulation (the "GDPR"). In the event of conflict, the PDPL prevails for data processed in Egypt.

2. Scope and Applicability

This Policy applies to all Personal Data processed through the SAI platform, including data submitted by Users of our business customers, data provided by business customers themselves, and data generated through use of the Services.

This Policy does not apply to third-party services, platforms, or websites that may be accessed through or integrated with SAI. Those services are governed by their own privacy policies and Seqoon AI is not responsible for their data practices.

3. Definitions

For the purposes of this Policy:

Personal Data: Any information relating to an identified or identifiable natural person, including name, email address, phone number, IP address, and online identifiers.
Sensitive Personal Data: A subset of Personal Data warranting heightened protection under the PDPL, including financial data, health data, and data revealing mental, physical, or genetic status.
Data Controller: The entity that determines the purposes and means of processing Personal Data. In the B2B context, SAI's business customers act as Data Controllers in respect of their end-user data.
Data Processor: The entity that processes Personal Data on behalf of a Data Controller. Seqoon AI acts as Data Processor in respect of data submitted to the platform by business customers and their users.
Processing: Any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
User: An individual who accesses the SAI platform, whether directly or through a business customer's deployment.
Input: Text, audio, documents, or other data submitted to the SAI platform to generate AI outputs.
Output: AI-generated content, analysis, or responses produced by the SAI platform in response to Input.
DPA: Data Processing Agreement — the agreement governing Seqoon AI's processing of Personal Data on behalf of a business customer.
DPO: Data Protection Officer — the designated individual responsible for overseeing compliance with applicable data protection law.

4. Personal Data We Collect

We collect only the categories of Personal Data necessary to provide and operate the Services:

4.1 Account and Identity Data

When a business customer registers for the Services, we collect: full name, business email address, job title, company name, and telephone number. Where required for regulatory verification (e.g., AML compliance), we may collect national identification or passport numbers under a specific lawful basis.

4.2 User Input Data

Personal Data contained in text, audio, documents, or other content submitted to the platform as Input. This data is processed to generate AI Outputs and, subject to the terms of the applicable DPA, is not used for any other purpose without the Data Controller's prior written consent.

4.3 Technical and Usage Data

IP addresses, device identifiers, browser type and version, session data, and system logs collected automatically when Users access the platform. This data is used for security monitoring, access control, and performance diagnostics.

4.4 Usage Behaviour Data

Information about how Users interact with the platform, including feature usage patterns and query frequency. This data is processed in aggregated or anonymised form to improve the Services.

4.5 Financial Data

SAI does not store payment card details. All payment transactions are processed by PCI-DSS compliant third-party payment gateways. We retain only transaction reference data and billing records for accounting and regulatory purposes.

5. How We Collect Personal Data

Direct submission: data provided by business customers or their Users when creating accounts, submitting Input, or contacting support.
Automated collection: technical data collected automatically through cookies, server logs, and tracking technologies when Users access the platform. See Section 11 for more detail on cookies.
Third-party verification: identity and compliance data received from regulated verification providers where required under Egyptian AML or KYB obligations.
AI processing: Input submitted to the platform is processed in real-time to produce Output. Where a DPA permits model improvement, only anonymised or aggregated data is used.

6. How We Use Personal Data

We process Personal Data for the following specific purposes:

6.1 Service Delivery

To operate the SAI platform, process Inputs, generate Outputs, manage accounts, and provide customer support.

6.2 Security and Access Control

To authenticate users, enforce access controls, monitor for unauthorised access, and maintain the integrity and availability of the Services. This includes multi-factor authentication, role-based access management, and continuous security monitoring.

6.3 Platform Improvement

To improve the accuracy, safety, and technical performance of the SAI models, using only anonymised or aggregated data, and only where permitted under the applicable DPA.

6.4 Regulatory Compliance

To fulfil statutory obligations under the Egyptian PDPL, AML/KYB requirements, and any other applicable law.

6.5 Communications

To send security alerts, system notifications, service updates, and responses to support requests. Marketing communications are sent only with explicit consent and may be withdrawn at any time.

7. Legal Basis for Processing

Under the PDPL and, where applicable, the GDPR, we rely on the following legal bases:

Contractual necessity: processing required to perform our service agreement with the Data Controller or User.
Legal obligation: processing required to comply with applicable Egyptian law, including the PDPL, AML, and tax obligations.
Legitimate interests: processing necessary for platform security, fraud prevention, and service integrity, where these interests are not overridden by the rights and interests of Data Subjects.
Consent: for specific optional features, marketing communications, or model improvement activities where consent is required. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

Where Seqoon AI acts as Data Processor, the legal basis for processing is established by the Data Controller. Seqoon AI processes such data solely on documented instructions from the Data Controller.

8. Sharing Personal Data

We do not sell Personal Data. We share Personal Data only in the following circumstances and only to the extent necessary:

8.1 Infrastructure and Service Providers

Cloud infrastructure providers (such as AWS or Azure) and IT service providers who process data on our behalf under written DPAs and are contractually bound to process data only on our instructions.

8.2 AI Infrastructure Partners

Third-party AI model or infrastructure providers engaged to support service delivery. Data shared with such partners is anonymised or encrypted in accordance with the applicable DPA.

8.3 Regulatory and Legal Authorities

We will disclose Personal Data to Egyptian regulatory authorities, law enforcement, or courts where required by law or valid legal process. Where legally permitted, we will notify the Data Controller before complying.

8.4 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, Personal Data may be transferred to the successor entity. Affected parties will be notified in advance where required by law.

9. Cross-Border Data Transfers

Personal Data may be transferred to and processed in countries outside Egypt. All such transfers are conducted in compliance with the PDPL and, where applicable, Chapter V of the GDPR, and only where:

the destination country provides an adequate level of data protection as recognized by the relevant Egyptian authority;
appropriate safeguards are in place, such as Standard Contractual Clauses or binding corporate rules; or
the transfer is necessary for the performance of a contract and explicit consent has been obtained.

Details of the safeguards applicable to cross-border transfers are available from the DPO on request.

10. Data Retention and Disposal

Personal Data is retained only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law.

Account data is retained for the duration of the active service agreement and deleted within sixty (60) days of account closure, unless a longer retention period is required by law.
Input and Output data is retained in accordance with the applicable DPA. In the absence of specific agreement, Input data is retained for no longer than the active contract term.
Technical and security logs are retained for up to twelve (12) months for security monitoring and audit purposes.
Financial and billing records are retained for the period required under Egyptian tax and accounting law.

Upon expiry of the applicable retention period, Personal Data is securely deleted or irreversibly anonymised using industry-standard methods that prevent re-identification.

11. Cookies and Tracking Technologies

SAI uses cookies and similar tracking technologies to support platform functionality, security, and analytics. Cookies are small data files placed on your device when you access the platform.

We use the following categories of cookies:

Strictly necessary cookies: required for the platform to function, including authentication and session management. These cannot be disabled.
Analytics cookies: used to understand how Users interact with the platform in aggregate. These are deployed only with consent.

Users may manage cookie preferences through their browser settings or the consent management tool available on the platform. Disabling non-essential cookies will not affect access to the core Services.

12. Security

Seqoon AI implements appropriate technical and organisational measures to protect Personal Data against unauthorised access, disclosure, alteration, and loss. Measures include:

encryption of data at rest (AES-256) and in transit (TLS 1.2 or higher);
multi-factor authentication and role-based access control;
continuous vulnerability monitoring and periodic penetration testing; and
staff training on data protection and information security.

Seqoon AI maintains a SOC 2 Type II certified information security programme. Certification reports are available to business customers upon request under non-disclosure agreement.

No transmission of data over the internet is entirely secure. While we take all reasonable steps to protect Personal Data, we cannot guarantee absolute security.

13. Automated Processing and Decision-Making

The SAI platform generates automated Outputs in response to User Inputs. These Outputs do not constitute legally binding decisions about individuals and must be reviewed by a qualified human before being acted upon in any operational, legal, financial, or regulatory context.

Where AI-generated Outputs are used by a business customer to inform decisions that produce legal or similarly significant effects on individuals, the business customer, as Data Controller, is responsible for ensuring appropriate human oversight and a valid legal basis for such processing under the PDPL.

Users have the right to object to automated processing that has a significant effect on them. Such requests should be directed in the first instance to the relevant Data Controller (i.e., the business customer through whom the Services are accessed).

14. Data Subject Rights

Where Seqoon AI acts as Data Controller (e.g., in relation to account data of business customer contacts), individuals may exercise the following rights under the PDPL:

Right of access: to request a copy of the Personal Data we hold about you.
Right to rectification: to request correction of inaccurate or incomplete Personal Data.
Right to erasure: to request deletion of Personal Data where it is no longer necessary, or where consent is withdrawn and no other lawful basis applies.
Right to restriction: to request that processing be limited in specified circumstances.
Right to data portability: to receive your Personal Data in a structured, machine-readable format where processing is based on consent or contract.
Right to object: to object to processing based on legitimate interests, or to direct marketing.

Where Seqoon AI acts as Data Processor in respect of end-user data submitted by a business customer, requests from individuals should be directed to the relevant Data Controller. Seqoon AI will assist Data Controllers in responding to such requests in accordance with the applicable DPA.

To exercise rights in relation to data processed by Seqoon AI as Data Controller, please contact us. We will respond within the timeframes required by the PDPL.

15. Children's Data

The Services are not directed at individuals under the age of 18. Seqoon AI does not knowingly collect Personal Data from minors. If we become aware that Personal Data of a minor has been collected without appropriate parental or guardian consent, we will take prompt steps to delete that data.

Business customers who deploy the Services in contexts that may involve users under 18 are responsible for ensuring appropriate safeguards and parental consent mechanisms are in place.

16. Data Protection Officer

Seqoon AI has designated a Data Protection Officer responsible for overseeing compliance with applicable data protection law and serving as the primary point of contact with the Egyptian Personal Data Protection Centre (EDPC).

The DPO can be contacted at:

Email: Contact us

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with the EDPC or another competent supervisory authority.

17. Amendments to This Policy

We may revise this Policy from time to time to reflect changes in our practices, the Services, or applicable law. Material changes will be communicated to business customers at least thirty (30) days before taking effect, via email to the account contact address or through an in-platform notification.

The current version of this Policy is always available on this page. Continued use of the Services after the effective date of a revised Policy constitutes acceptance of the changes.

Business customers who do not accept material changes should notify Seqoon AI and may terminate the Services in accordance with their service agreement.

18. Contact

For any questions or concerns about this Privacy Policy or our data practices, please contact us.

Postal address: Cairo, Egypt

For matters relating to Personal Data processed by Seqoon AI as Data Processor on behalf of a business customer, please contact the relevant Data Controller in the first instance.