Skip to content

Privacy & Data Protection

Compliance language on this page describes our controls and commitments as a vendor. It is not legal advice, and statutory obligations that sit with you as data controller remain yours — we help you meet them.

01

Regulatory scope

We operate against four regimes: the Saudi Personal Data Protection Law (PDPL), the UAE PDPL, the EU General Data Protection Regulation (GDPR, for EU-lane work), and Egypt's Personal Data Protection Law No. 151/2020. For each, we implement consent flows, purpose limitation, support for data-subject requests, and breach-notification support — while obligations that remain with you as the data controller stay yours.

02

Our role, and data retention

Nano AI acts as a processor for client-owned data. A Data Processing Agreement template is available on request as part of our procurement pack. We support client controllers in fulfilling access and deletion requests within their statutory windows.

Retention defaults are set per service — conversation logs, call audio, and documents each have a default retention period, with per-client overrides available in the statement of work.

03

Cross-border transfer & regional hosting

For clients requiring in-region data residency, we deploy on GCC cloud regions — including UAE, Saudi Arabia, and Bahrain regions of the major cloud providers — and configure model access through endpoints consistent with the client's residency requirements. Where a required capability has no in-region option, we say so in the Assess-stage risk register before you sign, not after.

FAQ

Frequently asked questions

01

02

Chat on WhatsApp