Privacy Policy

Last Updated: June 2026

1. Introduction and Identity of the Controller

90 AI Engineering ("Company," "we," "us," or "our") is a global AI engineering venture currently in the process of corporate consolidation, operating under Meydan Free Zone, Dubai, United Arab Emirates. We respect your privacy and are committed to protecting your personal data in compliance with all applicable data protection regulations worldwide.

This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you visit our website at 90aiengineering.com, interact with our services, or communicate with us.

Data Controller: 90 AI Engineering
Legal Headquarters: Meydan Free Zone, Dubai, United Arab Emirates
Operational Status: International operations in process of incorporation and corporate consolidation
Data Protection Contact: hq@90ai.engineering

2. Data We Collect

2.1 Information You Provide Directly

When you interact with our website or services, we may collect the following information that you voluntarily provide:

Contact Forms: Full name, email address, phone number, company name, job title, and message content when you submit inquiries, request a consultation, or request a demo
Service Requests: Technical specifications, project requirements, and business information necessary to scope and deliver AI engineering services
Communication Data: Content of emails, chat messages, and all forms of written correspondence between you and 90 AI Engineering
Payment Information: Billing details and payment method data processed through secure third-party payment processors (we do not store raw card numbers)
Account Credentials: Username and password if you create an account or client portal access on our platform

2.2 Information Collected Automatically

When you visit our website, certain data is collected automatically through technical means:

Analytics Data: Pages visited, time spent on each page, links clicked, traffic sources, bounce rates, and conversion events via analytics tools (e.g., Google Analytics 4)
Device and Technical Information: Browser type and version, operating system, IP address, device type, screen resolution, and device identifiers
Log Data: Server logs, access timestamps, error reports, and HTTP request data
Cookies and Tracking Technologies: As described in our Cookie Policy, we use cookies and similar technologies to enhance your experience and track site performance
Approximate Location: Geographic location inferred from your IP address (country/city level only — we do not collect precise GPS location)

2.3 Information from Third Parties

We may receive information about you from third-party sources such as:

Business directories and professional networks (e.g., LinkedIn) when you engage with our content
Marketing and analytics platforms when you interact with our advertisements
Referral partners who recommend our services to you

3. Legal Basis for Processing

3.1 GDPR Compliance — EU/EEA Residents (Regulation 2016/679)

We process your personal data under the following legal bases pursuant to GDPR Article 6:

Consent — Article 6(1)(a): For non-essential cookies, marketing communications, and newsletter subscriptions. You may withdraw consent at any time without affecting the lawfulness of prior processing
Contract Performance — Article 6(1)(b): To negotiate, enter into, and fulfill AI engineering service agreements and respond to pre-contractual inquiries
Legal Obligation — Article 6(1)(c): To comply with applicable laws, tax regulations, financial reporting obligations, and regulatory requirements
Legitimate Interests — Article 6(1)(f): For fraud prevention, information security, website optimization, and business analytics — where such interests do not override your fundamental rights and freedoms

For special category data (e.g., health or biometric data), we apply the stricter requirements of GDPR Article 9 and process only with your explicit consent or as permitted by law.

3.2 CCPA/CPRA Compliance — California Residents

For California residents, we process personal information as permitted under CCPA § 1798.100 et seq. and CPRA (California Privacy Rights Act). Your specific rights are detailed in Section 7.2 below.

4. Purposes of Processing

We use your personal data exclusively for the following lawful purposes:

Service Delivery: Providing, operating, maintaining, and improving AI engineering services and client support
Client Communication: Responding to inquiries, sending project updates, and conducting business correspondence
Marketing Communications: Sending promotional content, newsletters, and service updates — only with your prior consent or as otherwise permitted by law
Website Analytics: Understanding user behavior, optimizing website performance, and improving user experience
Legal Compliance and Security: Preventing fraud, detecting unauthorized access, fulfilling legal obligations, and protecting our rights
Product Development: Developing new services, conducting anonymized market research, and improving technical offerings
Financial Administration: Invoicing, payment processing, and financial record-keeping

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information only under the following circumstances:

Service Providers and Processors: Third-party vendors who perform services on our behalf — including cloud hosting, analytics, payment processing, email delivery, and customer support — under strict data processing agreements that prohibit unauthorized use
Legal Requirements: When compelled by law, court order, subpoena, or government authority, we disclose data as legally mandated and, where possible, notify you
Protection of Rights: To investigate fraud, protect the safety of individuals, enforce our terms, or defend legal claims
Business Transfers: In the event of a merger, acquisition, or sale of assets, data may transfer as part of the transaction; we will notify you before your data is transferred and subject to a different privacy policy
With Your Consent: For any other sharing, we request your explicit prior consent

6. Data Security and Retention

6.1 Security Measures

We implement industry-standard technical and organizational security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction:

Encryption in Transit: All data transmitted between your browser and our servers is protected using SSL/TLS encryption (HTTPS)
Access Controls: Strict role-based access controls limit employee access to personal data on a strictly need-to-know basis
Data Minimization: We collect only data that is necessary and proportionate to the stated purpose
Security Monitoring: Continuous monitoring, intrusion detection, and regular vulnerability assessments
Processor Vetting: All third-party processors are vetted and bound by data processing agreements with equivalent security standards

6.2 Data Retention Periods

Contact Form Data: 3 years from last contact, or as required by law
Service and Contract Data: Duration of the contract + 7 years for financial compliance purposes
Analytics Data: 13 months (then aggregated/anonymized)
Marketing and Communications Data: Until you unsubscribe or withdraw consent, plus 30 days for processing
Legal and Compliance Records: As required by applicable law (typically 5–10 years)

After retention periods expire, data is securely deleted or irreversibly anonymized.

7. Your Rights

7.1 GDPR Rights — EU/EEA Residents

Under the GDPR, EU/EEA residents have the following enforceable rights:

Right of Access (Article 15): Obtain confirmation of whether we process your data and receive a copy in a portable format
Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data
Right to Erasure / "Right to be Forgotten" (Article 17): Request deletion of your data where it is no longer necessary for its original purpose, you withdraw consent, or you object to processing
Right to Restrict Processing (Article 18): Request that we limit how we use your data pending a dispute or correction
Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format for transfer to another controller
Right to Object (Article 21): Object to processing for direct marketing or based on legitimate interests
Right to Withdraw Consent: Revoke consent at any time via email or our cookie preference manager
Right to Lodge a Complaint: Submit a complaint to your national Data Protection Authority (DPA) if you believe we have violated your rights

7.2 CCPA/CPRA Rights — California Residents

California residents have the following rights under the California Consumer Privacy Act and California Privacy Rights Act:

Right to Know and Access (§ 1798.100): Request the categories and specific pieces of personal information we have collected, used, disclosed, or sold
Right to Delete (§ 1798.105): Request deletion of personal information we hold, subject to certain exceptions
Right to Correct (§ 1798.106): Request correction of inaccurate personal information
Right to Opt-Out of Sale or Sharing (§ 1798.120): Opt-out of the sale or sharing of personal information for cross-context behavioral advertising
Right to Limit Use of Sensitive Information (§ 1798.121): Limit our use of sensitive personal information to necessary purposes
Right to Non-Discrimination (§ 1798.125): We will not discriminate against you for exercising any of these rights

7.3 How to Exercise Your Rights

Submit your request to: hq@90ai.engineering with subject line: "Privacy Rights Request – [Your Name]"

We will acknowledge your request within 10 business days and provide a substantive response within 30 days (extendable by 60 additional days with notice). We may verify your identity before fulfilling requests. There is no charge for exercising your rights.

8. International Data Transfers

As a global venture, 90 AI Engineering may transfer personal data across international borders. For transfers from the EU/EEA to third countries, we apply appropriate safeguards including:

Standard Contractual Clauses (SCCs): European Commission-approved clauses ensuring equivalent data protection
Adequacy Decisions: Transfers to countries with an EU adequacy decision (e.g., UK, Switzerland, UAE — pending decision)
Explicit Consent: Where other safeguards are unavailable, transfers occur only with your informed, explicit consent

The UAE (Meydan Free Zone) has developing data protection frameworks. We ensure all cross-border transfers maintain GDPR-equivalent standards through contractual mechanisms.

9. Cookies

For detailed information on how we use cookies and tracking technologies, and how you can manage your preferences, please review our Cookie Policy.

10. Children's Privacy

Our website and services are directed exclusively to individuals aged 18 and over. We do not knowingly collect personal data from minors under 18. If we discover that a minor has provided personal data, we will delete it promptly. If you believe a minor has provided us with data, contact us immediately at hq@90ai.engineering.

11. Third-Party Links

Our website may contain links to third-party websites, tools, or services. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, services, or applicable law. The "Last Updated" date at the top will be revised for each update. Continued use of our services following a material change constitutes acceptance of the updated policy. For significant changes, we will provide prior notice by email or prominent notice on our website.

13. Contact

Email: hq@90ai.engineering
Company: 90 AI Engineering
Registered Address: Meydan Free Zone, Dubai, United Arab Emirates

This Privacy Policy is designed to comply with GDPR (EU 2016/679), CCPA (California Civil Code § 1798.100 et seq.), CPRA, and other applicable data protection regulations globally.