Privacy Policy

This Privacy Policy explains how qayskadhimdda Company L.L.C (“qayskadhimdda — AI Inquiry System”, “we”, “us”, or “our”) collects, uses, and safeguards information in connection with our AI Inquiry System for colleges and universities (the “Service”). This policy is designed for institutional customers (the “College” or “Customer”) and their end users (e.g., staff and students).

1) Roles & Scope

For most data processed on behalf of a College (e.g., student inquiries, uploaded department documents), the College is the data controller and qayskadhimdda — AI Inquiry System acts as a data processor. For our own website, platform accounts, billing, security and product analytics, qayskadhimdda — AI Inquiry System is the data controller.

2) Information We Process

• Account & Admin Data: name, email, phone, role, login metadata, and organization details provided by College administrators.
• Student Messages: inquiries and replies sent via WhatsApp and Web widget, language, timestamps, routing metadata (department/flow).
• Knowledge Sources: department documents uploaded by the College (e.g., PDFs, policies, FAQs), their metadata and embeddings.
• Integration Data: WhatsApp IDs/phone numbers (via Twilio/Meta), message SIDs, delivery status, and system logs.
• Payments & Subscriptions: billing contact, payment method tokens/last4 (via Stripe), invoices, receipts, wallet top-ups, storage subscriptions.
• Usage & Analytics: feature usage, error logs, performance metrics, storage consumption, and aggregated statistics (including Algolia-based search of conversation logs if enabled).
• Technical Data: IP address, device/browser information, cookies or local storage used for authentication and session management.

3) How We Use Information

• Provide, operate, and secure the Service.
• Route and respond to student inquiries correctly per department.
• Generate responses using AI models from verified sources uploaded by the College.
• Manage subscriptions, invoices, and wallet balances.
• Monitor quality, detect abuse, and improve accuracy.
• Provide customer support and notify about important changes.
• Comply with legal obligations and enforce terms.

4) Legal Bases

Where applicable (e.g., GDPR), we rely on one or more of: performance of contract, legitimate interests (e.g., security, product improvement), consent (where obtained by the College), and legal obligations.

5) Subprocessors & Key Services

We use trusted providers to deliver the Service. Depending on your configuration, these can include:

• Google Cloud (hosting, Cloud Functions/Run)
• Firebase (Firestore, Storage, Auth)
• OpenAI (LLM processing of inquiries)
• Twilio & Meta WhatsApp Business (messaging transport)
• Stripe (payments, subscriptions, invoicing)
• SendGrid (transactional email)
• Algolia (search/analytics for logs, if enabled)

We maintain agreements and security commitments with these providers. A detailed subprocessor list and a Data Processing Addendum (DPA) are available on request.

6) Retention

We retain data for as long as necessary to provide the Service, fulfill contractual or legal obligations, resolve disputes, and enforce agreements. Colleges may request deletion of conversation logs and uploaded sources subject to legal and technical limits.

7) Security

We implement administrative, technical, and physical safeguards, including role-based access, encryption in transit, audit logs, and continuous monitoring. No method of transmission or storage is 100% secure; we work to protect your data but cannot guarantee absolute security.

8) International Transfers

Data may be processed in jurisdictions outside your country (including the EU/EEA, US, and the UAE). Where required, we rely on appropriate safeguards such as contractual measures (e.g., Standard Contractual Clauses or equivalent).

9) Children’s Privacy

The Service is intended for higher-education institutions. We do not knowingly collect personal data from children under applicable age of consent. Colleges are responsible for ensuring lawful processing of student data under local regulations.

10) Your Rights

Depending on your location, you may have rights to access, correct, delete, or restrict your data. Where we act as processor, please contact your College directly; we will support the College in fulfilling such requests. Where we are controller (e.g., for billing contacts), you may contact us at info@qayskadhimdda.com.

11) Cookies & Similar Technologies

We use strictly necessary cookies/local storage for authentication and session management, and may use analytics in aggregated form to improve the Service. You can control cookies via your browser settings; some features may not work without them.

12) Changes to this Policy

We may update this Policy to reflect changes to our practices. Material changes will be communicated through the product or by email.

13) Contact Us

qayskadhimdda Company L.L.C, Dubai, United Arab Emirates. Email: info@qayskadhimdda.com.

This document is provided for informational purposes only and does not constitute legal advice. Please consult your counsel for specific guidance.