ServicesCase StudiesPricingIndustriesClinics & HealthcareReal EstateLaw FirmsAboutContactالعربيةFree 20-min Audit
Privacy Notice

Privacy Notice

Last updated: April 2026. This notice describes how SGON.AI processes personal data in accordance with Federal Decree-Law No. (45) of 2021 on the Protection of Personal Data (PDPL).

1. Data Controller

SGON.AI, operating under DED Trader License 1598291, Dubai, UAE.
Contact: mailbox@sgon.ai

2. Purposes of Processing

We process personal data solely to respond to inbound inquiries, schedule discovery calls, and deliver the services you request. We do not use data for profiling, automated decision-making, or marketing to third parties.

3. Lawful Basis

Processing is based on your consent, given when you initiate contact via WhatsApp, email, or Calendly. You may withdraw consent at any time by contacting us at the email above.

4. Data Categories

  • Name (if provided)
  • Email address (if provided)
  • WhatsApp phone number (if you contact us via WhatsApp)
  • Company name and industry (if provided during scheduling)

5. Recipients & Transfers

We do not sell or share personal data with third parties for their own purposes. The following processors are used strictly to facilitate communication and scheduling:

  • WhatsApp (Meta Platforms) — messaging
  • Calendly — appointment scheduling
  • Google Workspace — email hosting

These processors may store data outside the UAE. Where this occurs, transfers are governed by the processor's own data-protection commitments and, where applicable, standard contractual clauses.

6. Retention

Personal data from inquiries that do not result in an engagement is retained for a maximum of 90 days after the last interaction, then permanently deleted. Data relating to active engagements is retained for the duration of the engagement plus the legally required retention period.

7. Your Rights

Under the PDPL you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Request portability of your data
  • Object to processing
  • Lodge a complaint with the UAE Data Office

To exercise any of these rights, email mailbox@sgon.ai. We will respond within 14 days.

8. Data Request Contact

For all data-related requests and questions regarding this notice:
mailbox@sgon.ai

This notice is governed by the laws of the United Arab Emirates, including Federal Decree-Law No. (45) of 2021 on the Protection of Personal Data (PDPL), and any implementing regulations or guidance issued thereunder.

About — how I stay safe to work with

One senior engineer, a named standby, and a written plan for everything you'd need if I disappeared tomorrow.

Hiring a one-engineer AI practice is efficient, but it concentrates risk. This page exists so you don't have to ask the awkward questions on a sales call. Every section below answers a specific objection I would raise if I were on your side of the table.

Continuity & code escrow

Every production deployment ships with source code, model weights, configuration, and a redeployment runbook held by a neutral third-party escrow agent. The contract defines the release triggers — incapacity, insolvency, missed response SLAs — so you are not negotiating with anyone during an incident. Models and data live on your infrastructure from day one, not mine.

Professional indemnity & insurance posture

SGON.AI carries professional indemnity cover appropriate to the engagement size. For any project over AED 50,000 I share the policy summary before contract signature and name you as an interested party where the insurer permits. Liability caps match the engagement value and do not limit statutory data-protection liabilities.

Named sub-processors (PDPL Article 24)

Where a deployment uses third-party processing (for example, hosted LLM inference during a pilot before the on-prem model is tuned), the sub-processor list is given to you in writing before any data flows. No silent fan-out. Default engagements use zero external sub-processors — that's the whole point of on-prem.

Named standby collaborator

Two independent engineers with signed NDAs hold read-only access to every active client's codebase and the escrow release credentials. Either can step in within 48 hours if I am incapacitated. You meet the standby before the contract is signed, not after an incident.

If I'm incapacitated

Short version: your system keeps running on your hardware, the standby collaborator has read access from day one, the escrow releases your full source and runbook on documented triggers, and your retainer is refunded pro-rata. Long version is in the contract — I'll walk you through it on the call.

Geography, jurisdiction, and law

SGON.AI operates out of Dubai, UAE. Contracts are governed by UAE law; DIFC and ADGM jurisdiction clauses are available at no extra cost for clients who require them. All personal data processing complies with UAE PDPL (Federal Decree-Law 45/2021) and, where applicable, DIFC Data Protection Law 5/2020.

Still have questions?

The goal of this page is to answer the questions that usually surface in month three, not month one. If yours isn't here, that's a gap in how I've written this — tell me and I'll fix it.