Privacy Policy

This Privacy Policy outlines how we collect, use, and protect your personal data when you interact with our AI-driven system. The system processes user queries using tools such as GPT models, vector databases, and external data sources (e.g., Wikipedia). It focuses on strategy consulting and macroeconomic data related to Saudi Arabia. We are committed to complying with GDPR, Saudi Arabia’s Personal Data Protection Law (PDPL), and UAE Federal Law No. 45 of 2021 on the Protection of Personal Data (PDPL)..

We collect and process the following types of data during your interactions:

• Chat Messages: Your chat messages are captured when you interact with the system. These inputs are temporarily processed and not stored unless needed for embedding.
• Embeddings: User data is vectorized using OpenAI’s models for efficient storage and retrieval in our system’s vector database.
• External Data Sources: The system may access external data sources (e.g., Wikipedia) for supplementary information, but no personal data is transmitted to these sources.

• Embedding Storage: Data is stored in Pinecone’s vector database hosted in the AWS eu-west-1 region to ensure compliance with GDPR. Embeddings are used for query matching and deleted when no longer required or at the user's request.
• AI Model Processing: Queries are processed using OpenAI GPT models. The API credentials required for accessing these models are securely stored, ensuring controlled access.

We collect and process data strictly for the following purposes:

• Providing AI-generated responses to queries on strategy consulting and macroeconomic data related to Saudi Arabia.
• Retrieving and presenting information from vector databases and external sources.
• Ensuring compliance with relevant legal frameworks for data protection (GDPR, Saudi PDPL, UAE PDPL).

• Temporary Data: Chat messages are processed temporarily and are deleted unless stored as embeddings.
• Embeddings: These are retained only for as long as necessary for query processing. Users can request deletion at any time, and the vector data will be permanently removed.

Data processing is conducted within the AWS eu-west-1 region to comply with GDPR regulations for European users. For Saudi Arabian and UAE users, data processing aligns with local regulations ensuring that personal data is handled and stored in compliance with the Saudi Personal Data Protection Law and UAE Federal Law No. 45 of 2021.

• Data transfers between our systems and third-party providers (OpenAI, Pinecone) are encrypted using secure protocols such as HTTPS.

You have the following rights under GDPR, Saudi PDPL, and UAE PDPL:

• Access: You can request information on the personal data we hold about you.
• Correction: You may request the correction of any inaccurate personal data.
• Deletion: You can request the deletion of your personal data, including embeddings stored in Pinecone.
• Consent Withdrawal: You can withdraw your consent at any time without affecting the legality of data processing that occurred before the withdrawal.

We implement strict measures to ensure the protection of your data:

• Credential Management: All sensitive credentials, such as API keys for OpenAI and Pinecone, are securely managed through our system's credential management tool.
• Encryption: Data transfers between our platform and third-party services are encrypted to prevent unauthorized access.

For users in Saudi Arabia, we ensure full compliance with the Saudi Personal Data Protection Law (PDPL). This includes:

• Consent: Explicit user consent is required for processing personal data.
• Data Residency: We ensure that personal data is processed and stored in compliance with Saudi data localization requirements, and no unauthorized data transfers occur outside Saudi Arabia.
• Data Security: Saudi PDPL-compliant measures are in place to protect personal data from unauthorized access or breaches.

For users in the UAE, we comply with Federal Law No. 45 of 2021 on the Protection of Personal Data. Key points include:

• Explicit Consent: Users must consent to their personal data being processed by the system.
• Data Security: Personal data is stored in data centers compliant with UAE data protection regulations, ensuring that unauthorized third parties do not have access.

We may periodically update this Privacy Policy to reflect changes in data processing practices, legal requirements, or business needs. Users will be notified of significant changes and can review the updated policy.

For questions or concerns regarding this Privacy Policy, or to exercise your rights under applicable data protection laws, please contact our Data Protection Officer at david@impaxity.com.

By using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy.