Legal

Privacy Policy

We believe privacy is a right, not a policy checkbox. Here is exactly what we collect, why we collect it, and how you stay in control.

Last updated: April 2, 2026UAE · GDPR Aligned
01

Introduction

AIONEX FZC (“AIONEX,” “we,” “our,” or “us”) is registered in Sharjah, UAE. We provide AI-powered business growth systems to small and medium enterprises across the UAE and GCC region.

This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you visit our website at aionex.ae, use our services, or communicate with us. By accessing our website or engaging our services, you acknowledge that you have read and understood this policy.

This policy is aligned with the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL) and, where applicable, the EU General Data Protection Regulation (GDPR).

02

Information We Collect

Information You Provide Directly

  • Contact details — full name, business name, email address, and phone number submitted via our contact form or consultation booking.
  • Business context — your industry, company size, and the business challenges you describe in free-text fields.
  • Communications — messages, emails, and other correspondence you send to us.

Information Collected Automatically

When you visit our website, we automatically collect certain technical and usage data to help us understand how our site is used and to improve your experience:

  • Log data — IP address, browser type and version, operating system, referring URL, and pages visited.
  • Device information — screen resolution, device type (desktop, tablet, mobile), and language preferences.
  • Usage data — pages viewed, time spent on pages, click patterns, scroll depth, and navigation paths.
  • Analytics data — aggregated and anonymised visitor counts, session durations, and traffic sources via Google Analytics 4.
  • Behaviour data — heatmaps and session recordings via Microsoft Clarity to understand how users interact with our site.

Information We Do Not Collect

We do not collect payment card details, national ID numbers, passport information, biometric data, or any special categories of sensitive personal data as defined under the UAE PDPL and GDPR.

03

How We Use Your Data

We use the information we collect for the following purposes:

  • Service delivery — to respond to your enquiries, schedule consultations, and deliver the services you have requested.
  • Communication — to send you updates, follow-ups, and information relevant to your enquiry or engagement with us.
  • Analytics and improvement — to understand how our website is used, identify areas for improvement, and optimise user experience.
  • Marketing (with consent) — to send you information about our services, case studies, and insights if you have opted in.
  • Legal compliance — to meet our obligations under UAE law, including record-keeping and fraud prevention.
  • Security — to detect and prevent fraudulent, abusive, or harmful activity on our website.

We process your data only where we have a lawful basis to do so — specifically: performance of a contract, compliance with a legal obligation, your explicit consent, or our legitimate business interests where these do not override your rights.

04

Information Sharing

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

Service Providers

We use trusted third-party service providers who process data on our behalf under contractual data processing agreements:

  • Vercel Inc. — website hosting and infrastructure (servers in the United States and EU).
  • Supabase Inc. — database and backend services for form submissions.
  • Resend Inc. — transactional email delivery for consultation confirmations.
  • Google LLC — analytics via Google Analytics 4; data is anonymised before transmission.
  • Microsoft Corporation — user behaviour analytics via Microsoft Clarity.
  • Upstash Inc. — rate limiting and caching infrastructure.

Legal Requirements

We may disclose your information if required to do so by UAE law, court order, or regulatory authority, or if we believe disclosure is necessary to protect the rights, property, or safety of AIONEX, our clients, or the public.

Business Transfers

If AIONEX is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

05

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Contact form submissions and consultation enquiries — retained for 3 years from last contact.
  • Client engagement records — retained for 7 years in compliance with UAE commercial law (Federal Law No. 18 of 1993).
  • Website analytics data — retained in Google Analytics for 26 months; Microsoft Clarity data is retained for 13 months.
  • Email communications — retained for 3 years from the last exchange.
  • Anonymised and aggregated data — retained indefinitely, as it cannot identify individuals.

When data is no longer needed, we securely delete or anonymise it. You may request earlier deletion — see Your Rights below.

06

Your Rights

Under the UAE PDPL and GDPR (where applicable), you have the following rights regarding your personal data:

  • Right to access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your data, subject to legal retention requirements.
  • Right to restriction — request that we limit how we use your data in certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on our legitimate interests or for direct marketing.
  • Right to withdraw consent — withdraw consent at any time for processing based on consent (this does not affect prior processing).

To exercise any of these rights, contact us at support@aionex.ae or via our contact form. We will respond within 30 days. We may ask you to verify your identity before processing your request.

07

Cookies & Tracking

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device. We use the following categories:

Essential Cookies

Required for the website to function correctly, such as security tokens and session state. These cannot be disabled.

Analytics Cookies

Google Analytics 4 uses cookies to collect anonymised data about website usage. IP addresses are truncated before storage. You can opt out by installing the Google Analytics Opt-out Browser Add-on.

Behaviour Analytics

Microsoft Clarity uses session recording and heatmap technology to help us improve usability. Clarity may record mouse movements, clicks, and scrolling behaviour. Personally identifiable information is automatically masked. You can opt out via Microsoft's Privacy Dashboard.

Most browsers allow you to refuse or delete cookies. Doing so may affect some functionality of our website. Refer to your browser's help documentation for instructions.

08

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

  • All data in transit is encrypted using TLS 1.2 or higher.
  • Our hosting infrastructure (Vercel) maintains SOC 2 Type II compliance.
  • Database access is restricted to authorised personnel with role-based access controls.
  • Form submissions are rate-limited and validated to prevent abuse.
  • We conduct periodic reviews of our security practices and data handling procedures.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights, we will notify the relevant authorities and affected individuals as required by law.

09

International Transfers

AIONEX is based in Sharjah, UAE. Some of our service providers (including Vercel, Google, and Microsoft) process data in the United States and European Union. These transfers are conducted under appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Data Processing Agreements that require providers to maintain adequate data protection standards.
  • Providers certified under applicable privacy frameworks, including the EU-US Data Privacy Framework.

By using our website, you consent to the transfer of your data to these jurisdictions as described in this policy.

10

Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page.
  • Post a notice on our website homepage for significant changes.
  • Where required by law, seek your consent for changes that affect how we process your data.

We encourage you to review this policy periodically. Your continued use of our website following the posting of changes constitutes your acceptance of those changes.

11

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the personal data we hold about you, please contact us:

Contact Form

aionex.ae/contact

Registered Address

AIONEX FZC, Sharjah, UAE.

Response Time

Within 30 business days

Questions? We're Here

Your privacy matters to us. Always.

Have a question about how we handle your data? Our team will respond within 48 hours.