// Legal //

Privacy Policy

Last updated: November 2025

Your privacy matters to us. This Privacy Policy explains how YesAnd (FZC) ("Yes&", "we", "us", or "our") collects, uses, stores, and protects personal information when you visit our website or use our services. We are committed to complying with applicable data protection laws, including the UAE Personal Data Protection Law (PDPL) and, where relevant, the EU General Data Protection Regulation (GDPR).

1. Data Controller

For the purposes of applicable privacy laws, YesAnd (FZC) is the data controller responsible for your personal information.

Address: Sharjah Research Technology and Innovation Park, Block B - B53-066

Email: privacy@yesandai.net

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide, such as:

  • Contact details: Name, email, phone number, job title, company.
  • Service-related information: Enquiries, project briefs, workshop participation details.
  • Billing information: Invoicing details and payment confirmations (we do not store card data).
  • Communications: Emails, messages, or notes provided during events or consulting engagements.

2.2 Information Collected Automatically

When you visit our website:

  • Usage data: IP address, device type, browser version, pages viewed, timestamps.
  • Analytics: We use PostHog configured with privacy-friendly settings (cookieless tracking and EU hosting where available).
  • Cookies: Used only for essential functionality or anonymous analytics.

We do not collect sensitive personal data or knowingly collect data from individuals under 18.

3. Legal Basis for Processing

Depending on the context, we process personal data under the following lawful bases:

  • Contractual necessity: Providing consulting, workshops, and related services.
  • Legitimate interests: Improving services, maintaining security, analytics, communication.
  • Legal obligation: Compliance with UAE regulations, accounting, or court orders.
  • Consent: Optional newsletters or certain marketing activities.

Where we rely on consent, you may withdraw it at any time.

4. How We Use Your Information

We use your information to:

  • Deliver consulting, AI strategy, training programs, and live events.
  • Communicate with you regarding bookings, enquiries, updates, and projects.
  • Improve our website, workshops, and client offerings.
  • Ensure security and prevent fraud or misuse.
  • Fulfil legal, regulatory, or compliance obligations.
  • Conduct internal analysis, reporting, and quality improvement.

We do not use personal data to build advertising profiles and do not sell your data.

5. AI Tools and Processing

As part of our consulting and product innovation services:

  • We may use reputable AI tools (such as OpenAI, Anthropic, or similar) to support analysis or prototyping.
  • We do not input client confidential information into AI systems without explicit permission.
  • We apply data minimisation and ensure AI tools used have acceptable security and privacy standards.

This protects your intellectual property and ensures regulatory compliance.

6. Information Sharing

We share personal data only when necessary:

6.1 With Service Providers

Trusted third parties that support our operations, such as:

  • Cloud hosting providers
  • Email services
  • Analytics services (PostHog)
  • Video conferencing tools
  • IT and security providers

All service providers are bound by confidentiality and data protection obligations.

6.2 With Your Organization

If your employer purchases our services, we may share necessary participation details (e.g., attendance or certificates).

6.3 Legal Requirements

We may disclose information to satisfy legal or regulatory obligations, including court orders or compliance checks.

6.4 Business Transfers

If Yes& undergoes a merger, acquisition, or restructuring, your data may be transferred with assurances of continued protection.

6.5 With Your Consent

We share information only in situations where you have expressly asked us to do so.

We never sell or rent personal data to third parties.

7. Data Hosting and International Transfers

We store data using reputable cloud providers in the UAE, EU, and other jurisdictions as necessary.

Where personal data is transferred outside your jurisdiction, we implement appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Data minimisation and anonymisation
  • Region-specific hosting (e.g., EU-hosted PostHog)

These safeguards ensure your data remains protected to international standards.

8. Data Security

We use industry-standard security measures, including:

  • Encryption of data in transit (HTTPS)
  • Encryption at rest where applicable
  • Access control and role-based permissions
  • Regular system reviews and security assessments
  • Use of reputable vendors with strong compliance standards

No system is 100% secure, but we take reasonable steps to protect your information. In the event of a breach that poses a risk to your rights, we will notify affected individuals and regulators as required by law.

9. Data Retention

We retain personal information only as long as needed for the purposes described:

  • Enquiries: Up to 1–2 years.
  • Training and workshops: Registration and completion data retained for 1 year unless needed longer.
  • Consulting projects: Kept for up to 2 years after project completion, unless otherwise agreed.
  • Analytics data: Aggregated or anonymised; raw logs may be deleted after 12–18 months.

Once retention periods expire, data is securely deleted or anonymised.

10. Your Rights

Depending on your jurisdiction, you may have rights to:

  • Access your personal data
  • Request correction (rectification)
  • Request deletion (erasure)
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent at any time
  • Lodge a complaint with a regulatory authority

We respond to all requests within the timelines required by law. Identity verification may be required.

11. Cookies and Tracking

We use minimal cookies — primarily for anonymous analytics or functionality.

  • PostHog supports cookieless tracking and EU data residency, which we utilise.
  • You may disable cookies in your browser without significant impact on site usage.
  • If we embed third-party content (e.g., YouTube), those services may set their own cookies.

Where legally required, we will show a cookie notice on your first visit.

12. Third-Party Links

Our website may contain links to external sites. Those sites operate under their own privacy policies, and we are not responsible for their practices.

13. Children's Privacy

Our services are intended for business and professional users. We do not knowingly collect data from individuals under 18.

14. Changes to This Policy

We may update this Policy as laws, technologies, or our services evolve. Updates will be posted on this page with a revised "Last updated" date. Significant changes may also be communicated more prominently.

15. Contact Us

For any questions, concerns, or data rights requests, contact us:

YesAnd (FZC)

Email: privacy@yesandai.net

Address: Sharjah Research Technology and Innovation Park, Block B - B53-066

License Number: 10586