ComplianceCopilot
Sign In
Legal

Privacy Policy

Last updated: February 2025

Privacy at a Glance

  • Your data is encrypted with 256-bit AES encryption
  • We never sell your data to third parties
  • You can request deletion of your account and data anytime
  • Data stored securely in UAE-compliant infrastructure
  • We are GDPR-aware and respect your data rights

1. Introduction

Compliance Copilot, operated by Codexaai ("we", "our", or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use our UAE VAT compliance software service ("Service"). By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

  • Email address and password (hashed and salted, never stored in plain text)
  • Name and phone number
  • Company details (name, TRN, address)
  • Billing information (processed by Stripe; we do not store card details)

Financial Documents

  • Invoices and receipts you upload
  • Extracted data (amounts, dates, vendor TRNs, descriptions)
  • VAT calculations and compliance reports
  • Filing pack documents generated

Usage Data

  • Log data (IP address, browser type, access times)
  • Feature usage and interaction patterns
  • Error reports and performance data
  • Device information and operating system

3. How We Use Your Information

  • To process your invoices and calculate VAT
  • To generate FTA-ready compliance packs
  • To detect compliance risks and flag issues
  • To send service notifications and deadline reminders
  • To provide customer support
  • To improve our Service and develop new features
  • To prevent fraud and abuse
  • To comply with legal obligations in the UAE

We do NOT use your data: To train AI/ML models beyond improving our Service for you, to sell to advertisers, to share with unaffiliated third parties for their marketing purposes, or for any purpose not described in this policy.

4. Data Security

We implement industry-standard security measures to protect your data:

  • 256-bit AES encryption for data at rest and in transit (TLS 1.3)
  • Secure cloud infrastructure with SOC 2 Type II compliance
  • Role-based access controls and principle of least privilege
  • Regular security audits and penetration testing
  • Automated vulnerability scanning
  • Regular backups and disaster recovery procedures
  • Two-factor authentication available for all accounts
  • Employee security training and background checks

No system is 100% secure. While we use industry-standard security measures, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

5. Data Sharing

We do not sell your personal information. We may share data with:

  • Service providers: Cloud hosting (AWS), payment processing (Stripe), analytics (privacy-focused), email delivery
  • Your accountant: Only if you explicitly grant them access to your company
  • Legal authorities: When required by UAE law, valid court order, or legal process, with prior notice to you where legally permitted
  • Business transfers: In the event of a merger, acquisition, or sale, your data may be transferred (you will be notified)

All service providers are bound by data processing agreements that require them to protect your data and use it only for the services they provide to us.

6. Data Retention

We retain your data for as long as your account is active, plus:

  • Invoices and compliance records: 5 years (as required by UAE tax regulations)
  • Account information: 2 years after account closure
  • Usage logs: 90 days
  • Backup data: Up to 30 days after deletion request

You can request account deletion at any time, and we will remove your data except where retention is legally required for tax compliance purposes.

7. Your Rights

Regardless of your location, we respect the following data rights:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and data (subject to legal retention)
  • Portability: Export your data in a machine-readable format (JSON/CSV)
  • Opt-out: Unsubscribe from marketing communications
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@codexaai.io. We will respond within 30 days.

8. International Data Transfers

Your data may be transferred to and processed in countries outside the UAE. We ensure appropriate safeguards are in place, including standard contractual clauses and data processing agreements that provide adequate protection for your data.

9. Cookies & Tracking

We use the following types of cookies:

  • Essential cookies: Required for the Service to function (session, authentication)
  • Preference cookies: Remember your settings and preferences
  • Analytics cookies: Help us understand how you use the Service (can be disabled)

We do not use advertising cookies or share data with ad networks. You can control cookie preferences in your browser settings.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email at least 30 days before they take effect. Continued use of the Service after changes constitutes acceptance. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us:

Codexaai

Meydan Grandstand, 6th Floor

Meydan Road, Nad Al Sheba

Dubai, U.A.E.

Privacy inquiries: privacy@codexaai.io

General support: support@codexaai.io

Terms of Service|Disclaimer|Contact Us