Privacy Policy

1. Introduction

TheAI Ltd ("TheAI", "we", "us", or "our"), a private company incorporated under the Companies Law, DIFC Law No. 5 of 2018, with registered number 13561 and commercial license CL12361, is committed to protecting the privacy and personal data of its users, customers, and business partners.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you access our website, platform, and services, including GPU infrastructure-as-a-Service (IaaS), Inference Platform-as-a-Service (PaaS), and related software tools (collectively, the "Services").

This Policy is governed by and complies with the Dubai International Financial Centre (DIFC) Data Protection Law, DIFC Law No. 5 of 2020 (as amended), and its associated regulations.

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of our Services.

2. Data Controller

For the purposes of the DIFC Data Protection Law, the Data Controller is:

TheAI Ltd
Registered Number: 13561 | Commercial License: CL12361
Innovation One, Level 3, IH-00-01-03-OF-05
Dubai International Financial Centre (DIFC), Dubai, UAE

3. Personal Data We Collect

We collect the following categories of personal data:

3.1. Data You Provide Directly

  • Identity data: name, job title, company name
  • Contact data: email address, phone number, postal address
  • Account credentials: username, password (encrypted)
  • Billing data: payment card details (processed via PCI-DSS compliant third-party providers), billing address, VAT/tax identification number
  • Communications: enquiries, support tickets, feedback submitted through our platform

3.2. Data Collected Automatically

  • Technical data: IP address, browser type and version, operating system, device identifiers
  • Usage data: pages visited, API call logs (metadata only), session duration, error logs
  • GPU/Compute usage data: resource allocation records, workload metadata (not the content of workloads), API request timestamps and volumes
  • Cookies and tracking data: see Section 10 (Cookies) below

3.3. Data Received from Third Parties

  • KYC/AML verification data received from identity verification service providers
  • Business information from publicly available commercial registries
  • Payment fraud signals from payment processors

We do not intentionally collect special categories of personal data (sensitive data) as defined under the DIFC Data Protection Law. If you believe you have inadvertently submitted such data, please contact us immediately.

4. Lawful Basis for Processing

We process personal data under the following lawful grounds as set out in DIFC Data Protection Law No. 5 of 2020:

  • Performance of a contract: to provide, manage, and support your use of the Services
  • Legal obligation: to comply with applicable laws including UAE Federal laws, DIFC regulations, AML/CFT obligations, and tax requirements
  • Legitimate interests: to improve our Services, ensure security, prevent fraud, and manage business operations, where such interests are not overridden by your rights
  • Consent: for marketing communications and non-essential cookies (where required)

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To create and manage your account
  • To provision and deliver GPU Rental (IaaS), Inference API (PaaS), and software management services
  • To process payments and issue invoices
  • To communicate with you regarding your account, service updates, and technical support
  • To monitor service performance, detect abuse, and ensure platform security
  • To comply with legal and regulatory obligations (including KYC, AML, and corporate tax requirements)
  • To send marketing communications where you have given consent, and to offer service updates where permitted by law
  • To improve, develop, and test our Services using aggregated and anonymized data

6. Disclosure of Personal Data

We do not sell your personal data. We may share your data with:

  • Service providers and sub-processors acting on our behalf (e.g., cloud infrastructure providers, payment processors, identity verification providers, analytics tools) — bound by data processing agreements
  • Data centre and hardware partners for the purpose of providing GPU infrastructure services
  • Professional advisors including lawyers, auditors, and consultants under confidentiality obligations
  • Regulatory authorities and law enforcement where required by applicable law or by order of a competent court or authority in the UAE or DIFC
  • Successor entities in the event of a merger, acquisition, or sale of business assets

7. International Data Transfers

As a DIFC-registered entity, we may transfer personal data outside the DIFC to countries or territories that have been assessed as providing adequate levels of data protection, or under appropriate safeguards such as standard contractual clauses approved under the DIFC Data Protection Law.

Where GPU infrastructure is hosted in data centres located outside the UAE, we ensure that appropriate data transfer mechanisms are in place prior to any transfer.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, or as required by applicable law. Retention periods include:

  • Account and transaction records: retained for a minimum of 5 years following termination of the business relationship, in accordance with UAE Federal AML regulations and DIFC requirements
  • API usage logs: retained for 12 months for security and debugging purposes; thereafter anonymized or deleted
  • Marketing data: retained until you withdraw consent or opt-out
  • Legal hold data: retained for the duration of any dispute, regulatory investigation, or legal proceeding

9. Your Data Protection Rights

Under DIFC Data Protection Law No. 5 of 2020, you have the following rights:

  • Right of access: to request a copy of the personal data we hold about you
  • Right to rectification: to request correction of inaccurate or incomplete data
  • Right to erasure: to request deletion of your personal data, subject to our legal retention obligations
  • Right to restriction: to request that we limit the processing of your data in certain circumstances
  • Right to data portability: to receive your data in a structured, machine-readable format
  • Right to object: to object to processing based on legitimate interests or for direct marketing purposes
  • Rights related to automated decision-making: not to be subject to decisions based solely on automated processing that significantly affect you, without human review

To exercise any of these rights, please contact our Data Protection contact. We will respond within 30 days of receiving your request. You also have the right to lodge a complaint with the DIFC Commissioner of Data Protection.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Access controls and multi-factor authentication for system access
  • Regular security assessments and penetration testing
  • 24/7 monitoring of GPU infrastructure and platform systems
  • Incident response procedures aligned with DIFC breach notification requirements

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the DIFC Commissioner of Data Protection and, where required, affected individuals without undue delay.

11. Cookies and Tracking Technologies

Our website uses cookies and similar technologies. These include:

  • Essential cookies: necessary for the website to function and cannot be disabled
  • Analytics cookies: to understand how users interact with our platform (e.g., Google Analytics or equivalent)
  • Preference cookies: to remember your settings and preferences

You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect the functionality of our Services.

12. Children’s Privacy

Our Services are directed exclusively at business customers and are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that personal data of a minor has been collected, we will promptly delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our Services, legal requirements, or business practices. Material changes will be communicated via email or a prominent notice on our platform at least 30 days prior to their effective date. Continued use of the Services after the effective date constitutes acceptance of the updated Policy.

14. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:

Data Protection Contact — TheAI Ltd
Address: Innovation One, Level 3, IH-00-01-03-OF-05, DIFC, Dubai, UAE

TheAI LTD

IH-00-01-03-OF-05,
Level 3, Innovation One, DIFC
Dubai, United Arab Emirates

© 2026 The AI. All rights reserved.Built for AI Infrastructure

Contact Sales

We will help you get in touch with us and answer all your questions.

You can also contact Sales:

+44 7521 539600julia.a@theai.com
TheAI LTDIH-00-01-03-OF-05,Level 3, Innovation One, DIFCDubai, United Arab Emirates