Legal

Privacy Policy

Last updated: June 25, 2026 · Effective immediately on publication.

Grand Minds Technology (Copilot) — Sole Establishment · Abu Dhabi Department of Economic Development · Licence CN-4267730 · Abu Dhabi, UAE. inquiry@grandmindstechnology.com

Grand Minds Technology ("GMT", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what personal data we collect, why and how we process it, who we share it with, how long we keep it, and the rights you have over it.

For the purposes of the EU/UK General Data Protection Regulation (GDPR) and UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), GMT acts as the data controller for personal data processed through grandmindstechnology.com and its associated services (the "Platform"). Where you purchase or use a solution supplied by a third-party partner, that partner may act as an independent or joint controller for data you provide directly to their solution.

1. Who this policy applies to

This policy applies to visitors, registered clients, partners, resellers, and anyone who contacts us or uses the Platform, including our marketplace, dashboards, AI advisor, and email communications.

It does not govern third-party websites or partner solutions that have their own privacy notices; please review those separately.

2. Personal data we collect

  • Account & identity data: name, email address, password (stored hashed), company name, role, and preferences such as language.
  • Transaction & billing data: subscription plan, purchase history, billing identifiers, and partial payment metadata. Full card details are processed by our payment processor and are never stored on our servers.
  • Usage & technical data: pages viewed, actions taken, approximate location derived from IP, device/browser type, and first-party analytics (collected without advertising cookies).
  • Communications & content: messages, demo and contact-form submissions, reviews, support requests, and lead correspondence.
  • AI advisor interactions: the questions and information you choose to provide to our AI advisor in order to receive recommendations.
  • We do not intentionally collect special categories of data (e.g. health, religion, biometrics). Please do not submit such data to us.

    3. How and why we use your data (purposes & legal bases)

  • To provide the Platform, your account, and the solutions you request — legal basis: performance of a contract.
  • To process payments, subscriptions, renewals, and payouts — performance of a contract and compliance with legal obligations (e.g. tax/accounting).
  • To respond to enquiries, demo requests, and support — performance of a contract and our legitimate interests in assisting you.
  • To operate, secure, debug, and improve the Platform, including first-party analytics — our legitimate interests in running a safe, reliable service.
  • To send service and transactional emails — performance of a contract; to send optional updates/marketing — your consent, which you may withdraw at any time.
  • To detect, prevent, and investigate fraud, abuse, or security incidents, and to comply with the law — legal obligation and legitimate interests.
  • 4. Sharing & disclosure

    We do not sell your personal data. We share it only as needed and under appropriate safeguards with:

  • Service providers (processors) acting on our instructions — including payment processing (Stripe), cloud hosting and infrastructure, transactional email, and the AI model provider that powers the advisor. These providers are bound by contract to protect your data and use it only to provide their services to us.
  • Marketplace partners — where you request a demo of, subscribe to, or contact a partner about their solution, the relevant details of your enquiry are shared with that partner so they can respond and fulfil the service.
  • Professional advisers, auditors, and authorities — where required by law, regulation, legal process, or to protect our rights, users, or the public.
  • Successors — in connection with a merger, acquisition, or asset sale, subject to this policy.
  • 5. International transfers

    GMT operates across the GCC and Europe, and some of our providers are located in other countries. Where personal data is transferred outside your jurisdiction, we rely on lawful transfer mechanisms — such as the European Commission's Standard Contractual Clauses, adequacy decisions, or equivalent safeguards under the UAE PDPL — to ensure your data remains protected.

    6. Data retention

    We keep personal data only for as long as necessary for the purposes set out above: for the life of your account and a reasonable period afterwards, and longer where required to meet legal, tax, accounting, or dispute-resolution obligations. When data is no longer needed, we delete or irreversibly anonymise it.

    7. Your rights

    Subject to applicable law (GDPR, UK GDPR, and UAE PDPL), you have the right to: access your data; rectify inaccurate data; erase data ("right to be forgotten"); restrict or object to processing; data portability; and withdraw consent at any time where processing is based on consent.

    To exercise any right, email us at inquiry@grandmindstechnology.com. We will respond within the timeframe required by law (generally one month). You also have the right to lodge a complaint with your local supervisory authority — in the UAE, the UAE Data Office; in the EEA/UK, your national data-protection authority.

    8. Cookies & similar technologies

    We use strictly necessary cookies to keep you signed in and remember your language, and privacy-friendly first-party analytics that do not use advertising cookies or track you across other sites. You can control cookies through your browser settings; disabling necessary cookies may affect core functionality.

    9. Security

    We apply technical and organisational measures appropriate to the risk — including encryption in transit (TLS), hashing of passwords, access controls, and isolation of sensitive operations. No method of transmission or storage is completely secure, but we work to protect your data and to notify you and the relevant authorities of any breach as required by law.

    10. Children

    The Platform is intended for businesses and adults. It is not directed to children, and we do not knowingly collect data from anyone under 18. If you believe a child has provided us data, contact us and we will delete it.

    11. Changes to this policy

    We may update this policy to reflect changes in our practices or the law. We will post the updated version here with a new "last updated" date and, where the changes are material, take reasonable steps to notify you.

    12. Contact us

    For any privacy question or to exercise your rights, contact Grand Minds Technology at inquiry@grandmindstechnology.com or by post to our licensed address in Abu Dhabi, UAE.

    This document is governed by the laws of the Emirate of Abu Dhabi and the applicable federal laws of the United Arab Emirates, without prejudice to mandatory consumer- and data-protection rights you may have under the laws of your country of residence (including, for users in the European Economic Area and the United Kingdom, the GDPR/UK GDPR). The English version is the governing version; translations are provided for convenience only.

    Privacy Policy · Grand Minds Business Copilot