Effective date: September 4, 2025
            Last updated: September 4, 2025
           
          
            
              AlBaseer ("AlBaseer," "we," "us," "our") provides AI-powered security solutions for homes, offices, and other establishments, including our mobile apps, website at albaseer.app, on-premises server/appliance software, and connected services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect personal information, and what choices you have.
            
            
              If you do not agree with this Policy, please do not use the Service.
            
          
          
            1) Who we are and roles
            
              For the website, accounts, billing, and support, AlBaseer is the data controller.
            
            
              For deployed security systems (e.g., cameras, facial recognition, license plate recognition) used by a household or organization:
            
            
              
Typically you (the owner/operator) are the data controller for video/audio and related metadata captured on your premises.
              AlBaseer acts as a processor/service provider, processing data on your behalf under your instructions (e.g., configuration you set in the app).
            
            
          
          
            2) What we collect
            A. Account & Contact Data
            
              
Name, email, phone number, password hashes, profile photo (optional), language/locale
              Emergency contact numbers you provide for alerts/calls
            
            B. Subscription & Payment Data
            
              
Plan, status, invoices, partial payment info (tokenized via payment processor)
              We do not store full card numbers; payments are handled by a PCI-DSS compliant processor
            
            C. Device & App Data
            
              
Device identifiers, app version, OS, crash/diagnostic logs, and basic telemetry
              System configuration (armed/disarmed schedules, zones, rules you set)
            
            D. Network & Service Data
            
              
IP addresses, approximate location (derived from IP or device), timestamps, security events, and API request logs
            
            E. Security Video/Audio/Images & Event Metadata
            
              
Default design: on-prem/edge processing. Video frames are analyzed locally to detect people/human motion and other events
              Event data (timestamps, category, camera ID, zone, confidence) and clips/snapshots may be generated locally and stored locally per your retention settings
              Optional: If you enable remote access, cloud backup, or off-site notifications, relevant data (e.g., event thumbnails, short clips, or metadata) will be transmitted to our cloud or trusted providers you select
            
            F. Facial Recognition & Biometric-Adjacent Data (Optional Feature)
            
              
If you enable facial recognition, the system may generate face embeddings/templates to recognize authorized/unrecognized persons
              By default, we design these to be stored and matched locally on your secured on-prem server. Upload to cloud occurs only if you enable it
              You can add/remove enrolled faces and adjust retention
            
            G. License Plate Recognition (Optional Feature)
            
              
If enabled, the system may capture plate numbers and event metadata (time, location/camera, zone, rule match), stored locally by default
            
            H. Communications
            
              
Messages and content you send us (support requests, feedback), and marketing preferences
            
            
              Sensitive information: Facial templates, video/audio of individuals, and license plates can be sensitive. Use clear signage where required, set appropriate retention, and manage authorized user access.
             
          
          
            3) How we use information (purposes & legal bases)
            Core Purposes
            
              
Provide, secure, and maintain the Service and your deployed system
              Detect and verify events (e.g., human motion) and trigger configured responses (hooter, lights, notifications, calls, alerts to authorities/housing society if configured)
              Manage accounts, subscriptions, and customer support
              Improve accuracy and reliability (model updates, diagnostics in aggregated/de-identified form where feasible)
              Prevent abuse, fraud, and unauthorized access; audit and safety
            
            Optional Purposes (only if you opt in)
            
              
Cloud backup/remote viewing/event sync
              Facial recognition and license plate recognition
              Marketing communications (you can unsubscribe anytime)
            
            Legal Bases (GDPR/UK GDPR where applicable)
            
              
Performance of contract (to deliver the Service you requested)
              Legitimate interests (security, fraud prevention, service improvement, safety)
              Consent (optional features like facial/plate recognition or marketing)
              Legal obligations (tax, accounting, compliance)
            
          
          
            4) On-prem by default, cloud optional
            
              Local/Edge First. Event detection and analytics run on your on-prem server/appliance without requiring continuous internet.
            
            
              When data leaves your premises: Only if you enable remote features (e.g., cloud notifications, telephony calls, cloud storage/backup, remote viewing), necessary data is securely transmitted to our cloud or third-party processors to complete those functions.
            
            
              You control these settings in the app.
            
          
          
            5) Sharing and disclosures
            
              We do not sell personal information. We may share:
            
            Service Providers/Processors (bound by contract):
            
              
Cloud infrastructure & storage (e.g., AWS/GCP/Azure — configure/confirm provider & region)
              Push notifications (e.g., Apple/Google push)
              SMS/voice calls (e.g., telephony provider)
              Payment processing (e.g., Stripe)
              Error/crash analytics (e.g., Sentry/Firebase Crashlytics)
            
            Other Disclosures:
            
              
Authorities/Housing Society (if you enable it): We can notify designated contacts or authorities you configure during a confirmed event
              Legal compliance & safety: To comply with law, respond to lawful requests, enforce our terms, or protect rights, property, or safety
              Business transfers: In a merger, acquisition, or sale of assets, subject to continued privacy commitments
            
            
              Note: The specific vendors and regions can be configured and may vary. We maintain contracts and require appropriate security safeguards.
             
          
          
            6) International data transfers
            
              Depending on your settings and location, data may be processed in or transferred to countries other than where it originated. We use safeguards such as contractual clauses and security measures. For KSA deployments, we support local processing and can restrict transfers unless you explicitly enable remote/cloud features or local law permits.
            
          
          
            7) Data retention
            
              
Account & billing data: kept while your account is active and as required for legal/accounting obligations
              System video/clips/logs: configurable by you (e.g., rolling retention). If unset, we keep the minimum necessary to operate the Service and your configured features
              Facial templates/plate data: retained only while the feature is enabled and as per your settings; deleting an enrolled face removes its template
              Support communications: retained as needed to assist you and improve service
            
            
              When no longer needed, we delete or de-identify data unless law requires otherwise.
            
          
          
            8) Your choices & controls
            
              
Enable/disable features: facial recognition, license plate recognition, cloud backup, remote viewing, authority notifications
              Retention settings: choose how long to keep local video/clips/logs
              Access control: add/remove users, set roles, and require strong passwords/2FA (if enabled)
              Notifications: choose push/SMS/voice/email contacts
              Marketing: opt out via email footer or in-app
            
          
          
            9) Your privacy rights
            
              Depending on your location, you may have rights to:
            
            
              
Access: know what data we hold about you
              Rectify: correct inaccurate data
              Delete/Erase: request deletion where applicable
              Restrict/Withdraw consent: for optional features/marketing
              Object to processing (where based on legitimate interests)
              Data portability: obtain a copy in a portable format
            
            
              To exercise rights, email [email protected]. We may verify your identity. Some requests must be directed to the system owner/controller (e.g., your employer or building association).
            
            Region-specific notes (summary, not legal advice)
            
              
EU/UK GDPR: You may contact your data protection authority. If we rely on consent, you can withdraw it at any time
              KSA PDPL: We minimize processing, honor local-hosting preferences, and (where applicable) seek approvals/consents for transfers outside KSA
              Pakistan: We apply high standards broadly and will align with applicable data protection laws as they are enacted/updated
              California (CCPA/CPRA): We don't "sell" personal information. We may "share" limited identifiers with processors for service delivery; you can opt out of cross-context behavioral advertising (we currently do not engage in targeted ads). You have rights to know, delete, correct, and limit use of sensitive personal information
            
          
          
            10) Security
            
              We employ administrative, technical, and physical safeguards, including:
            
            
              
Encryption in transit (TLS) and at rest (where applicable)
              On-prem processing by default; minimal data leaves your premises unless you choose otherwise
              Access controls, least-privilege, audit logs, and optional 2FA
              Secure development practices and vulnerability management
            
            
              No system is 100% secure; please use strong passwords, keep software updated, and manage user access responsibly.
            
          
          
            11) Children's privacy
            
              Our Service is not directed to children under 13 (or the age defined by local law). Cameras may incidentally capture minors present on premises; as controller, you should use signage/notices as required and configure retention appropriately.
            
          
          
            12) Third-party links and sites
            
              Our website/app may link to third-party services. Their privacy practices are governed by their own policies.
            
          
          
            13) Changes to this Policy
            
              We may update this Policy from time to time. We will post the updated version with a new "Last updated" date and, where required, notify you via email/app notice.
            
          
          
            14) Contact us
            
            
              If you're an organization using AlBaseer, please name a privacy contact for your premises and let occupants/visitors know about surveillance in accordance with local law.
            
          
          
            Optional Appendix
            A. Camera/Signage Notice Template
            
              
                This property uses AI-enabled cameras for security. Video and event data may be recorded to prevent theft and protect occupants. Data is processed locally; optional cloud features may apply. For questions or to exercise rights, contact: [Your controller contact].
              
             
            B. Data Processing Addendum (DPA)
            
              If you serve business customers, provide a DPA covering processor obligations, sub-processors, security, breach notices, and international transfer mechanisms.