PRIVACY POLICY

Effective date: September 4, 2025

Last updated: September 4, 2025

AlBaseer ("AlBaseer," "we," "us," "our") provides AI-powered security solutions for homes, offices, and other establishments, including our mobile apps, website at albaseer.app, on-premises server/appliance software, and connected services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect personal information, and what choices you have.

If you do not agree with this Policy, please do not use the Service.

1) Who we are and roles

For the website, accounts, billing, and support, AlBaseer is the data controller.

For deployed security systems (e.g., cameras, facial recognition, license plate recognition) used by a household or organization:

  • Typically you (the owner/operator) are the data controller for video/audio and related metadata captured on your premises.
  • AlBaseer acts as a processor/service provider, processing data on your behalf under your instructions (e.g., configuration you set in the app).
  • Contact: [email protected] | Phone: +92-313-585-3334

    Registered business/entity name and address: [Add your legal entity name & address]

    EU/UK Representative / DPO (if applicable): [Add or mark N/A]

    2) What we collect

    A. Account & Contact Data

  • Name, email, phone number, password hashes, profile photo (optional), language/locale
  • Emergency contact numbers you provide for alerts/calls
  • B. Subscription & Payment Data

  • Plan, status, invoices, partial payment info (tokenized via payment processor)
  • We do not store full card numbers; payments are handled by a PCI-DSS compliant processor
  • C. Device & App Data

  • Device identifiers, app version, OS, crash/diagnostic logs, and basic telemetry
  • System configuration (armed/disarmed schedules, zones, rules you set)
  • D. Network & Service Data

  • IP addresses, approximate location (derived from IP or device), timestamps, security events, and API request logs
  • E. Security Video/Audio/Images & Event Metadata

  • Default design: on-prem/edge processing. Video frames are analyzed locally to detect people/human motion and other events
  • Event data (timestamps, category, camera ID, zone, confidence) and clips/snapshots may be generated locally and stored locally per your retention settings
  • Optional: If you enable remote access, cloud backup, or off-site notifications, relevant data (e.g., event thumbnails, short clips, or metadata) will be transmitted to our cloud or trusted providers you select
  • F. Facial Recognition & Biometric-Adjacent Data (Optional Feature)

  • If you enable facial recognition, the system may generate face embeddings/templates to recognize authorized/unrecognized persons
  • By default, we design these to be stored and matched locally on your secured on-prem server. Upload to cloud occurs only if you enable it
  • You can add/remove enrolled faces and adjust retention
  • G. License Plate Recognition (Optional Feature)

  • If enabled, the system may capture plate numbers and event metadata (time, location/camera, zone, rule match), stored locally by default
  • H. Communications

  • Messages and content you send us (support requests, feedback), and marketing preferences
  • Sensitive information: Facial templates, video/audio of individuals, and license plates can be sensitive. Use clear signage where required, set appropriate retention, and manage authorized user access.

    3) How we use information (purposes & legal bases)

    Core Purposes

  • Provide, secure, and maintain the Service and your deployed system
  • Detect and verify events (e.g., human motion) and trigger configured responses (hooter, lights, notifications, calls, alerts to authorities/housing society if configured)
  • Manage accounts, subscriptions, and customer support
  • Improve accuracy and reliability (model updates, diagnostics in aggregated/de-identified form where feasible)
  • Prevent abuse, fraud, and unauthorized access; audit and safety
  • Optional Purposes (only if you opt in)

  • Cloud backup/remote viewing/event sync
  • Facial recognition and license plate recognition
  • Marketing communications (you can unsubscribe anytime)
  • Legal Bases (GDPR/UK GDPR where applicable)

  • Performance of contract (to deliver the Service you requested)
  • Legitimate interests (security, fraud prevention, service improvement, safety)
  • Consent (optional features like facial/plate recognition or marketing)
  • Legal obligations (tax, accounting, compliance)
  • 4) On-prem by default, cloud optional

    Local/Edge First. Event detection and analytics run on your on-prem server/appliance without requiring continuous internet.

    When data leaves your premises: Only if you enable remote features (e.g., cloud notifications, telephony calls, cloud storage/backup, remote viewing), necessary data is securely transmitted to our cloud or third-party processors to complete those functions.

    You control these settings in the app.

    5) Sharing and disclosures

    We do not sell personal information. We may share:

    Service Providers/Processors (bound by contract):

  • Cloud infrastructure & storage (e.g., AWS/GCP/Azure — configure/confirm provider & region)
  • Push notifications (e.g., Apple/Google push)
  • SMS/voice calls (e.g., telephony provider)
  • Payment processing (e.g., Stripe)
  • Error/crash analytics (e.g., Sentry/Firebase Crashlytics)
  • Other Disclosures:

  • Authorities/Housing Society (if you enable it): We can notify designated contacts or authorities you configure during a confirmed event
  • Legal compliance & safety: To comply with law, respond to lawful requests, enforce our terms, or protect rights, property, or safety
  • Business transfers: In a merger, acquisition, or sale of assets, subject to continued privacy commitments
  • Note: The specific vendors and regions can be configured and may vary. We maintain contracts and require appropriate security safeguards.

    6) International data transfers

    Depending on your settings and location, data may be processed in or transferred to countries other than where it originated. We use safeguards such as contractual clauses and security measures. For KSA deployments, we support local processing and can restrict transfers unless you explicitly enable remote/cloud features or local law permits.

    7) Data retention

  • Account & billing data: kept while your account is active and as required for legal/accounting obligations
  • System video/clips/logs: configurable by you (e.g., rolling retention). If unset, we keep the minimum necessary to operate the Service and your configured features
  • Facial templates/plate data: retained only while the feature is enabled and as per your settings; deleting an enrolled face removes its template
  • Support communications: retained as needed to assist you and improve service
  • When no longer needed, we delete or de-identify data unless law requires otherwise.

    8) Your choices & controls

  • Enable/disable features: facial recognition, license plate recognition, cloud backup, remote viewing, authority notifications
  • Retention settings: choose how long to keep local video/clips/logs
  • Access control: add/remove users, set roles, and require strong passwords/2FA (if enabled)
  • Notifications: choose push/SMS/voice/email contacts
  • Marketing: opt out via email footer or in-app
  • 9) Your privacy rights

    Depending on your location, you may have rights to:

  • Access: know what data we hold about you
  • Rectify: correct inaccurate data
  • Delete/Erase: request deletion where applicable
  • Restrict/Withdraw consent: for optional features/marketing
  • Object to processing (where based on legitimate interests)
  • Data portability: obtain a copy in a portable format
  • To exercise rights, email [email protected]. We may verify your identity. Some requests must be directed to the system owner/controller (e.g., your employer or building association).

    Region-specific notes (summary, not legal advice)

  • EU/UK GDPR: You may contact your data protection authority. If we rely on consent, you can withdraw it at any time
  • KSA PDPL: We minimize processing, honor local-hosting preferences, and (where applicable) seek approvals/consents for transfers outside KSA
  • Pakistan: We apply high standards broadly and will align with applicable data protection laws as they are enacted/updated
  • California (CCPA/CPRA): We don't "sell" personal information. We may "share" limited identifiers with processors for service delivery; you can opt out of cross-context behavioral advertising (we currently do not engage in targeted ads). You have rights to know, delete, correct, and limit use of sensitive personal information
  • 10) Security

    We employ administrative, technical, and physical safeguards, including:

  • Encryption in transit (TLS) and at rest (where applicable)
  • On-prem processing by default; minimal data leaves your premises unless you choose otherwise
  • Access controls, least-privilege, audit logs, and optional 2FA
  • Secure development practices and vulnerability management
  • No system is 100% secure; please use strong passwords, keep software updated, and manage user access responsibly.

    11) Children's privacy

    Our Service is not directed to children under 13 (or the age defined by local law). Cameras may incidentally capture minors present on premises; as controller, you should use signage/notices as required and configure retention appropriately.

    12) Third-party links and sites

    Our website/app may link to third-party services. Their privacy practices are governed by their own policies.

    13) Changes to this Policy

    We may update this Policy from time to time. We will post the updated version with a new "Last updated" date and, where required, notify you via email/app notice.

    14) Contact us

    AlBaseer

    Email: [email protected]

    Phone/WhatsApp: +92-313-585-3334

    Address: [Add your official mailing address]

    If you're an organization using AlBaseer, please name a privacy contact for your premises and let occupants/visitors know about surveillance in accordance with local law.

    Optional Appendix

    A. Camera/Signage Notice Template

    This property uses AI-enabled cameras for security. Video and event data may be recorded to prevent theft and protect occupants. Data is processed locally; optional cloud features may apply. For questions or to exercise rights, contact: [Your controller contact].

    B. Data Processing Addendum (DPA)

    If you serve business customers, provide a DPA covering processor obligations, sub-processors, security, breach notices, and international transfer mechanisms.