Privacy Policy

Last updated: 9/12/2025

This Privacy Policy explains how SmartAiRe - a Product of NASHDOM INNOVATIONS LLP ("SmartAiRe", "we", "us") collects, uses, discloses, and protects personal data when you access or use our websites, products, and services (collectively, the "Services"). This Policy is designed to help us meet obligations under the EU/EEA GDPR, UK GDPR and the Data Protection Act 2018, Singapore/Malaysia PDPA, the United Arab Emirates Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL), and applicable U.S. state privacy laws (including California CCPA/CPRA).

1. Controller and Contact

SmartAiRe - a Product of NASHDOM INNOVATIONS LLP is the controller of your personal data unless stated otherwise. You can contact us at support@smartaire.com regarding this Policy or to exercise your rights. Where required by law, we may appoint a representative or Data Protection Officer and will make details available upon request.

2. Personal Data We Collect

• Account and Profile: Name, email address, password, role, organization, and preferences.
• Billing: Subscription details and limited billing metadata; payment card data is processed by our PCI-DSS compliant payment processor and not stored by us.
• Usage and Device: Log data, pages viewed, IP address, timestamps, referrers, device/browser, crash diagnostics, and cookies or similar technologies.
• Support and Communications: Content of emails, forms, and messages you send to us.
• Marketing: Opt-in preferences, engagement metrics, and campaign attribution.

3. Purposes and Legal Bases

We process personal data for the following purposes and, where applicable, legal bases:

• Provide and secure the Services: To create and manage accounts, authenticate users, operate, maintain, and secure the Services (GDPR/UK GDPR: performance of contract; legitimate interests; legal obligation).
• Improve and analyze: To monitor, debug, and improve performance and features (legitimate interests).
• Billing and payments: To administer subscriptions, invoicing, and fraud prevention (performance of contract; legitimate interests; legal obligation).
• Support and communications: To respond to inquiries and provide notices about changes (performance of contract; legitimate interests).
• Marketing (opt-in as required): To send product updates and offers (consent or legitimate interests; you may opt out at any time).
• Compliance and enforcement: To comply with law, defend legal claims, and enforce our terms (legal obligation; legitimate interests).

4. Sharing and International Transfers

• Service providers: Hosting, analytics, customer support, payment processing, email delivery, and security providers under contractual confidentiality and data protection obligations.
• Business transfers: In the event of a merger, acquisition, or asset sale, data may be transferred consistent with this Policy.
• Legal requirements: Where required by law or to protect rights, safety, and property.
• Cross‑border transfers: Where we transfer personal data internationally, we use appropriate safeguards (e.g., EU Standard Contractual Clauses, UK IDTA/Addendum, PDPA transfer mechanisms, and other legally recognized safeguards) and assess local laws where required.

5. Retention

We retain personal data only as long as necessary for the purposes above, to comply with legal, accounting, or reporting obligations, and to resolve disputes. We apply criteria such as the nature of the data, the context of processing, and statutory requirements to set retention periods.

6. Security

We use administrative, technical, and organizational measures designed to protect personal data. No system is fully secure; please use strong passwords and keep your credentials confidential.

7. Your Rights

Your rights depend on your location and applicable law. Subject to limitations and verification, you may:

• Access and portability: Request access to and a copy of your personal data.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of personal data (e.g., where no longer necessary or upon consent withdrawal).
• Restriction and objection: Request restriction of processing or object to processing, including for direct marketing.
• Consent withdrawal: Where processing is based on consent, withdraw consent at any time without affecting prior processing.
• Regional rights: EU/UK: rights under GDPR/UK GDPR; Singapore/Malaysia PDPA: access, correction, and consent withdrawal; UAE PDPL: access, rectification, erasure, and processing restriction; U.S. (e.g., CA CCPA/CPRA): right to know, delete, correct, opt‑out of sale/share, and non‑discrimination.

To exercise rights, contact support@smartaire.com. You may have the right to lodge a complaint with a supervisory authority (e.g., EU/UK data protection authority, UAE regulator, or relevant local authority).

8. Cookies and Tracking

We use cookies and similar technologies for authentication, analytics, and improvements. You can control cookies through your browser settings and, where required, we obtain consent for non‑essential cookies. Some features may not function properly without certain cookies.

9. Children

Our Services are not directed to children under 13 (or older minimum age as required by local law). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us to delete it.

10. Do Not Sell/Share

We do not sell personal information. Where U.S. laws define certain sharing as a “sale” or “share,” you may contact us to opt out. If we implement a “Do Not Sell or Share My Personal Information” link, it will be available from our footer or privacy settings.

11. Changes

We may update this Policy from time to time. We will post the updated version and change the “Last updated” date. Material changes may be communicated by email or in‑app notice.

12. Contact

Questions or requests? Contact support@smartaire.com.