Privacy Policy

Last updated: June 2, 2026

This Privacy Policy explains how Almadar Alearabia For Marketing ("Iskra," "we," "us," or "our") collects, uses, shares, and protects personal information when you use our Service. By using Iskra, you agree to the practices described here.

1. Information We Collect

Account & Billing Information

When you sign up, we collect: your email address, business name, business type, location (if provided), language preferences, and subscription information. Payment card details are processed by Stripe; we never see or store your full card number.

Business Configuration

To run your AI Employees, you provide: services you offer, FAQs, business hours, escalation rules, custom prompts, and similar operational details.

Customer Data You Bring

When your AI Employee interacts with your customers, we process: conversation transcripts, contact details your customers share (name, email, phone), booking and lead data, and any media exchanged. You are the controller of this data; we act as the processor.

Technical Data

We automatically collect: IP address, browser type, device information, pages visited, and timestamps. We use minimal cookies necessary for authentication and session management.

2. How We Use Your Information

To provide the Service — operate your AI Employees, deliver messages, process bookings.
To bill you — process payments through Stripe, send invoices and receipts.
To communicate with you — magic-link login emails, service notifications, support responses, occasional product updates (opt-out available).
To improve the Service — analyze usage in aggregate to find bugs and prioritize features.
To comply with law — respond to lawful requests, prevent fraud, enforce our Terms.

We do not use your Customer Data to train third-party AI models. We do not sell your data. We do not share customer lists with advertisers.

3. Legal Basis for Processing (GDPR)

If you or your end-customers are in the EEA or UK, our legal bases are:

Contract — to deliver the Service you subscribed to.
Legitimate interest — to operate, secure, and improve the Service.
Consent — for optional marketing communications.
Legal obligation — tax, accounting, and regulatory record-keeping.

4. Sub-Processors & Third Parties

We rely on these sub-processors to deliver the Service:

Sub-processor	Purpose	Region
Stripe, Inc.	Payment processing	USA / global
Supabase	Application database, authentication	USA
Resend	Transactional email delivery	USA
Anthropic (Claude)	AI language model	USA
Twilio	SMS and voice (when enabled)	USA
Railway	Application hosting	USA
Cloudflare	DNS, CDN, DDoS protection	Global

5. International Data Transfers

Your data may be processed in the United States, EU, or other jurisdictions where our sub-processors operate. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

6. Data Retention

Account data — retained while your subscription is active and for up to 30 days after termination.
Conversation transcripts & leads — retained for the duration of your subscription. You can delete individual records from your dashboard.
Billing records — retained up to 7 years to comply with UAE tax and accounting law.
Server logs — retained up to 90 days for security and debugging.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Delete your data (subject to legal retention requirements).
Export your data in a portable format.
Object to or restrict certain processing.
Withdraw consent for marketing communications.
Lodge a complaint with your local data-protection authority.

Email info@iskra.marketing to exercise any of these rights. We respond within 30 days.

8. Security

We protect your data using industry-standard measures: TLS encryption for data in transit, encrypted database storage at rest, role-based access controls, regular security reviews, and prompt incident response. No system is 100% secure — we will notify affected users without undue delay if a breach affects your data.

9. Cookies

We use a minimal set of essential cookies for authentication and session management. We do not use third-party advertising cookies or cross-site tracking.

10. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal data from anyone under 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be emailed to active subscribers at least 14 days before taking effect.

12. Contact

Privacy inquiries: info@iskra.marketing

Controller: Almadar Alearabia For Marketing, United Arab Emirates

Almadar Alearabia For Marketing — United Arab Emirates
Home · Terms of Service