AiSyncSo Privacy Policy
Effective Date: June 30, 2026
AI Sync Solutions SAL ("AiSyncSo", "we", "our") is a sovereign AI studio based in Lebanon, serving enterprises across the GCC and MENA. We design, build, and operate autonomous AI agent systems on sovereign cloud infrastructure deployed within the GCC to meet local data-residency requirements. This Privacy Policy explains how we collect, use, and protect personal data, and how it aligns with Meta (WhatsApp) and Google API requirements as well as regional data protection laws.
Who We Are
AiSyncSo provides AI-powered services (e.g. chatbots, scheduling agents) under contract with enterprise clients. As part of this, we process data on our clients' behalf in a fully isolated deployment. Your primary points of contact are:
- ·البريد: hello@aisyncso.com
- ·الهاتف: +٩٧٤ ٣٣٧٠ ٢٨٧٠
- ·Address: Rahbani Building, 6th Floor, Al Anwar Street, Jdeideh, El Metn, Lebanon
Information We Collect and Process
We handle personal data in four main categories, strictly for providing services:
- ·Website Visitors: If you contact us via our website or email, we collect your name, email address, phone number, company name, and business details. We use this information only to respond to your inquiry and fulfill our services (e.g. providing demos or proposals).
- ·Client Service Delivery: When we operate AI agents on a client's behalf, the client is the data controller and AiSyncSo is the processor of that data. For example, if an AiSyncSo chatbot interacts with the client's customers, we only process the customer data necessary to power that chatbot, under the client's instructions. We do not use these end-user data for any other purpose.
- ·Meta/WhatsApp Data: For clients who integrate their WhatsApp Business Account with AiSyncSo, we process WhatsApp messages strictly to enable the requested conversational agent functionality. This includes end-user phone numbers, profile names, message contents (text, media, interactive responses) and metadata (timestamps, delivery status). We retrieve all messages via the official Meta WhatsApp Cloud API. We only process the data needed to provide the service, and nothing more
- ·Google Workspace/Calendar Data: If a client connects Google Calendar, our agents access calendar events (titles, start/end times, attendee lists, descriptions) via OAuth 2.0. We use this information solely for scheduling tasks (checking availability, booking appointments, synchronizing calendars). We request only the minimum permissions necessary for these features
All personal data we process are used only to deliver the features our clients request. We never collect unrelated profile data or sensitive personal information (e.g. race, health, religion) without a clear legal basis. If such sensitive data are provided inadvertently, we remove them unless retention is required by law.
How We Protect Your Data
Data Sovereignty: Our platform is designed for a hard-border architecture. Client and end-user data are processed and stored entirely within the customer's selected country of deployment (e.g. KSA, UAE). We do not transfer client data outside the designated region, in line with Saudi and UAE PDPL cross-border rules. All transfers (if any) occur only with appropriate safeguards (adequacy decisions, contractual clauses, or explicit consent)
Encryption: We use industry-standard encryption to secure data. All communications between users and our servers are protected with TLS 1.3, and data at rest are encrypted with AES-256 using locally managed keys.
AI Firewall: Every conversation with our AI agents passes through a proprietary AI Firewall that automatically detects and redacts personally identifiable information (PII) from the data stream. This adds an extra layer of privacy protection.
Isolation: Each client's data is isolated on its own instance. Your data are never mixed with or accessible by any other client's deployment.
Access Control & Monitoring: We enforce strict role-based access controls; only authorized personnel can access client data, and only for clearly defined roles. Access requires multi-factor authentication and follows the principle of least privilege. We maintain tamper-proof audit trails of all system and agent actions for accountability. We also conduct regular security monitoring, vulnerability scans, and penetration testing to verify the strength of our safeguards.
No Model Training: We do not use your data to train any public or general-purpose AI models. All learning is done only within your isolated deployment for your specific tasks, and no customer data are used to improve external AI or shared models.
Incident Response: We maintain an incident response plan and will take prompt action if a security event occurs. In accordance with PDPL requirements, we will notify the competent data protection authority and affected data subjects “without undue delay” if a personal data breach is likely to risk their rights.
Data Retention and Deletion
We retain personal data only as long as needed to provide services or as required by law. Our retention policies include:
- ·Website Inquiry Data: Contact and inquiry information from our website is kept for up to 24 months from your last interaction, after which it is erased.
- ·Client Service & WhatsApp Data: All client-related data (messages, conversation logs, scheduling data) are retained only for the duration of the active service contract. After the contract ends or is canceled, these data are purged within 30 days.
- ·Deletion on Request (Meta/WhatsApp): Any client or end-user may request deletion of their WhatsApp/META interaction data at any time. Simply email hello@aisyncso.com with the subject “Meta Data Deletion Request.” We will verify the request and completely delete the specified data from our systems within 30 days of receiving it. (Alternatively, clients can delete their agent instance via the dashboard, which also purges all associated WhatsApp data.)
- ·Google Data Deletion: Clients can revoke AiSyncSo's access to their Google account at any time via their Google Account security settings or within our dashboard. Upon revocation or contract termination, we immediately delete all associated Google data – including stored OAuth tokens and cached calendar events ,from our systems within 30 days.
We do not sell or share your personal data with advertisers or unrelated third parties under any circumstances.
Your Rights
You have clear legal rights over your personal data. These include the right to:
- ·Access: Obtain confirmation of the personal data we hold about you and receive a copy of it.
- ·Rectification: Correct or update any inaccurate or incomplete data.
- ·Erasure: Request deletion of your data (“right to be forgotten”) when lawful.
- ·Restriction: Request that we pause processing your data under certain conditions.
- ·Object: Object to processing based on legitimate interests or profiling.
- ·Portability: Receive your personal data in a structured, machine-readable format.
- ·Withdraw Consent: Withdraw any consent you have given for processing (without affecting prior lawfulness).
- ·Complaint: Lodge a complaint with a data protection authority if you believe your rights have been violated.
These rights are in line with the Saudi PDPL, the UAE Federal Decree-Law No. 45/2021, and other GCC data protection laws, which guarantee data subject rights like access, correction, deletion, objection, and portability. To exercise any of these rights or raise a privacy concern, contact us at hello@aisyncso.com. We will confirm receipt and strive to respond within 30 days.
Cookies
Our website uses only essential cookies (necessary for functionality) and anonymized analytics cookies to help us improve the site. We do not use any advertising cookies or third-party tracking pixels. We do not sell or use website analytics data for marketing. You can manage or disable cookies through your browser settings. For more details, see our Cookie Policy. (Generally, you can control your cookie preferences via your browser or through any consent banner.)
Contact and Complaints
If you have any questions, concerns, or complaints about our privacy practices, please reach out: hello@aisyncso.com or call +974 3370 2870. We value your feedback and will do our best to address your issue promptly and thoroughly. If you are not satisfied with our response, you may contact your local data protection authority for guidance.
Meta Platform Compliance
AiSyncSo strictly follows Meta's developer and WhatsApp Business policies. We use Meta Platform data only to provide the automated messaging services our clients request, never for other purposes. In particular:
- ·We access and process only the data strictly necessary for the client's chatbot or automation service, via official Meta-approved APIs
- ·We do not sell, license, or transfer any Meta/WhatsApp user data to advertisers or third parties for our own use
- ·We do not use WhatsApp data to build user profiles, target ads, or make automated decisions unrelated to the client's service
- ·We adhere to WhatsApp's 24-hour customer-service messaging window and only send pre-approved template messages outside that window, always following opt-in rules.
- ·We delete WhatsApp/Meta data promptly when it is no longer needed or when requested by the client or user.
- ·Our platform and practices comply with all relevant Meta Developer Policies and WhatsApp Business Terms of Service. We do not piggyback on Meta data to build audiences or remarket to users.
Google API Services
AiSyncSo's use of Google user data is limited to Google Workspace (Calendar) scheduling features and is fully compliant with Google's API Services User Data Policy. Specifically:
- ·Limited Use: We use Google Calendar data only to fulfill scheduling and availability features that clients have explicitly authorized. We do not use it for any other purposes (such as advertising or unrelated analytics)· Minimum Permissions: We request only the minimum OAuth scopes needed for calendar access. We will notify you if we ever need additional permissions.
- ·No Ads or Profiling: We never use Google data to target ads or enrich profiles, and we never combine calendar data with advertising audiences
- ·No Unauthorized Sharing: We do not transfer Google user data to unrelated third parties except as needed to provide services or as required by law
- ·No Human Review: We do not allow any humans to view your Google Calendar data, unless you explicitly consent for troubleshooting, and only in a secure, limited manner. Any human access (if absolutely needed) is performed only with your clear permission.
- ·Revocation & Deletion: You can revoke AiSyncSo's Google access at any time via your Google Account or our dashboard. Upon revocation, we promptly delete all related tokens and cached data from our systems (typically within 30 days).
We respect all Google API rules, including the Limited Use requirements. Rest assured that connecting your Google account only empowers the features you expect – it does not result in unexpected data use.
Compliance with Regional Data Protection Laws
We design our practices to comply with local data privacy laws in the regions we serve. In particular:
- ·Saudi PDPL Compliance: We adhere to the Kingdom of Saudi Arabia's Personal Data Protection Law (PDPL). That law restricts cross-border transfers and gives data subjects rights to access, correction, deletion, objection, etc. We process Saudi personal data in accordance with these requirements and will honor any lawful requests by Saudi authorities.
- ·UAE PDPL Compliance: We also comply with the UAE's Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL). This law similarly enshrines data subject rights (access, rectification, erasure, portability, objection) and regulates data transfer abroad under approved safeguards.
- ·GCC Frameworks: We monitor and follow emerging GCC-wide data protection frameworks and sectoral laws. Our hard-border hosting and encryption practices are designed to meet the high standards expected by regulators (for example, limiting transfers to jurisdictions with adequate protections).
Note: We are preparing a comprehensive policy addendum that fully addresses all statutory rights under the KSA PDPL, UAE PDPL, and other GCC regulations. The detailed addendum will be published after legal review. Until then, this policy reflects our interim commitments and will be updated to incorporate any additional local requirements.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will post any revised policy here with a new “Last Updated” date. For significant changes, we will notify our users by email or prominent notice.
By using AiSyncSo's services or continuing to interact with our platform, you acknowledge acceptance of this policy. We encourage you to check this page periodically for updates.
Thank you for entrusting AiSyncSo with your data. We take your privacy seriously and are here to help if you have any questions or feedback.