← Back to Home

AiSyncSo Sovereign AI Privacy Policy

Effective Date: January 1, 2026

Compliance Status: Fully compliant with KSA PDPL, UAE Federal Decree-Law No. 45, and Oman PDPL (Transition period ending Feb 5, 2026).

At AiSyncSo, we believe that in the age of Agentic AI, Sovereignty is the only true Security. While others rely on generalized cloud workflows, AiSyncSo is built on a "Hard-Border" architecture. We don't just protect your data; we ensure it stays within your jurisdiction.

1. The "Sovereign Action" Guarantee

Unlike traditional AI tools, AiSyncSo operates as a Sovereign Orchestrator, utilizing a multi-cloud infrastructure to meet the specific residency requirements of each GCC state.

  • Hard-Border Residency: We deploy on private, single-region instances within:
    • KSA: AWS (me-central-1), Azure (Saudi Central), or Google Cloud (Dammam).
    • UAE: AWS (me-central-1), Azure (UAE North), or Google Cloud (Dubai/Fujairah).
    • Qatar: Azure (Qatar Central) or Google Cloud (Doha me-central1).
  • SSL & Encryption Edge: All SSL certificates are terminated locally within the region. No data decryption occurs outside your national borders.

2. The AiSyncSo "AI Firewall" (PII Detection & Redaction)

To eliminate "Shadow AI" risks and ensure SAMA/NDMO compliance, every interaction passes through our proprietary Governance Gateway before reaching the automated execution phase:

  • PII Detection & Redaction: Our system automatically identifies and masks Personally Identifiable Information (PII) such as National IDs, credit card numbers, and sensitive health identifiers.
  • Redacted Execution: The AI Action Layer only receives the redacted context necessary to execute specific tasks (e.g., booking a slot or updating a record), never the underlying personal identity.

3. Fine-Tuning & Model Training Protocols

We ensure that your AI is as intelligent as it is secure by processing intelligence locally:

  • Private Fine-Tuning: We utilize pre-trained base models which are fine-tuned on your private, isolated server. This process is hosted entirely under our sovereign environment in the cloud region of your choice.
  • Data Isolation: Client data is used exclusively to fine-tune your dedicated agents. We maintain strict logical separation; your data is never used to train general public models or pooled with other clients.
  • Right to Erasure (The "Kill Switch"): We provide tools to instantly delete local context and training footprints associated with specific users to meet "Right to be Forgotten" mandates.

4. Purpose-Driven Orchestration (Data Minimization)

In accordance with SAMA and NDMO frameworks, our agents follow the principle of "Need-to-Know":

  • The Receptionist Agent only accesses contact-intent data.
  • The Booking Agent only accesses calendar-availability data.
  • Unified Audit Log: We maintain a tamper-proof "Action Trail" for every decision made by our agents, accessible to your CISO via a single governance console.

5. Security & Encryption

  • At Rest & In Transit: AES-256 encryption using locally managed keys. We support Customer-Managed Keys (CMK) for organizations requiring absolute control.
  • Quantum Readiness: Our 2026 stack is prepared for post-quantum cryptographic standards, ensuring long-term data durability.
← Back to Home