AltairAI Privacy Policy

1. Who We Are

AltairAI (“we”, “us”) is an AI orchestration platform operated by AltairAI Ltd, registered in Abu Dhabi Global Market (ADGM). We are the Data Processor; your organization is the Data Controller.

2. Data Residency & Sovereignty

Unlike standard SaaS platforms, AltairAI is architected for strict data sovereignty:

• Storage: All persistent data is stored exclusively within the United Arab Emirates (via Core42 or Azure UAE North).
• Processing: AI inference occurs within UAE-based data centers.
• Zero Retention: Data sent to the Large Language Model (LLM) for inference is ephemeral. It is processed in real-time to generate an answer and immediately discarded. We do not use your data to train public models (e.g., GPT-4).

3. The Data We Collect

• Identity Data: We process UAE Pass tokens and SSO credentials to authenticate users. We do not store your password; we only validate the token against your Identity Provider.
• Query Data: The questions you ask the AI (“What is the stock level of Item X?”).
• ERP Metadata: Schema definitions (OpenAPI specs) required to map your internal tools.

4. How We Use Your Data

• To Answer Queries: We transmit your query + relevant context to the LLM.
• To Execute Actions: If you authorize an action (e.g., “Approve Invoice”), we transmit that command to your ERP (SAP/Oracle) via secure API.
• To Improve Performance: We log metadata (latency, error rates) but not the content of your proprietary data.

5. Third-Party Sub-Processors

We use the following trusted sub-processors. All have signed Data Processing Agreements (DPAs) enforcing UAE data residency:

• Microsoft Azure (UAE North): Hosting & Compute.
• Core42 (Abu Dhabi): Sovereign AI Inference.

6. Your Rights

Under UAE Data Protection Law, you have the right to:

• Request a log of all AI actions taken on your behalf.
• Request permanent deletion of any cached schema configurations.