Privacy Policy | Nuvra – Data Protection & User Privacy

Back

Compliance & Regulatory Policy

Effective Date: 25 January 2025

Issued By: Nuvra Limited (Masdar City Free Zone, Abu Dhabi, UAE)

Contact: compliance@nuvra.agency

1. PURPOSE AND SCOPE

1.1 This Compliance & Regulatory Policy (“Policy”) establishes the legal, regulatory, and ethical standards governing the conduct of Nuvra Limited (“Nuvra”, “Nuvra Tech”, “Company”, “we”, “our”) in the operation of the Vibe Coding Platform (“Platform”).

1.2 This Policy applies to:

all Users;
all Company employees, contractors, and vendors;
all business activities, services, data processing operations, and systems under Company control.

1.3 This Policy is intended to ensure compliance with applicable UAE Federal Laws, Free Zone regulations, and international best practices.

2. REGULATORY FRAMEWORK

Nuvra Tech complies with all laws and regulations applicable to its business activities, including but not limited to:

2.1 UAE Personal Data Protection Law (PDPL)

Federal Decree-Law No. 45 of 2021
Cabinet Decision No. 111 of 2022 (Executive Regulations)

2.2 UAE Cybercrime Law

Federal Decree-Law No. 34 of 2021

2.3 UAE Consumer Protection Law (Federal Law No. 15 of 2020)

Relevant to subscription services and transparency obligations.

2.4 UAE Intellectual Property Laws

Including copyright, trademarks, and industrial property rights.

2.5 UAE Civil Transactions Law & Commercial Transactions Law

Governing contracts and commercial dealings.

2.6 Masdar City Free Zone Regulations

Including business licensing, corporate governance, and operational compliance.

2.7 International Standards

Where applicable, including:

ISO 27001 (Information Security Management)
ISO 27701 (Privacy Management)
ISO 37301 (Compliance Management Systems)

3. COMPLIANCE PRINCIPLES

3.1 Lawfulness
All activities must comply with applicable UAE laws and Free Zone regulations.

3.2 Integrity
The Company enforces high ethical standards and prohibits unlawful, deceptive, or harmful conduct.

3.3 Accountability
Employees, contractors, and Users are responsible for ensuring compliance with all applicable policies.

3.4 Transparency
The Company maintains clear, accessible documentation regarding legal rights, obligations, and data processing practices.

3.5 Risk Management
Compliance risks are identified, assessed, monitored, and mitigated in accordance with recognized standards.

4. CORPORATE COMPLIANCE OBLIGATIONS

Nuvra Tech shall:

4.1 Maintain proper corporate governance in accordance with Masdar City Free Zone requirements.

4.2 Maintain accurate and lawful business operations including:

corporate filings;
licensing renewals;
VAT compliance;
financial reporting obligations.

4.3 Retain records as required under UAE law.

4.4 Ensure contractual agreements comply with UAE legal standards.

5. DATA PROTECTION & PRIVACY COMPLIANCE (PDPL)

The Company conducts all personal data processing in accordance with PDPL requirements, including:

5.1 Lawful Basis for Processing
Personal data is processed only for legitimate, lawful purposes.

5.2 Consent Requirements
Where consent is required, it must be explicit, informed, and freely given.

5.3 Data Subject Rights
Users may exercise rights including:

access;
correction;
deletion;
restriction;
data portability;
objection.

5.4 Data Security
Appropriate technical and organizational measures protect personal data.

5.5 Cross-Border Transfers
Transfers occur only under PDPL-permitted mechanisms, including:

adequacy decisions;
structured contractual safeguards;
explicit consent;
necessity for service.

5.6 Breach Notification
The UAE Data Office must be notified where required under PDPL.

6. CYBERSECURITY COMPLIANCE

Nuvra Tech complies with cybersecurity obligations as mandated by:

Cybercrime Law;
TDRA standards;
Internal Security Policy.

This includes:

Intrusion detection systems;
Encryption standards;
Access controls;
Incident response mechanisms;
Vulnerability management frameworks.

Unauthorized attempts to compromise security are strictly prohibited and may be referred to UAE authorities.

7. ACCEPTABLE USE & USER COMPLIANCE OBLIGATIONS

Users must comply with:

Acceptable Use Policy (AUP);
Terms of Service;
Token Usage Policy;
Security Policy;
PDPL and UAE laws.

Users must refrain from:

Illegal activities;
Abusive system usage;
Infringement of intellectual property;
Malicious use of AI Outputs;
Security violations.

Failure to comply may result in account termination or legal action.

8. THIRD-PARTY AND VENDOR COMPLIANCE

8.1 All third parties with access to Company systems or data must enter into compliant agreements, including:

Data Processing Agreements (DPAs);
Confidentiality agreements;
Security compliance commitments.

8.2 Vendors must adhere to:

PDPL;
Cybersecurity standards;
Quality assurance frameworks.

8.3 Third-party systems are assessed for:

Security risk;
Operational compatibility;
Regulatory compliance.

9. AUDIT AND MONITORING RIGHTS

Nuvra Tech may:

Audit internal systems for compliance;
Monitor Platform usage to detect policy violations;
Track access logs;
Conduct security audits;
Assess third-party compliance obligations.

Users acknowledge and consent to reasonable monitoring for security and compliance purposes.

10. TRAINING & AWARENESS

10.1 Company personnel receive regular training on:

PDPL compliance;
Cybersecurity awareness;
Data handling procedures;
Corporate ethics and conduct.

10.2 Contractors and third-party personnel must undergo comparable compliance orientation where applicable.

11. BREACH OF POLICY AND ENFORCEMENT

11.1 Violations may result in:

Warnings;
Suspension of access;
Termination;
Contractual penalties;
Reporting to UAE authorities;
Civil or criminal action.

11.2 The Company reserves all rights under UAE law.

12. WHISTLEBLOWING & REPORTING CHANNELS

Users, employees, and contractors may confidentially report compliance concerns to: compliance@nuvra.agency

Reports may include:

Legal violations;
Misuse of data;
Unethical activities;
Security concerns;
Policy violations.

Confidentiality is maintained except where disclosure is legally required.

13. INTERNATIONAL REGULATORY ALIGNMENT

Where applicable, Nuvra Tech may voluntarily align with international standards for:

Data processing;
Cloud security;
AI governance;
Ethical use of machine learning.

Such alignment does not supersede UAE law but enhances global compliance posture.

14. DOCUMENT RETENTION & RECORDKEEPING

The Company maintains records for durations mandated under UAE law, including:

Contractual documentation;
Financial records;
Data processing logs;
Audit trails;
Compliance assessments.

Retention periods follow legal, regulatory, and operational requirements.

15. AMENDMENTS

Nuvra Tech may amend this Policy at any time to reflect:

Legal changes;
Regulatory updates;
Operational improvements.

Revised versions take effect upon publication. Continued use of the Platform constitutes acceptance.

16. GOVERNING LAW

This Policy is governed by:

UAE Federal Laws;
Laws of the Emirate of Abu Dhabi;
Masdar City Free Zone regulations.