1. PURPOSE AND SCOPE

1.1 This Privacy Policy (“Policy”) sets out the principles governing the collection, processing, retention, transfer, disclosure, and protection of Personal Data by Nuvra Limited (“Nuvra”, “Nuvra Tech”, “Company”, “we”, “us”, “our”) in accordance with:

• Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL)

• Cabinet Decision No. 111 of 2022 (Executive Regulations)

• Federal Decree-Law No. 34 of 2021 on Combatting Rumours and Cybercrimes

• Applicable Abu Dhabi Emirate regulations

1.2 This Policy applies to all Users of the Vibe Coding Platform (“Platform”), including registered users, subscribers, website visitors, and API consumers.

1.3 By accessing or using the Platform, the User expressly acknowledges and consents to the practices described herein.

2. DEFINITIONS

For purposes of this Policy:

2.1 Personal Data means any data relating to an identified or identifiable natural person, as defined under the UAE PDPL.

2.2 Processing means any operation performed on Personal Data, including collection, storage, use, retrieval, disclosure, transfer, or deletion.

2.3 Controller means Nuvra Limited, which determines the purpose and means of processing Personal Data.

2.4 Processor means any third party engaged by the Company to process Personal Data on its behalf.

2.5 User Data means Personal Data collected from or relating to Users of the Platform.

2.6 AI Output Data means machine-generated content or results produced by the Platform in response to User inputs.

3. LAWFUL BASIS FOR PROCESSING

We process Personal Data under one or more lawful bases permitted by the PDPL, including:

• Consent freely given and informed by the User

• Contractual necessity to provide Services

• Legitimate interests of the Company

• Compliance with legal obligations under UAE Law

• Protection of public interest where applicable.

Where consent is required, Users may withdraw consent at any time without affecting prior lawful processing.

4. CATEGORIES OF DATA WE COLLECT

4.1 Identity and Account Data

• Name

• Email address

• Username

• Password (encrypted)

• Country and time zone

4.2 Subscription and Billing Data

• Payment method details (processed by PCI-compliant third-party gateways)

• Transaction history

• VAT and invoicing details

4.3 Usage and Technical Data

• IP address

• Browser type

• Device identifiers

• Access logs

• Session information

• Pages visited

• Credits or tokens consumed

• Feature usage statistics

4.4 User-Generated Inputs

• Prompts

• Project descriptions

• Code snippets

• Text entered into the Platform
  (Subject to confidentiality provisions under the Terms of Service)

4.5 AI Outputs

• AI-generated content linked to User activity
  (Not considered Personal Data unless identifiable)

4.6 Communications Data

• Support requests

• Emails or messages

• Feedback and survey responses

4.7 Cookies and Tracking Data

• Authentication cookies

• Analytics and performance cookies

• Preference and session tracking
  (See Cookies Policy for details)

5. PURPOSES OF PROCESSING PERSONAL DATA

Personal Data is processed for the following purposes:

• Service provision and authentication

• Account administration and billing

• Security and fraud prevention

• Platform analytics and improvement

• Customer support

• Legal and regulatory compliance

• AI model enhancement (only with explicit User consent and anonymization)

6. DISCLOSURE OF PERSONAL DATA

We may disclose Personal Data to:

6.1 Third-Party Processors

• Cloud hosting providers

• Payment processors

• Email delivery services

• Security and analytics providers

All processors operate under written agreements compliant with PDPL Article 20.

6.2 Legal and Regulatory Authorities

Where required by UAE law, including court orders and law enforcement requests.

6.3 Affiliates and Group Companies

For operational support, subject to equivalent safeguards.

6.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, Personal Data may be transferred subject to equivalent protections.
We do not sell Personal Data under any circumstances..

7. INTERNATIONAL DATA TRANSFERS

Personal Data may be transferred outside the UAE where necessary. All transfers comply with PDPL Articles 22–24 using approved safeguards. Users acknowledge that foreign jurisdictions may apply their own laws.

8. DATA RETENTION

We retain Personal Data only as long as necessary:

• Account and subscription data: duration of account + 7 years

• Usage data: up to 24 months

• User inputs and AI outputs: until deleted or account termination

• Backups and logs: 90–180 days

9. USER RIGHTS UNDER UAE PDPL

9.1 Right to Access
To obtain confirmation of processing and access a copy of Personal Data.

9.2 Right to Correction
To request correction or updating of inaccurate or incomplete data.

9.3 Right to Deletion
To request deletion of Personal Data where:

• processing is unnecessary,
• consent is withdrawn, or
• processing is unlawful.

9.4 Right to Restrict Processing
To request suspension of data processing.

9.5 Right to Data Portability
To receive Personal Data in a machine-readable format.

9.6 Right to Object
To object to processing based on legitimate interests.

9.7 Right Not to Be Subject to Automated Decisions
Where such decisions have legal or materially significant effects.

Submitting Requests:
Requests shall be directed to: privacy@nuvra.agency
We will respond within the timelines mandated under PDPL.

10. SECURITY MEASURES

We employ administrative, technical, and organizational safeguards consistent with UAE PDPL, including:

10.1 Encryption of data at rest and in transit
10.2 Access controls and role-based permissions
10.3 Secure data centers and cloud environments
10.4 Multi-factor authentication (for administrators)
10.5 Continuous monitoring and intrusion detection
10.6 Regular penetration testing
10.7 Incident response and breach reporting procedures

11. DATA BREACH NOTIFICATION

11.1 In the event of any Personal Data breach that may pose a risk to Users, Nuvra Tech shall notify:
The UAE Data Office (regulator), and Affected Users in accordance with PDPL Articles 9 and 10.
11.2 Notifications will include the nature of the breach, likely consequences, and remedial measures taken.

12. CHILDREN’S DATA

12.1 The Platform is not intended for individuals under the age of 18.

12.2 We do not knowingly collect Personal Data from minors. Any such data, if detected, shall be deleted promptly.

13. GOVERNING LAW

This Policy is governed by:

• UAE Federal Laws, including PDPL
• Laws and regulations of the Emirate of Abu Dhabi
• Masdar City Free Zone regulations where applicable

14. CHANGES TO THIS POLICY

Nuvra Tech reserves the right to amend this Policy at any time to reflect legal, operational, or technological changes.
Updates will be posted on the Platform with a revised Effective Date.
Continued use of the Platform constitutes acceptance of the updated Policy.

15. CONTACT INFORMATION
For questions, requests, or concerns relating to this Policy, Users may contact:
Nuvra Limited
Masdar City Free Zone
Abu Dhabi, United Arab Emirates
privacy@nuvra.agency