Legal

Privacy Policy

Effective date: 1 July 2026 · Last updated: 4 July 2026

1. Who we are

Octavion (“we”, “us”, “our”) is a technology company registered in Dubai, United Arab Emirates. We operate the website octavion.ae (the “Website”) and the Octavion business platform accessible at app.octavion.ae (the “Platform”). Our data controller contact is: hello@octavion.ae.

2. Scope

This Privacy Policy applies to all personal data processed when you visit our Website, contact us through any channel, or use the Octavion Platform. It does not apply to third-party websites we may link to — those are governed by their own privacy policies.

3. Data we collect

3.1 Data you provide directly

  • Contact enquiries — name, email address, company name, phone number, and message text submitted through our contact form or via email.
  • Account registration — email address, full name, company name, and password when you create a Platform account.
  • Business data — customers, leads, invoices, inventory, call recordings, messages, employee records, and any other data you enter into the Platform during normal use.
  • Support communications — messages, screenshots, or files you share when requesting technical support.

3.2 Data collected automatically

  • Website analytics — Microsoft Clarity collects anonymised interaction data on the Website: pages visited, scroll depth, click heatmaps, session duration, browser type, screen resolution, and approximate location (country/city level from IP). Clarity does not collect keystrokes in form fields.
  • Server logs — our web servers record IP addresses, request timestamps, HTTP methods, URLs requested, response codes, and user-agent strings. These logs are retained for 30 days for security and debugging purposes.
  • Authentication data — login timestamps, IP addresses, session tokens, and user-agent strings are recorded in the Platform audit log for security monitoring.

4. How we use your data

  • To respond to enquiries — we use your contact details to reply to questions, schedule demos, and provide quotes.
  • To provide the Platform — we process your account data and business data to operate the service you signed up for, including call routing, CRM, ERP functions, messaging, and AI-powered features.
  • To improve our products — anonymised analytics data helps us understand which pages and features are used most, identify bugs, and improve the user experience.
  • To ensure security — login records, audit logs, and server logs are used to detect unauthorised access, investigate incidents, and comply with legal obligations.
  • To meet legal obligations — we may process data where required by UAE law, court order, or regulatory request.

We do not sell, rent, or trade personal data. We do not use your data for advertising. We do not profile you for marketing purposes.

5. Legal basis for processing

We process personal data on the following bases under applicable UAE data protection law:

  • Contract — processing necessary to provide the Platform services you subscribed to.
  • Legitimate interest — security monitoring, fraud prevention, product improvement, and responding to enquiries.
  • Consent — where you voluntarily submit information through our contact forms or analytics opt-in.
  • Legal obligation — where required by UAE law or regulation.

6. AI features and data processing

The Octavion AI Copilot sends your business queries and relevant data context to Anthropic's Claude API for processing. Anthropic does not use your data to train its models under its commercial API terms. Call transcription uses the same API. AI-generated responses are not stored by the AI provider — they are returned to and stored within your Platform workspace only.

7. Data sharing

We share personal data only with the following categories of recipients, and only to the extent necessary:

  • Infrastructure providers — server hosting (Hetzner, Germany) for the Platform and Website.
  • Analytics — Microsoft Clarity for anonymised Website usage data.
  • Telephony carriers — SIP trunk providers (Etisalat, du, or your chosen provider) and Twilio for call routing and SMS delivery. Only the data required for call/message routing is shared (phone numbers, call metadata).
  • Messaging providers — Meta (WhatsApp Business API) for WhatsApp message delivery.
  • AI provider — Anthropic for AI Copilot features (see Section 6).
  • Legal authorities — where required by UAE law, court order, or regulatory request.

We do not transfer personal data outside the UAE/EEA except to Anthropic (United States) and Microsoft Clarity (United States), both of which maintain appropriate data protection safeguards under their respective terms.

8. Data retention

  • Contact enquiries — retained while commercially relevant, typically up to 24 months. Deleted on request.
  • Platform accounts — account data is retained for the duration of the subscription and deleted or exported within 30 days of termination at your request.
  • Business data — retained for the duration of the subscription. On self-hosted deployments, data resides on your infrastructure and is under your control at all times.
  • Server logs — automatically purged after 30 days.
  • Audit logs — retained for 12 months for security compliance.
  • Call recordings — retention period configurable per queue by the customer (default: 90 days).

9. Data security

We protect personal data with:

  • TLS 1.2+ encryption for all data in transit (HTTPS enforced on all domains).
  • Encrypted database connections within the server infrastructure.
  • Bcrypt password hashing with per-user salts.
  • Role-based access control (RBAC) limiting data access to authorised personnel.
  • Immutable audit logging of all administrative and security-relevant actions.
  • Signed URLs for call recording access (recordings are never publicly accessible).
  • Regular security updates and server patching.

No method of electronic storage or transmission is 100% secure. While we use commercially reasonable measures to protect your data, we cannot guarantee absolute security.

10. Your rights

You have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request correction of inaccurate or incomplete data.
  • Deletion — request deletion of your personal data where there is no legal reason for continued processing.
  • Data portability — request your data in a structured, machine-readable format. Platform data can be exported via the dashboard or API at any time.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, email hello@octavion.ae. We will respond within 30 days. If we cannot fulfil your request, we will explain why.

11. Children's privacy

The Website and Platform are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

12. Cookies and tracking technologies

Our use of cookies is described in our Cookie Policy. In summary: we use essential session cookies for Platform authentication and Microsoft Clarity for anonymised analytics. We do not use advertising cookies or cross-site tracking.

13. Changes to this policy

We may update this policy from time to time. Changes are posted on this page with an updated “Last updated” date. For material changes that affect how we process your data, we will provide notice through the Platform dashboard or by email. Continued use of the Website or Platform after changes constitutes acceptance.

14. Contact

For any questions, requests, or complaints about this Privacy Policy or our data practices:

If you are not satisfied with our response, you may lodge a complaint with the relevant UAE data protection authority.