Privacy Policy

AIVRUM FZE ("AIVRUM," "we," "our," or "us"), a company incorporated in Sharjah, United Arab Emirates, operates the website at www.aivrum.com and provides AI-powered voice agent and revenue-recovery services to home service businesses worldwide (the "Services").

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have over it. We are committed to full compliance with the General Data Protection Regulation (GDPR), the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection, and all other applicable privacy laws.

By using our website or engaging our Services, you agree to the collection and use of information described in this policy.

We process personal data only for specified, explicit, and legitimate purposes. These include:

• Service delivery: provisioning, configuring, and operating your AI voice agent, call-routing rules, and lead-capture workflows.
• Account management: creating and maintaining your account, authenticating identity, and managing subscriptions.
• Communications: responding to inquiries, sending service notifications, and delivering requested audits or reports.
• Billing: processing payments, issuing invoices, and managing subscription renewals.
• Analytics and improvement: understanding how the platform is used so we can improve reliability, performance, and features (we use aggregated, pseudonymised data where possible).
• Legal compliance: fulfilling our obligations under applicable law, including responding to lawful requests from public authorities.
• Security: detecting, investigating, and preventing fraud, abuse, and technical incidents.

We do not sell your personal data to third parties, and we do not use it for automated profiling that produces legal or similarly significant effects without your explicit consent.

For users in the European Economic Area, the United Kingdom, or other GDPR-equivalent jurisdictions, our legal bases are:

• Contract performance: processing necessary to deliver Services you have purchased or requested.
• Legitimate interests: analytics, security monitoring, and fraud prevention — balanced against your rights.
• Legal obligation: compliance with applicable laws and regulatory requirements.
• Consent: marketing emails and non-essential cookies, where we obtain your explicit opt-in.

We share personal data only in the following circumstances:

• Service providers: trusted vendors (cloud hosting, payment processing, analytics, customer support tools) who process data on our behalf under binding data processing agreements.
• Business clients: call recordings, transcripts, and lead data generated by our platform are shared with the business that contracted our Services — that business is the data controller for their callers' information.
• Legal requirements: when required by law, court order, or enforceable governmental request.
• Business transfers: in connection with a merger, acquisition, or sale of all or substantially all of our assets, subject to confidentiality obligations.

We never sell personal data, share it for third-party advertising purposes, or disclose it to any party not covered above without your prior written consent.

AIVRUM operates from the United Arab Emirates and uses infrastructure hosted in data centers located in the EU and US. Where we transfer personal data outside your home jurisdiction, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs), adequacy decisions, or equivalent mechanisms recognized under applicable law.

We retain personal data for as long as necessary to fulfill the purposes described above:

• Account data: for the duration of your subscription plus 3 years thereafter, or as required by law.
• Call recordings and transcripts: 12 months by default; extended retention is available at client request.
• Billing records: 7 years in accordance with UAE and international accounting standards.
• Web analytics: 26 months, then automatically purged.

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the data we hold about you.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure: request deletion of your data where we have no overriding legal basis to retain it.
• Restriction: ask us to limit how we use your data while a dispute is resolved.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests or for direct marketing.
• Withdrawal of consent: revoke previously given consent at any time without affecting prior processing.

To exercise any of these rights, email us at privacy@aivrum.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

We implement industry-standard technical and organisational measures to protect your data, including AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, regular penetration testing, and continuous security monitoring. For a full overview, see our Security page.

Our Services are directed exclusively at business owners and are not intended for, and we do not knowingly collect data from, individuals under the age of 18. If you believe a minor has provided us with personal data, contact us immediately at privacy@aivrum.com so we can delete it.

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. When we make material changes, we will notify you by email (if you are a registered user) and update the "Last updated" date at the top of this page. Your continued use of our Services after any update constitutes acceptance of the revised policy.

For privacy-related questions, requests, or concerns:

• Email: privacy@aivrum.com
• General: info@aivrum.com
• Address: AIVRUM FZE, Sharjah, United Arab Emirates