Mafhoum Logo MAFHOUM

Privacy Policy — mahoum.ai

This Privacy Policy explains how mahoum.ai collects, uses, shares, and protects personal data across our website, apps, APIs, and related services (the “Service”). It is tailored for operations within Ras Al Khaimah Economic Zone (RAKEZ) in the United Arab Emirates and aligns with the UAE Federal Decree-Law No. 45 of 2021 regarding Personal Data Protection (the “PDPL”). If you do not agree with this Policy, please do not use the Service.

Who we are (Data Controller)

Slides and Beyond FZ-LLC (trading as mahoum.ai)

Place of incorporation: RAKEZ — Ras Al Khaimah Economic Zone, UAE

Registered address: Compass Building, Al Shohada Road, AL Hamra Industrial Zone-FZ, Ras Al Khaimah, United Arab Emiratesemirate, UAE

Contact: info@mafhoum.ai

Scope

This Policy covers personal data processed when you:

  • visit our websites,
  • create an account or use our web/app/API products,
  • upload or process content through the Service,
  • contact us or interact with our marketing.

Key definition (Customer Content)

Customer Content. “Customer Content” means any information, data, or materials that you (or your authorized users) submit to, import into, transmit through, or generate with the Service, in any format or medium, including without limitation: documents, files, images, audio/video, text, prompts/instructions, translations, annotations, labels, configuration/settings, and all associated or derived metadata (e.g., layout, styling, coordinates, timestamps, IDs), as well as intermediate artifacts and outputs produced by the Service at your request. Customer Content may include personal data (including sensitive/special-category data) to the extent you choose to include it. We process Customer Content solely on your documented instructions and as necessary to provide the Service, subject to your administrative settings and requirements (including retention/deletion, export, access controls, data residency, sub-processor approvals, and model routing) and the applicable agreement/DPA. You are responsible for ensuring you have a lawful basis and requisite notices/consents for Customer Content you provide or direct us to process (including via third-party integrations). We do not require you to include any particular categories of personal data in Customer Content.

The data we collect

1. Data you provide

  • Account & profile: name, email, password (hashed), role, organization, authentication identifiers.
  • Customer Content: as defined above.
  • Support & communications: messages, tickets, feedback, and contact details.
  • Billing: subscription plan, invoices, transaction details (processed by our payment provider; we do not store full card numbers).

2. Data collected automatically

  • Usage & event data: features used, timestamps, clicks, error logs.
  • Device & technical: IP address, browser, OS, language, referral URL.
  • Cookies & similar tech: essential cookies; with your consent, analytics/measurement cookies. See Cookies below.

3. Data from third parties

  • Single sign-on (if enabled): email, name, org ID from your provider.
  • Vendors (e.g., payment, analytics, cloud, email): limited data necessary to run the Service.

We do not intentionally collect special categories of data unless you include them within Customer Content.

How we use your data (purposes & legal bases under UAE PDPL)

Purpose Examples Legal basis (PDPL)
Provide the Service account creation, document processing, translation & layout flipping, API delivery, user support Your consent or necessity to fulfil your request/contract; other lawful bases permitted by PDPL
Secure & improve troubleshooting, quality, fraud prevention, safety monitoring, aggregated analytics Legitimate interests where permitted by PDPL and balanced against your rights
Communicate service notices, updates, support responses Necessary for providing the Service or based on your consent
Billing & compliance subscriptions, invoicing, tax, audits Necessary to comply with legal obligations or perform a contract
Marketing (optional) newsletters, product announcements Your consent (you can opt out at any time)

We do not use your Customer Content to train our models by default. If we ever offer an explicit opt-in for training or benchmarking, it will be clearly presented and off unless you enable it.

AI processing & model routing

  • Customer Content is processed only to generate outputs you request (e.g., translations, layout transformations).
  • We may use our own hosted models and/or vetted third-party AI providers for inference only. Our contracts prohibit those providers from training on your Customer Content unless you have explicitly opted in.
  • Enterprise customers can request data residency, custom retention, and model routing controls via a Data Processing Addendum (DPA).

Sharing your data

  • Service providers / sub-processors (hosting, storage, security, logging, email, payments, analytics, optional AI inference) under confidentiality and PDPL-compliant safeguards.
  • Enterprise organizations (if your account is provisioned by your employer, your admin may access certain usage/workspace data).
  • Legal/compliance: to comply with law, enforce terms, or protect rights, safety, and security (including obligations under the PDPL).
  • Corporate transactions: in connection with a merger, acquisition, or asset sale (we will notify you where legally required).

International transfers (PDPL)

We may transfer personal data outside the UAE where permitted by the PDPL, including where the destination is recognized by the UAE Data Office (Emirates Data Office) as providing an adequate level of protection, or where appropriate safeguards are in place (e.g., contractual protections) or another PDPL ground applies (such as explicit consent). Where we rely on consent, we will inform you of the risks of the transfer.

Retention

  • Account data: retained while your account is active and for a reasonable period afterward to meet legal/financial obligations and resolve disputes.
  • Customer Content: retained according to your workspace settings after deletion, for recovery and audit. Enterprise retention may be customized in a DPA.
  • Logs/analytics: retained for 48 months in aggregated or pseudonymized form where possible.

We delete or anonymize data when no longer needed.

Security

We use administrative, technical, and organizational measures, including:

  • encryption in transit (TLS) and at rest (where supported),
  • access controls, audit logs, least-privilege policies,
  • vulnerability management, monitoring, and backups.

No method of transmission or storage is 100% secure. If we learn of a breach affecting your data, we will notify the UAE Data Office and affected individuals as required under the PDPL and any applicable regulatory guidance.

Your rights (UAE PDPL)

Subject to the PDPL, you can:

  • Right to obtain information/access to your personal data,
  • Right to request correction/rectification of inaccurate data,
  • Right to erasure (deletion) in certain circumstances,
  • Right to restrict processing in specific cases,
  • Right to stop processing (including for direct marketing or profiling related to direct marketing),
  • Right to data portability, where applicable,
  • Right to object to decisions based solely on automated processing (including profiling) that have legal or similarly significant effects.

To exercise these rights, contact info@mahoum.ai. We may ask for verification of identity.

Cookies & similar technologies

  • Strictly necessary: required for login, security, load balancing.

Children’s privacy

The Service is not directed to children as defined under applicable UAE law. Do not use the Service if you are a minor without appropriate parental/guardian consent where required. If we learn we have collected data from a child contrary to law, we will delete it.

When we act as Processor (enterprise customers)

For enterprise workspaces, we process Customer Content as a Processor under the organization’s instructions and our DPA. In that case, the organization is the Data Controller and responsible for end-user notices and consents.

Third-party links

Our Service may link to third-party sites or services. Their privacy practices are governed by their own policies.

Changes to this Policy

We may update this Policy from time to time. If changes are material, the “Last updated” date shows the latest revision.

Contact us

Questions or requests about this Policy:

Email: info@mafhoum.ai

Regulator: Emirates Data Office (UAE Data Office), established under Federal Decree-Law No. 44 of 2021.