Privacy Policy
This Policy explains how Tanseek collects, uses, and protects your personal data when you use the platform, the Command Center, our website, and related services (together, the “Service”). We follow the data-protection principles set out in the Personal Data Protection Law (PDPL) and the General Data Protection Regulation (GDPR), including data minimization, purpose limitation, transparency, and prior consent.
1. Who We Are & Data Controller
Tanseek is an Arabic-first executive AI platform. The data controller responsible for processing your personal data under this Policy is Digital Engine (المحرك الرقمي). When you connect third-party accounts to the Service, we process the resulting data on your behalf, on your instructions, and solely to provide the Service to you.
2. Data We Collect
We collect only what is needed to provide the Service, including:
- Account data: your name, email, and account identifier managed through our authentication provider (Clerk), plus your account status and role.
- Connected provider data: the mail messages, calendar events, and documents the Service accesses through Google with permissions you explicitly approve, which are not read before you consent and are approved.
- AI configuration: your Anthropic key if you provide one, which is stored encrypted and never displayed again after it is saved.
- Usage & audit data: action logs, timestamps, and metadata needed for security and the audit log.
3. How We Use Your Data
We use your data solely for the following purposes:
- Provide and operate the Service, including the daily brief, meeting preparation, and drafting.
- Execute sensitive actions only after your explicit human approval.
- Maintain the security of the Service and a tamper-evident audit log.
- Comply with our legal and regulatory obligations.
4. Legal Basis for Processing
We process your personal data on one or more of the following bases:
- Consent: your prior consent to this Policy and to the Service accessing your connected accounts.
- Performance of a contract: what is necessary to provide the Service you requested.
- Legitimate interests: securing the Service, preventing abuse, and improving reliability, where not overridden by your rights.
- Legal obligation: where the law requires us to retain or disclose certain data.
5. Google & Third-Party Data
When you connect a Google account, the Service accesses your mail, calendar, and documents only within the scope you grant. Use of this data is limited to providing the Service’s features to you, and our use complies with the Google API Services User Data (Limited Use) requirements, including not selling it, not using it for advertising, and not making it available to humans except where those policies permit.
You can withdraw this access at any time by disconnecting your account from the Settings page; any new access stops immediately and the derived caches associated with that provider are removed.
6. AI Processing
To generate the brief and analyses, excerpts of your content may be sent to our AI model provider (Anthropic) for real-time processing. You can bring your own key, and no model call or data read happens unless live mode is switched on; otherwise your data is not processed by AI. Your data is not used to train general-purpose models.
8. Data Retention
We retain your data for as long as your account is active and as needed for the purposes described in this Policy. AI-derived data and caches follow a defined lifecycle and are deleted automatically once their retention period expires. When you delete your account, your data is permanently erased except where the law requires retention.
9. How We Protect Your Data
We apply appropriate technical and organizational measures to protect your data, including:
- Encryption: access tokens and AI keys are stored encrypted on the server.
- Tamper-evident audit log: sensitive actions are recorded in a cryptographically linked chain.
- Access & approval controls: no sensitive action runs without your approval, and access remains governed by roles and approval.
10. Your Rights
Under the PDPL and GDPR, you have the following rights:
- Access & portability: export a full copy of your account data as JSON from the Settings page.
- Erasure: permanently delete your account and data from the Settings page.
- Rectification: update inaccurate account information.
- Objection & restriction: turn off live mode or disconnect your providers to limit processing.
- Withdraw consent: withdraw your consent at any time, without affecting prior processing.
You can exercise most of these rights directly within the product, or by contacting us using the details below. You also have the right to lodge a complaint with the competent supervisory authority.
11. International Data Transfers
Your data may be processed or stored in countries outside your country of residence, where our providers or sub-processors are located. Where this happens, we put in place appropriate safeguards consistent with applicable law to protect your data during transfer and processing.
12. Consent & Withdrawal
Before the Service accesses any of your data, we ask for your consent to this Policy, and we record the policy version and the date of your consent. When the Policy is materially updated we may ask for your consent again. You can withdraw your consent at any time by disconnecting your providers or deleting your account; any new access or processing stops immediately.
13. Changes to this Policy
We may update this Policy from time to time. Where changes are material we will make reasonable efforts to notify you, for example via the website, email, or by requesting fresh consent. The “Effective date” at the top of this page indicates the most recent version.
14. Contact
For questions about this Policy or to exercise your rights, please contact Digital Engine (المحرك الرقمي) at privacy@tanseek.ai or at Riyadh, Saudi Arabia.