Privacy Policy Summary

At eProcurement.ai, we value your privacy and want you to clearly understand how we use your data:

• Your data, your control- We collect only the information needed to provide our procurement platform and services. You remain in control of your purchasing and approval decisions.
• AI-powered, but human-led – Our platform uses AI in the background to analyse product data, suggest alternatives, and generate insights.
  The AI is assistive only — it never makes binding decisions for you.
• Protected & secure – We apply strict security measures, including encryption, access controls, and continuous monitoring, to safeguard your data.
• Your rights – Under DIFC law, you have rights to access, correct, erase, or object to the processing of your personal data. You may also contact the DIFC Commissioner of Data Protection if you have concerns.
• Our accountability – We have appointed a Data Protection Officer (DPO) and an Autonomous Systems Officer (ASO) to oversee compliance, maintain an AI Register, and ensure our AI systems are certified by January 2026.

Privacy Policy

Effective Date: September 1, 2025
Entity: eProcurement Technology Limited, incorporated in the Dubai International Financial Centre (DIFC)

1. Introduction

eProcurement Technology Limited (“we”, “our”, “us”) is committed to protecting the privacy and personal data of all users of our platform. This Privacy Policy explains how we collect, use, share, and safeguard your information in accordance with:

• DIFC Data Protection Law No. 5 of 2020,
• DIFC Data Protection Regulation 10 (AI Systems), and
• other applicable data protection and privacy regulations.

By accessing or using our services, you agree to the practices described in this Privacy Policy.

2. Scope

This Policy applies to:

• Buyers, sellers, and other users of the eProcurement.ai platform,
• Visitors to our website,
• Any individual whose personal data we process in connection with our business.

3. Personal Data We Collect

We may collect the following categories of personal data:

• Identification Data: name, job title, company, contact details.
• Account Data: login credentials, user preferences, role permissions.
• Transactional Data: requisitions, RFQs, purchase orders, invoices, communications between buyers and sellers.
• Technical Data: device identifiers, IP addresses, usage logs, cookies.
• AI-Generated Insights: product alternatives, supplier matches, recommendations, or analytics generated by AI systems.

4. How We Use Personal Data

We process personal data to:

1. Provide and operate the eProcurement.ai platform and services.
2. Facilitate procurement transactions between buyers and sellers.
3. Deliver AI-powered analytics, recommendations, and product or supplier alternatives.
4. Improve and enhance our services through monitoring, research, and development.
5. Comply with our legal and regulatory obligations under DIFC law.

5. Use of AI Systems

Our platform uses AI systems continuously in the background to collect product information, generate analytics, and provide recommendations

1. AI features are assistive only . They do not make binding decisions on behalf of users.
2. All procurement and approval decisions remain fully under the control of users.
3. Because users remain the decision makers, requests for “human intervention” are not applicable.
4. Users retain the right to object to the processing of their personal data by our AI systems where legally permissible.

We maintain an internal AI Register of all AI use cases, as required by Regulation 10.

High-risk AI systems deployed commercially will be certified by a DIFC-accredited Certification Body before January 2026, in line with Regulation 10 requirements.

6. Legal Basis for Processing

We process personal data on the following bases:

• Performance of a contract (e.g., provision of services),
• Compliance with legal and regulatory obligations,
• Legitimate interests (e.g., improving our platform, fraud prevention),
• Consent, where required.

7. Data Sharing

We may share personal data with:

• Buyers and sellers registered on the platform, as necessary for transactions,
• Service providers supporting our operations (e.g., hosting, analytics, payment processors),
• Regulators, auditors, or authorities, when required by law,
• Other parties with your explicit consent.

We do not sell personal data to third parties.

8. Cross-Border Transfers

Where personal data is transferred outside the DIFC, we will ensure that adequate safeguards are in place, consistent with DIFC DP Law 2020, such as:

• Adequacy decisions,
• Standard contractual clauses,
• Binding corporate rules, or
• Other legally recognised safeguards.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy, and in accordance with legal, regulatory, and contractual requirements.

10. Security

We apply technical and organisational measures to protect personal data, including:

• Encryption of data in transit and at rest,
• Access controls and authentication,
• Monitoring, logging, and incident response procedures,
• Regular testing of AI models for fairness, accuracy, and resilience.

11. Your Rights

Under DIFC DP Law and Regulation 10, you have the following rights:

• Right of access to your personal data,
• Right to rectification of inaccurate or incomplete data,
• Right to erasure (“right to be forgotten”),
• Right to object to or restrict processing, including AI-driven processing,
• Right to data portability,
• Right to lodge a complaint with the DIFC Commissioner of Data Protection.

Requests may be submitted by contacting us at info@eprocurement.ai

12. Roles & Accountability

We have appointed both a Data Protection Officer (DPO) and an Autonomous Systems Officer (ASO), in line with DIFC legal requirements.

These officers oversee:

• Compliance with DIFC DP Law and Regulation 10,
• Maintenance of the AI Register,
• Certification of AI systems,
• Acting as the contact point for regulators and data subjects.

Contact info@eprocurement.ai

13. Updates to this Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, or our practices. Updates will be published on our website, with the effective date noted above.

14. Contact Us

For any questions, concerns, or to exercise your rights, please contact: info@eprocurement.ai
You also have the right to contact the DIFC Commissioner of Data Protection if you believe your rights have been infringed.

15. Cookie Notice

What are cookies?

Cookies are small text files placed on your device when you visit a website. They help us recognise your browser, remember your preferences, and understand how you interact with our platform.

Types of cookies we use

• Essential cookies – Required for the platform to function (e.g., login, session management, security).
• Performance & analytics cookies – Help us understand usage patterns and improve services (e.g., which pages are most visited).
• Preference cookies – Remember your settings and choices (e.g., language, saved preferences).
• Third-party cookies – Certain third parties (e.g., analytics providers) may place cookies to help us measure engagement.

How you can control cookies

• Most browsers allow you to manage or block cookies in settings.
• If you disable cookies, some features of the platform may not work as intended.

Legal basis

We use cookies where they are necessary for the performance of our services. For other cookies (analytics, preferences), we rely on your consent.

Further information