Legal

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal data in compliance with UAE Federal Decree-Law No. 45 of 2021 (PDPL) and, where applicable, Regulation (EU) 2016/679 (GDPR).

1. Data Controller

Krasper Technologies L.L.C.-FZ ("Krasper AI", "we", "us", or "our") is the data controller responsible for your personal data.

Registered Address:
Meydan Grandstand, 6th Floor
Meydan Road, Nad Al Sheba
Dubai, United Arab Emirates

License No.: 2644150.01 (Meydan Free Zone)
Contact: [email protected]

2. Information We Collect

We collect information that you provide directly to us, including:

  • Contact Information: name, email address, phone number, company name
  • Inquiry Details: service interests, project requirements, budget range
  • Communication Data: messages sent through our contact form
  • Newsletter: email address (after double-opt-in confirmation)
  • Newsletter Consent Log (proof of consent — GDPR Art. 7(1)): at the moment of subscription we additionally store the timestamp, your IP address, the browser/User-Agent string, the URL on which you submitted the form, the policy version, and the language and exact text of the consent statement you confirmed. This record is kept solely as evidence that consent was given and is deleted upon erasure request.
  • Technical Data: IP address, browser type, device information (collected automatically)

We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.

3. How We Use Your Information

We process your personal data for the following purposes:

  • To respond to your inquiries and provide requested services
  • To communicate with you about projects and proposals
  • To send the Krasper Technologies newsletter (after your explicit opt-in)
  • To improve our website and services
  • To comply with legal obligations
  • To protect our legitimate business interests

4. Legal Basis for Processing

Under the UAE PDPL and, where applicable, the GDPR, we process your data based on:

  • Consent (PDPL Art. 5; GDPR Art. 6(1)(a)) — when you submit a contact form or subscribe to the newsletter
  • Contractual Necessity (GDPR Art. 6(1)(b)) — to perform services you have requested
  • Legitimate Interest (GDPR Art. 6(1)(f)) — for business operations, website security, and improving our services
  • Legal Obligation (GDPR Art. 6(1)(c)) — to comply with applicable laws and regulations

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact Inquiries: 3 years from last communication
  • Client Project Data: duration of engagement plus 7 years (legal requirement)
  • Newsletter Subscriptions: until you unsubscribe
  • Technical Logs: up to 12 months

After the retention period, data is securely deleted or anonymized.

6. Your Rights

You have the following rights regarding your personal data:

  • Right to Access — request a copy of your personal data we hold
  • Right to Rectification — request correction of inaccurate data
  • Right to Erasure — request deletion of your personal data
  • Right to Restrict Processing — request limitation of how we use your data
  • Right to Data Portability — request transfer of your data in a structured format
  • Right to Object — object to processing based on legitimate interests
  • Right to Withdraw Consent — withdraw consent at any time (for the newsletter, use the unsubscribe link in any email)
  • Right to Lodge a Complaint — EU residents may complain to a supervisory authority in their member state (see edpb.europa.eu)

To exercise any of these rights, contact us at [email protected]. We respond within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • SSL/TLS encryption for all data transmission
  • Secure server infrastructure with access controls
  • Regular security assessments and updates
  • Staff training on data protection practices

8. Data Sharing & International Transfers

We do not sell your personal data. Two scopes apply, with clearly separate processing flows:

Krasper products (Raigate, Krasper Suite, Thot): these products run exclusively on customer-controlled infrastructure (on-premise, private cloud, or air-gapped, as the customer chooses). We do not process customer product data on our own infrastructure; the customer is the sole controller and governs their own sub-processor relationships through their own data-processing agreements.

This website (krasper.ai): the data described above (contact-form submissions, newsletter signups, ROI-form leads, technical logs, consent records, and — only with your explicit consent — analytics pings) is processed on our own infrastructure with the following sub-processors engaged under data-processing agreements:

  • ZAP-Hosting GmbH (Germany) — server infrastructure for krasper.ai (EU; Art. 6(1)(b) GDPR, contract performance)
  • Cloudflare, Inc. (USA) — content delivery, DDoS protection, and (with your analytics consent) cookieless pageview metrics via Cloudflare Web Analytics. Transfers to the USA are based on the EU-US Data Privacy Framework adequacy decision (Art. 45 GDPR) and the EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) as a fallback.
  • Plausible Analytics (Hetzner GmbH, Germany) — privacy-friendly, cookieless pageview metrics (EU; processed only with your analytics consent). Used when Plausible self-hosting or the EU-hosted Plausible service is configured.
  • Functional Software, Inc. dba Sentry (USA / Frankfurt EU region) — frontend error monitoring (only with your analytics consent). The EU region (de.sentry.io) is used by default; transfers to the USA, if any, are covered by the EU-US Data Privacy Framework and Standard Contractual Clauses.
  • Listmonk (self-hosted, EU) — newsletter list management and double-opt-in delivery on our own infrastructure.

We may additionally share your data with:

  • Legal Authorities — when required by applicable law or legal proceedings
  • Business Partners — only with your explicit consent for project collaboration

Where data is processed at our headquarters in Dubai (U.A.E.), international transfers are conducted in compliance with UAE PDPL requirements and, for EU data subjects, the GDPR Standard Contractual Clauses (Art. 46(2)(c) GDPR) together with supplementary technical measures (encryption at rest and in transit) to ensure an adequate level of protection.

9. Cookies, LocalStorage & Tracking

We use the following cookies and similar technologies. None of the consent-gated entries are loaded until you accept the corresponding category in the cookie banner. Each visit, the banner records your decision in a server-side audit log (decision, timestamp, hashed IP, browser, policy version) per GDPR Art. 7(1).

Strictly necessary (no consent required, §25(2) TTDSG):

  • sessionid — Django session cookie. Lifetime: 14 days.
  • csrftoken — CSRF protection. Lifetime: 1 year.
  • django_language — language preference. Lifetime: 1 year.
  • krasper_consent_v1 (localStorage) — your cookie-banner decision. Lifetime: until you clear it or the policy version changes.
  • krasper_consent_cid_v1 (localStorage) — opaque, non-identifying UUID generated client-side that links your local consent record to our server-side audit log. Lifetime: as above.

Analytics (consent required, Art. 6(1)(a) GDPR, §25(1) TTDSG):

  • Cloudflare Web Analytics — cookieless pageview beacon (loads static.cloudflareinsights.com/beacon.min.js). No persistent identifiers, no cross-site tracking. Sends URL, referer, anonymized timing, and viewport size to Cloudflare for aggregate reporting. Loaded only after your Analytics consent.
  • Plausible Analytics — cookieless pageview script (loaded from plausible.io or our self-hosted endpoint). No persistent identifiers, no fingerprinting. Counts unique visitors using a daily-rotating hash derived from IP + User-Agent + domain, which is immediately discarded.
  • Sentry browser SDK — captures uncaught JavaScript errors and a low-rate sample of performance traces. sendDefaultPii is disabled; we do not transmit cookies, email, or form payloads. Loaded only after your Analytics consent.

Marketing: currently no marketing cookies are deployed. The category exists so that future re-targeting or campaign tools can only be loaded with your explicit opt-in.

Browser opt-out signals: if your browser sends the Do Not Track (DNT) header or the Global Privacy Control (GPC) signal, we treat this as an automatic Reject-All decision. The banner is not shown and no analytics or marketing scripts are loaded. You can still open Cookie Settings from the footer at any time to change your decision.

Withdraw consent: open the footer link "Cookie Settings" to re-open the banner. Choosing Reject-All immediately removes any previously stored consent state and prevents further loading of analytics/marketing scripts.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. For significant changes, we will provide prominent notice on our website.

11. Contact

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Address: Krasper Technologies L.L.C.-FZ, Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates

Last updated: 15 May 2026.

Ready to secure your
enterprise infrastructure?

Schedule a technical briefing. No sales pitch — just architects and your team.

Book a Briefing View Case Studies