Legal

Privacy Policy

Last updated: April 2026

1. Introduction

Welcome to DeepSolve Tech Limited ("DeepSolve", "we", "us", or "our"), a private company registered in the Dubai International Financial Centre (DIFC) under License Number CL10387. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website at deepsolve.io or interact with our services.

We act as the "Controller" of your personal data for the purposes of the DIFC Data Protection Law 2020 (DIFC Law No. 5 of 2020) (the "DIFC DPL"). Where you are located in the European Economic Area or the United Kingdom, we also aim to meet the standards of the EU General Data Protection Regulation and the UK GDPR.

2. What Data We Collect

We may collect and process the following types of personal data:

Information you provide directly:

  • Name (required when submitting our contact form)
  • Email address (required when submitting our contact form)
  • Company name (optional)
  • Job role (optional)
  • Message content (optional)
  • Any other information you provide when contacting us via email

Information collected automatically:

  • Technical data: IP address, browser type and version, operating system, device type, screen resolution
  • Usage data: pages visited, time spent on each page, referral source, click interactions, scroll depth (collected via PostHog analytics only with your consent)
  • Session replay data: anonymised recordings of your interactions with the site, including mouse movements, clicks, and scrolling behaviour (collected via PostHog only with your consent - form inputs are masked by default to exclude personal data)

3. How We Collect Your Data

  • Directly from you - when you submit our contact form or send us an email
  • Automatically - through PostHog analytics, only after you grant consent via our consent banner

4. How We Use Your Data

  • To respond to your inquiries - when you submit the contact form, we use your name and email to get back to you within 24 hours
  • To improve our website - analytics data and session replays help us understand how visitors navigate the site, identify usability issues, and improve the experience
  • To maintain and secure our site - technical data helps us identify and resolve errors
  • To comply with legal obligations - where required by applicable law

We do not use your data for automated decision-making or profiling. We do not send marketing emails unless you explicitly opt in.

Lawful bases for processing: Under Article 10 of the DIFC DPL (and Article 6 of the GDPR / UK GDPR where applicable), we rely on:

  • Consent - for analytics cookies and session replay recordings (you can withdraw at any time)
  • Contract or steps prior to entering into a contract - when you contact us to discuss a potential engagement
  • Legitimate interests - responding to your contact form submission, maintaining and securing the website, and preventing abuse (for example, rate limiting by IP address)
  • Legal obligation - where processing is required to comply with applicable law

5. How We Store and Protect Your Data

Contact form submissions are stored in a secure, encrypted database hosted by Supabase in the Asia-Pacific region. Access is restricted to authorised members of our team using role-based access controls and secure authentication.

Each submission is stored alongside the submitter's IP address, which we use solely for rate limiting and abuse prevention. The IP address is retained under the same 12-month retention period as the rest of the submission (see Section 7).

When you submit the contact form, a notification email containing your submission is sent to our internal team mailbox via Microsoft 365 (Outlook) using encrypted SMTP (TLS). This email is accessible only to authorised team members.

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit (TLS/HTTPS), encryption at rest, and regular access reviews.

6. Cookies, Analytics & External Resources

Essential storage: Our website uses localStorage to remember your analytics consent preference. This is strictly necessary for the site to function and does not require consent.

Analytics & session replays: We use PostHog to collect anonymised usage data and record session replays. PostHog uses localStorage (not cookies) for persistence, and data collection is only enabled after you explicitly click "Accept" on our consent banner. If you click "Decline", no usage data is collected and no sessions are recorded.

Session replays capture anonymised recordings of how you interact with the site (mouse movements, clicks, scrolling). All text entered into form fields is automatically masked in recordings to protect your personal information. Session replays are stored for 30 days.

You can change your analytics preference at any time by clearing your browser's local storage for this site, which will re-display the consent banner on your next visit.

7. Data Retention

We retain contact form submissions for a maximum of 12 months from the date of submission. After this period, your data is permanently deleted from our database and cannot be recovered.

PostHog analytics data is retained according to our configured retention settings, after which it is automatically deleted. Session replay recordings are retained for a maximum of 30 days.

Email notifications of contact form submissions stored in our mailbox are subject to the same 12-month retention period.

8. Third-Party Services

We do not sell, trade, or rent your personal data to any third party. The following services process data on our behalf, strictly for the purposes described in this policy and under appropriate data processing agreements:

  • Supabase (database hosting, Singapore region) - stores contact form submissions in a secure PostgreSQL database. Singapore is on the DIFC adequacy list. Supabase's privacy policy: supabase.com/privacy
  • PostHog (website analytics & session replays, EU region) - collects anonymised usage data and session recordings only with your consent. The European Economic Area is on the DIFC adequacy list. PostHog's privacy policy: posthog.com/privacy
  • Microsoft 365 (email delivery, global) - delivers contact form notification emails to our team. Transfers to regions outside the DIFC adequacy list are protected by DIFC-approved Standard Contractual Clauses. Microsoft's privacy statement: privacy.microsoft.com
  • Vercel (website hosting, global edge network) - hosts and serves our website. Transfers to regions outside the DIFC adequacy list are protected by DIFC-approved Standard Contractual Clauses. Vercel's privacy policy: vercel.com/legal/privacy-policy

9. International Data Transfers

Because we are based in the DIFC, the DIFC DPL governs how we may transfer personal data outside the DIFC. We rely on the following mechanisms:

  • Adequacy (Article 26 DIFC DPL) - the DIFC recognises certain jurisdictions as providing an adequate level of protection. Our database is hosted by Supabase in Singapore and PostHog analytics data is processed in the European Union; both are on the DIFC adequacy list, so no additional safeguards are required.
  • DIFC Standard Contractual Clauses (Article 27) - where our service providers (for example, Microsoft 365 and Vercel) process data in jurisdictions that are not on the DIFC adequacy list, we rely on the Commissioner-approved DIFC Standard Contractual Clauses, supplemented by a transfer impact assessment where required.

Where you are located in the EEA or the United Kingdom, equivalent safeguards (EU Standard Contractual Clauses, the UK International Data Transfer Agreement, or recognised adequacy decisions) apply to transfers of your data to these providers.

10. Your Rights

Under Articles 32–38 of the DIFC DPL - and, where applicable, the GDPR and UK GDPR - you have the following rights:

  • Right to withdraw consent - where we rely on your consent, you may withdraw it at any time (for analytics, via the cookie banner)
  • Right of access - request a copy of the personal data we hold about you
  • Right to rectification - request correction of inaccurate or incomplete data
  • Right to erasure - request deletion of your personal data
  • Right to object to processing - object to processing of your data where we rely on legitimate interests
  • Right to restrict processing - request that we restrict processing of your data in certain circumstances
  • Right to data portability - request your data in a structured, machine-readable format
  • Right relating to automated decision-making and profiling - we do not make decisions that produce legal or similarly significant effects solely through automated processing
  • Right to lodge a complaint - you may lodge a complaint with the Commissioner of Data Protection, DIFC (commissioner@dp.difc.ae; dp.difc.ae) if you believe your data protection rights have been violated. If you are located in the EEA or the UK, you may also lodge a complaint with the data protection authority in your country of residence.

To exercise any of these rights, contact us at info@deepsolve.io. We will respond to your request within the timeframes set out in the DIFC DPL (generally one month, extendable where necessary).

11. Children's Privacy

Our website and services are not directed at minors. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Any changes will be reflected on this page with an updated "Last updated" date. We encourage you to review this page periodically.

13. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us at:

DeepSolve Tech Limited
DIFC License Number: CL10387
Unit IH-00-01-02-OF-01, Level 2, Innovation One
Dubai International Financial Centre, Dubai, United Arab Emirates
Email: info@deepsolve.io

Data Protection Contact: Saber Zaben - saber.zaben@deepsolve.io

Privacy PolicyTerms of UseLinkedInLinkedIn
Innovation One, DIFC, Dubai, UAE
© 2026 DeepSolve. All rights reserved.