Privacy Policy

1. Introduction

Triya AI Ltd (“Triya AI”, “we”, “us”, or “our”) is an artificial intelligence company registered under the laws of the Abu Dhabi Global Market (ADGM), located at ADGM Square, Al Maryah Island, Abu Dhabi, UAE.

We are committed to protecting the privacy, confidentiality, and security of the personal data and video data that we process through our products and services. This Privacy Policy explains how we collect, use, store, share, and protect such data in accordance with the ADGM Data Protection Regulations 2021 (“ADGM DPR”), the UAE Federal Data Protection Law No. 45 of 2021 (PDPL), and international standards including the EU General Data Protection Regulation (GDPR).

By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

2. Definitions

• Personal Data – Any information relating to an identified or identifiable natural person (a “Data Subject”), such as name, contact details, image, or IP address.
• Video Data / Imagery Data – Video streams, camera images, frames, and metadata processed by Triya AI's systems.
• Customer / Client – Any organization that uses Triya AI's products or services under contract.
• User / Operator – Authorized individuals of a Customer who access Triya AI's systems or dashboard.
• Data Subject – Any person whose personal data or image is captured or processed.
• Processor / Subprocessor – A third party engaged by Triya AI to process data on our behalf (e.g., cloud provider).
• Controller – The entity that determines the purposes and means of processing personal data. In most cases, Triya AI acts as a Processor on behalf of Customers; however, we act as a Controller for certain internal operations.

3. Legal Basis for Processing

Triya AI processes data lawfully, fairly, and transparently in accordance with ADGM DPR, PDPL, and GDPR. Our lawful bases for processing include:

• Contractual Necessity: To provide services as per our agreements with Customers.
• Legal Obligation: To comply with applicable laws or regulations.
• Legitimate Interest: To maintain system security, prevent fraud, and improve service performance.
• Consent: When Customers enable optional modules such as face recognition or license plate recognition (ALPR), we process biometric or special-category data only with explicit consent and in full compliance with ADGM and GDPR requirements.

4. Data We Collect

4.1. Information You Provide

• Name, email address, organization, and login credentials when registering for an account
• Billing and invoicing information
• Support requests and communications

4.2. Video & Sensor Data

• Live and recorded video streams from CCTV, RTSP, or ONVIF cameras
• Extracted metadata
• Optional biometric identifiers and license plate information when activated by the Customer

4.3. Usage & System Data

• Log files, access timestamps, device/browser information
• IP addresses
• Telemetry and analytics data

5. Purpose of Processing

We process data to deliver AI-powered analytics, operate systems, provide support, maintain security, manage billing, ensure compliance, and generate aggregated insights for improvement.

6. Data Retention and Deletion

• Video and Image Data are retained for a maximum of 30 days by default, unless up to 90 days is agreed with the Customer.
• Logs and metadata are retained for up to 12 months.
• Data is deleted or anonymized upon expiry or verified deletion request.
• Backups are encrypted and purged within defined retention limits.

7. Data Hosting and Cross-Border Transfers

• Data is primarily hosted within the UAE region.
• For international clients, data may be hosted in that client's jurisdiction.
• Cross-border transfers are protected by Standard Contractual Clauses, encryption, and transfers only to adequate jurisdictions.

8. Data Sharing and Disclosure

Data may be shared with subprocessors, affiliates, or authorities under lawful conditions. Triya AI does not sell personal or video data.

9. Security Measures

We employ encryption, role-based access control, monitoring, audits, and employee confidentiality. In case of a data breach, we notify ADGM within 72 hours if required, and affected parties if risk is high.

10. Rights of Data Subjects

Data Subjects have rights to:

• Access their personal data
• Correction of inaccurate data
• Deletion of data
• Restriction of processing
• Data portability
• Objection to processing
• Withdrawal of consent

Requests can be sent to contact@triya.ai.

11. Cookies and Tracking Technologies

Our website uses cookies for authentication, performance measurement, and analytics. Essential cookies cannot be disabled.

12. Updates to this Policy

This Policy may be updated periodically. Updates are posted at https://www.triya.ai/privacy with notice for material changes.

13. Contact Information