Privacy Policy

Last updated 15 May 2026 · Version 2.0

This Privacy Policy explains how DCS AI Technologies L.L.C (the operator of DCS Network, "we", "us", "our") collects, uses, stores, and protects personal data when you use dcsai.ai, the DCS Network dashboard at dcsai.ai/app22, or any DCS-built website hosted on our infrastructure ("the Service").

Plain-English summary. We collect the data we need to run your account, deliver bookings and messages, and improve the product. We never sell your data. We use vetted third-party processors (Meta, Stripe, Supabase, Twilio, Resend) listed below. You can export or delete your data any time by emailing privacy@dcsai.ai.

Who we are
Data we collect
How we use your data
Legal basis
Third-party processors
AI and inference
When we share data
Data retention
International transfers
Your rights
Security
Cookies and tracking
Children
Changes to this policy
Contact

1. Who we are

The Service is operated by DCS AI Technologies L.L.C, a Single-Owner Limited Liability Company licensed in the Emirate of Dubai, United Arab Emirates (Dubai Department of Economy & Tourism Initial Approval No. 1763081, trade name reservation No. 3933401). The brand DCS Network is a product of DCS AI Technologies L.L.C.

For privacy questions, contact privacy@dcsai.ai. For general inquiries, info@dcsai.ai.

2. Data we collect

We collect three categories of personal data.

2.1 Account data (from you)

Identity: name, email address, phone number, profile photo if uploaded.
Account credentials: hashed password (we never store plaintext), session tokens.
Business profile: business name, industry, address, website URL, social media handles.
Billing: billing address, tax ID; payment card data is processed by Stripe and never touches our servers.

2.2 Operational data (from your use of the Service)

Site content: the AI-generated and edited content of your DCS-built website (text, images, sections, palette choices).
Bookings: customer-submitted booking records (name, phone, email, party size, datetime, notes).
Messages: WhatsApp, SMS, Telegram, Instagram DM, email, and voice handoff transcripts routed through DCS on behalf of your business.
Memory events: short text snippets and vector embeddings (via pgvector) representing conversational context, used by AI features to recognize returning customers and improve responses.
Telemetry: page views, click events, AI build timings, error logs, cost-per-build metrics, IP address (truncated for analytics).

2.3 End-customer data (from your customers, on your behalf)

When a customer of yours books through a DCS-built site or messages your DCS-connected channels, we process their personal data as a processor on your behalf. You are the controller. Categories include name, phone number, email, booking history, messaging history, deposit/payment status, language preference, and behavioural tags computed by our segmenter (e.g., new, frequent, at_risk, dormant).

3. How we use your data

Deliver the Service: render your site, fire bookings, send messages and reminders, process payments.
Improve the product: aggregate and anonymise telemetry to optimise build quality, AI prompts, deliverability.
Account safety: detect abuse, prevent fraud, enforce our Terms of Service.
Communicate with you: transactional emails (booking confirmations, billing receipts, security alerts), product updates, occasional marketing (opt-out at any time).
Comply with law: respond to lawful requests, meet tax and accounting obligations under UAE law.

We do not sell personal data. We do not use end-customer data to train shared AI models.

4. Legal basis

Where the EU General Data Protection Regulation (GDPR), the UK GDPR, or the California Consumer Privacy Act (CCPA) applies, our lawful bases for processing are:

Contract: processing necessary to provide the Service you signed up for.
Legitimate interest: security, fraud prevention, product analytics, direct marketing of similar services to existing customers.
Consent: where you opt in to non-essential cookies, marketing emails, or feature beta access.
Legal obligation: tax records, anti-money-laundering, lawful disclosure orders.

For users in the United Arab Emirates, processing is conducted in accordance with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.

5. Third-party processors

We use the following vendors to deliver the Service. Each is contractually bound to confidentiality and security standards no lower than ours.

Vendor	Purpose	Region
Meta Platforms (WhatsApp, Instagram)	WhatsApp and Instagram message delivery	Global (Ireland for EU)
Twilio	SMS, voice calls, phone number provisioning	USA
Telegram	Telegram bot message delivery	Global
Stripe	Payment processing, billing, subscription management	USA / Ireland
Supabase	Database, authentication, file storage	USA (AWS)
Railway	Backend application hosting	USA
Cloudflare	DNS, CDN, DDoS protection, static site hosting	Global
Vercel	Marketing site hosting	USA
Resend	Transactional email delivery	USA
Anthropic, OpenAI, DeepSeek, Google AI	AI inference for site generation, content writing, classifications	USA / Global
Replicate	AI image generation (SDXL)	USA
Filecoin (via trd-storage)	Permanence layer for snapshot certificates	Global decentralised network

6. AI and inference

The Service uses third-party AI models (large language models and image models) to generate website content, classify messages, suggest replies, draft broadcasts, and translate between languages. When we send data to these AI providers:

We send only the minimum text required for the task (a prompt, the relevant context, or the content being processed).
We never send your billing data, password, or unrelated personal data to AI providers.
Where supported by the provider, we configure zero-data-retention or 30-day retention to disallow training on our prompts. We rely on the provider's published API terms for the current state.
We do not provide AI providers with the ability to contact your end-customers directly.

AI output is generated probabilistically and may contain errors. You remain responsible for reviewing AI-generated content before sending it to your customers or publishing it on your site.

We share personal data only:

With the processors listed in section 5, as needed to deliver the Service.
With your team members and collaborators you explicitly grant access to.
With professional advisors (lawyers, accountants, auditors) under confidentiality obligations.
When required by valid legal process under UAE law, or to enforce our Terms of Service.
In connection with a merger, acquisition, or sale of all or part of our business, provided the acquiring party assumes equivalent privacy obligations.

8. Data retention

We retain personal data only as long as needed for the purposes described in this Policy.

Data category	Retention period
Active account data	For the life of your account
Account data after deletion request	Deleted within 30 days, except where retention is legally required
Bookings and messaging history	For the life of your account; you can purge per-customer history on request
Memory events (vector embeddings)	Up to 24 months from last interaction; pruned automatically
Billing records	7 years (UAE tax retention requirement)
Server logs	30 days, then aggregated or deleted
Filecoin permanence snapshots	Indefinite by design; see section 6 of the Terms of Service

9. International transfers

We are based in the UAE. Most of our processors are in the USA, EU, or globally distributed. Where we transfer personal data outside the UAE, we rely on:

Standard Contractual Clauses approved by the European Commission, where applicable.
Adequacy decisions where they exist.
Your explicit consent where neither of the above is available.

By using the Service from the EU, the UK, or other regions with cross-border restrictions, you consent to this transfer.

10. Your rights

Depending on your jurisdiction, you have some or all of the following rights:

Access: request a copy of the personal data we hold about you.
Rectification: ask us to correct inaccurate or incomplete data.
Deletion: ask us to delete your data (subject to legal retention requirements).
Portability: receive your data in a structured, machine-readable format.
Object: object to processing based on legitimate interest.
Restrict: ask us to pause processing while we resolve a query.
Withdraw consent: where processing is based on consent, withdraw it at any time.
Complain: lodge a complaint with the UAE Data Office or your local data protection authority.

To exercise any right, email privacy@dcsai.ai. We will respond within 30 days. We do not charge a fee unless the request is manifestly unfounded or excessive.

11. Security

We protect your data with industry-standard measures:

TLS 1.2+ on all network traffic.
Encryption at rest for primary databases (Supabase / Postgres).
Password hashing using bcrypt with a per-row salt.
Row-level security (RLS) policies on every customer-scoped table.
Least-privilege access for staff; multi-factor authentication on all admin consoles.
Cloudflare DDoS protection and a Web Application Firewall.
Automated dependency scanning and vulnerability monitoring.

No system is completely secure. If we discover a data breach affecting your personal data, we will notify you and the relevant authorities without undue delay, and in any event within 72 hours where required by law.

12. Cookies and tracking

We use a small number of cookies, all classified as either strictly necessary or analytics:

Strictly necessary: session cookies, CSRF tokens, authentication tokens. Cannot be disabled if you want to use the Service.
Analytics: first-party event counters; we do not use Google Analytics or any third-party tracking on the app dashboard.

The dcsai.ai marketing site may use a privacy-respecting analytics service (e.g., Plausible) to count page views with no personal identifiers and no cross-site tracking.

13. Children

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided personal data to us, contact privacy@dcsai.ai and we will delete it.

14. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest revision. For material changes, we will notify you by email or in-app banner at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance.

15. Contact

DCS AI Technologies L.L.C
Dubai Mainland, United Arab Emirates
Initial Approval No. 1763081
Trade name: DCS AI Technologies (reservation No. 3933401)
Email (privacy): privacy@dcsai.ai
Email (general): info@dcsai.ai
Website: dcsai.ai

Privacy Policy

Contents

1. Who we are

2. Data we collect

2.1 Account data (from you)

2.2 Operational data (from your use of the Service)

2.3 End-customer data (from your customers, on your behalf)

3. How we use your data

4. Legal basis

5. Third-party processors

6. AI and inference

7. When we share data

8. Data retention

9. International transfers

10. Your rights

11. Security

12. Cookies and tracking

13. Children

14. Changes to this policy

15. Contact