Privacy Policy
Last updated: 24 April 2026
بِسْمِ اللهِ الرَّحْمٰنِ الرَّحِيْمِ
In the name of God, the Most Gracious, the Most Merciful
1. Introduction
This Privacy Policy explains how Mamluk LLC ("Company", "we", "us", "our"), the operator of the Bahriya cloud platform ("Platform"), collects, uses, stores, and protects personal data. This policy applies to all users of the Bahriya Platform, Console, API, website, and related services.
The Company is incorporated in the United Arab Emirates and processes personal data in accordance with UAE Federal Decree-Law No. 45/2021 on the Protection of Personal Data ("UAE Data Protection Law") and its implementing regulations.
2. Data Controller
The data controller for personal data collected through the Platform and website is Mamluk LLC, a company incorporated in Sharjah Media City, Sharjah, UAE operating under License No. 2326164.01.
3. Personal Data We Collect
3.1 Account Data
When you register and use the Platform, we collect:
- Full name.
- Email address.
- Username.
- Authentication tokens and session data.
- We may ask for additional information as required by law or for specific features or to enable larger service quotas.
3.2 Organisation and Billing Data
- Organisation name and details.
- Billing profile information (billing address, VAT/tax identification numbers).
- Payment information (processed via third-party payment providers — we do not store full credit card numbers).
- Invoice and transaction history.
3.3 Usage and Operational Data
- Resource consumption metrics (CPU, memory, bandwidth).
- Activity logs (API calls, infrastructure actions, login events).
- IP addresses used to access the Platform.
- Browser and device information when accessing the console or website.
3.4 Communications Data
- Support tickets and correspondence.
- Access request submissions (name, email, use case description).
- Feedback and survey responses.
3.5 Website Visitor Data
We may collect website visitor data to understand user behavior and improve the user experience. This data is used for analytics and to personalize content. We do not share this data with third parties for marketing purposes.
- Pages visited and interactions on bahriya.cloud and console.bahriya.cloud.
- Referral source.
- IP address and approximate geolocation (country/city level).
4. How We Use Personal Data
We process personal data for the following purposes:
| Purpose | Legal Basis (UAE Data Protection Law) |
|---|---|
| Providing and operating the Platform | Performance of a contract |
| Account creation and authentication | Performance of a contract |
| Billing, invoicing, and payment processing | Performance of a contract; legal obligation |
| Sending transactional emails (invitations, access codes, billing notifications) | Performance of a contract |
| Responding to support requests and communications | Performance of a contract; legitimate interest |
| Reviewing early access requests | Legitimate interest |
| Maintaining platform security and preventing abuse | Legitimate interest; legal obligation |
| Activity logging and audit trails | Legitimate interest; legal obligation |
| Improving the Platform and understanding usage patterns | Legitimate interest |
| Complying with UAE law, regulations, and court orders | Legal obligation |
We do not use personal data for automated decision-making or profiling that produces legal effects concerning you.
5. Customer Data (Workload Data)
Customer Data — including container images, application data, secrets, and environment variables — is processed solely to provide the Platform. We do not access, inspect, or use Customer Data except as necessary to operate the Platform, comply with law, or respond to support requests with the Customer's authorisation.
The Customer is the data controller for any personal data contained within Customer Data. The Company acts as a data processor for such data.
Requires legal review: If customers will process personal data of EU residents through the Platform, consider offering a Data Processing Agreement (DPA) compliant with GDPR Article 28. Similarly, review whether a DPA template is needed under the UAE Data Protection Law.
6. Data Sharing and Third Parties
We may share personal data with the following categories of recipients:
6.1 Service Providers
- Brevo (Sendinblue) — transactional email delivery (name, email address).
- Stripe — payment processing (billing and payment details).
- Floxum — hub hosting (IP addresses, name, email address).
6.2 Legal and Regulatory
We may disclose personal data when required by UAE law, regulation, legal process, or enforceable governmental request.
6.3 Business Transfers
In connection with a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity, subject to the same privacy commitments.
We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.
7. International Data Transfers
The Platform operates infrastructure in multiple countries, including Germany, Finland, the United States, and Singapore. Personal data and operational data may be transferred to and processed in these jurisdictions.
Where personal data is transferred outside the UAE, we ensure that appropriate safeguards are in place in accordance with the UAE Data Protection Law, including ensuring that the recipient jurisdiction provides an adequate level of data protection or that appropriate contractual safeguards are applied.
8. Data Retention
We retain personal data for as long as necessary to fulfil the purposes described in this policy:
- Account data: retained for the duration of your account and for at least 30 days after deletion to allow data export.
- Billing and transaction data: retained for the period required by UAE tax and commercial law (currently a minimum of 5 years).
- Activity logs: retained for up to 12 months for security and operational purposes.
- Support correspondence: retained for 24 months after resolution.
- Website visitor data: retained for up to 12 months.
After the retention period, personal data is securely deleted or anonymised.
9. Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
- Encryption of data in transit (TLS) and at rest (AES-256 for secrets and sensitive data).
- Role-based access controls with separate authentication realms for users and administrators.
- Activity logging and audit trails for infrastructure-affecting actions.
- Regular security assessments of infrastructure and vendor supply chain.
- DDoS protection at the network edge.
No system is completely secure. While we take reasonable measures, we cannot guarantee absolute security of personal data.
10. Your Rights
Under the UAE Data Protection Law, you have the following rights regarding your personal data:
- Right of access: request a copy of the personal data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete personal data.
- Right to erasure: request deletion of your personal data, subject to legal retention obligations.
- Right to restrict processing: request that we limit how we use your personal data.
- Right to data portability: request your personal data in a structured, machine-readable format.
- Right to object: object to processing based on legitimate interest.
To exercise any of these rights, contact us at the email address provided below. We will respond within 30 days.
11. Children's Privacy
The Platform is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly.
12. Cookies and Tracking
The Platform uses essential cookies for authentication and session management. These cookies are strictly necessary for the Platform to function and cannot be disabled.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated with at least 30 days' notice via email or through the Platform. The "Last updated" date at the top of this page indicates when the policy was last revised.
14. Complaints
If you believe your personal data has been processed in violation of the UAE Data Protection Law, you have the right to lodge a complaint with the UAE Data Office.
15. Contact
For questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:
Mamluk LLC
Sharjah Media City, Sharjah, UAE
Email: hello@bahriya.cloud