Privacy Policy

1. Who we are

AmniZen AI (“we”, “us”, or "our") is a global technology services company headquartered in New Jersey, with offices in Sharjah, Berlin, Pune and Bangalore. We provide AI adoption, Microsoft Business Application implementation, and managed services to enterprise clients.

For data-protection questions, contact our Data Protection Officer at info@amnizen.com.

2. What data we collect

We collect only the personal data necessary to deliver our services and run our business:

• Contact information — name, email, phone, job title, company name (submitted via forms, email, or contract negotiations).
• Professional context — industry, use-case details, infrastructure landscape (to scope engagements).
• Service usage data — support tickets, project artifacts, and environment health metrics processed under managed-service agreements.
• Website analytics — anonymised page-view and interaction data (IP addresses are truncated).
• Recruitment data — CVs, cover letters, and interview notes submitted through our careers portal.

We do not collect special-category data (health, biometrics, political opinions, etc.) unless strictly required by law and with explicit consent.

3. Lawful basis for processing

Under GDPR Article 6, we process personal data on one or more of these lawful bases:

• Contractual necessity — to perform our services or prepare a quote.
• Legitimate interests — network security, fraud prevention, and business analytics (balanced against your rights).
• Consent — marketing communications and optional cookies (you can withdraw consent at any time).
• Legal obligation — tax, accounting, and regulatory compliance.

4. How we use your data

Your data is used solely for:

• Delivering consulting, implementation, and managed-services engagements.
• Communicating project status, support updates, and contractual matters.
• Improving our services through aggregated, anonymised analytics.
• Complying with legal, tax, and regulatory obligations.
• Sending relevant industry insights (only with your consent, and always with an unsubscribe link).

5. Data sharing and subprocessors

We do not sell your personal data. We share it only with:

• Trusted service providers — cloud hosting, CRM, email, and support platforms bound by GDPR-compliant Data Processing Agreements (DPAs).
• Microsoft and AI platform partners — strictly for integration and delivery purposes under our own client agreements.
• Legal authorities — only when required by applicable law or court order.

A current list of subprocessors is available on request.

6. International transfers

We operate across the United States, UAE, Germany, and India. Where personal data is transferred outside the European Economic Area (EEA), we rely on:

• EU Standard Contractual Clauses (SCCs) with appropriate supplementary measures.
• Adequacy decisions (where recognised by the European Commission).
• Binding Corporate Rules (BCRs) for intra-group transfers.

7. Data retention

We keep personal data only as long as necessary:

• Active clients — for the duration of the contract plus any statutory retention period.
• Prospects — up to 24 months after the last meaningful interaction, then securely deleted or anonymised.
• Recruitment candidates — 12 months unless you request deletion earlier.
• Legal/tax records — as required by applicable law (typically 6–10 years).

8. Your GDPR rights

If you are in the EEA, UK, or another jurisdiction with equivalent protections, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure (“right to be forgotten”) — request deletion where there is no overriding legal basis to retain it.
• Restriction — limit processing in certain circumstances.
• Data portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests or direct marketing.
• Withdraw consent — at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any right, email info@amnizen.com. We respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

9. Security measures

We implement enterprise-grade security: AES-256 encryption at rest and TLS 1.3 in transit; role-based access control (RBAC); multi-factor authentication (MFA); annual penetration testing; and ISO 27001-aligned security management. All staff complete data-protection training.

10. Cookies and tracking

Our site uses only essential cookies and anonymised analytics. We do not employ third-party advertising trackers. You can manage cookie preferences through your browser settings.

11. Changes to this policy

We may update this policy to reflect legal or operational changes. Material changes will be notified by email (where we have your address) or a prominent banner on our website.