Privacy Policy

Effective Date: 15 Dec 2023

Table of Contents

  • • Introduction and Legal Framework
  • • Information Collection and Usage
  • • Data Processing and Protection
  • • Information Sharing and Third-Party Processors
  • • Data Retention and Deletion
  • • User Rights
  • • Contact and Grievance Redressal
  • • International Data Transfers
  • • Data Breach Notification
  • • Disclaimer

A. Introduction and Legal Framework

This Privacy Policy is governed by UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection and related regulations, including DIFC Data Protection Law. As an educational consulting service provider, Clyra Technologies Ltd ("we," "us," or "our") is committed to protecting your privacy and ensuring transparent data practices.

Minimum Age & Children's Data

  • Minimum age to use the platform: 16 years
  • Users under 16 are blocked from registration
  • Users aged 16-17 receive enhanced safeguards:
    • No targeted advertising
    • Limited data collection
    • Easy and fast account deletion
  • Age verification is enforced at registration

B. Information Collection and Usage

1. Information We Collect:

  • Identity data: name, email
  • Academic data: year of study, date of birth (for age verification)
  • Account data: preferences, settings
  • User-generated content: uploaded files, text
  • Usage data: feature usage, timestamps
  • Payment metadata: transaction IDs, invoices (no card data stored)

Note: We do not collect sensitive personal data such as health information, religious beliefs, biometric data, or political views.

2. Purpose of Collection:

  • Account creation and authentication
  • AI-powered content processing
  • Platform security and fraud prevention
  • Customer support
  • Billing and compliance obligations
  • Analytics (pseudonymised only)

3. Technical Information:

  • Cookies and similar technologies
  • Log information
  • Device information
  • Usage patterns

C. Data Processing and Protection

1. Data Security:

We implement comprehensive security safeguards to protect your data:

  • Encryption at rest: AES-256 encryption for stored data
  • Encryption in transit: TLS 1.2+ / TLS 1.3 for data transmission
  • Role-based access control (RBAC): Access restricted to authorized personnel only
  • Audit logging: Comprehensive logging of all data access and modifications
  • Breach detection and response: Automated monitoring and incident response mechanisms
  • Regular security audits and assessments
  • Staff training on data protection and security best practices

2. Cookie Policy:

  • Essential cookies for website functionality
  • Analytics cookies (with user consent)
  • Preference cookies
  • Users may disable cookies through browser settings

D. Information Sharing and Third-Party Processors

We share information only in these circumstances:

  • With your explicit consent
  • For service delivery purposes with:
    • Educational institutions (as part of consulting services)
    • Payment processors
    • Technology service providers
  • Legal requirements under UAE law
  • Protection of our legal rights

Third-Party Processors

We use the following third-party service providers to process your data:

  • AWS – hosting and infrastructure
  • OpenAI – AI processing
  • Anthropic – AI processing
  • Stripe – payments
  • Mixpanel – analytics (pseudonymised)

Important disclosures:

  • Data is processed transiently by these providers
  • User data is not used to train AI models
  • Only minimum necessary data is shared with processors
  • All processors are bound by data processing agreements (DPAs) and Standard Contractual Clauses

E. Data Retention and Deletion

Retention Period:

We retain data for specific, defined periods as outlined below:

Data CategoryRetention Period
Uploaded content12 months
Closed account dataDeleted after 30 days
System & security logs90 days
Analytics (aggregated/anonymised)24 months
Payment records7 years (managed by Stripe)

Data Deletion:

  • Submit requests to datadel@heyclyra.com
  • Subject line: "Data Deletion Request - [Your Email]"
  • Processing time: 30 days from verification of your request
  • We will delete or irreversibly anonymize personal data unless retention is required to meet legal, regulatory, fraud-prevention, or billing obligations
  • Exceptions: Legal requirements and legitimate business needs

F. User Rights

Under UAE law and DIFC Data Protection Law, you have the right to:

  • Access your personal data
  • Download your data (JSON / machine-readable format)
  • Correct inaccurate data
  • Delete your account
  • Withdraw consent
  • Data portability
  • Request a copy of your tracking and usage data; we will provide an export (Excel or PDF) to your verified email

Response timeline: We will respond to your requests within 30 days of verification.

Contact: To exercise these rights, please contact us at privacy@heyclyra.com. We will verify your identity before fulfilling the request.

G. Contact and Grievance Redressal

1. Primary Contact:

  • Email: support@heyclyra.com
  • Response time: 24 hours

2. Grievance Officer:

  • Name: Rohit Singh
  • Email: privacy@heyclyra.com
  • Address: Clyra Technologies Ltd, First Floor, Innovation One, DIFC, Dubai, UAE 74777.
  • Response time: 48 hours

H. International Data Transfers

Your data is stored and processed only in US and EU regions. We do not store or process any data in India or other jurisdictions outside of US/EU regions. All international data transfers are protected by:

  • Data Processing Agreements (DPAs) with all processors
  • Standard Contractual Clauses (SCCs) as required by applicable data protection laws
  • Adequate safeguards as required under DIFC Data Protection Law

I. Data Breach Notification

In the event of a data breach that may affect your personal data, we commit to:

  • Notify affected users without undue delay after becoming aware of the breach
  • Notify the DIFC Commissioner at dp@difc.ae as required by law
  • Provide clear information about the nature of the breach, data affected, and steps being taken to address it
  • Offer guidance on protective measures users can take

J. Disclaimer

Service Limitations:

  • Information accuracy is dependent on user input
  • Educational institution decisions beyond our control
  • Technical service interruptions are possible

Third-Party Links:

  • Not responsible for external websites
  • Separate privacy policies may apply
  • User discretion advised

Liability:

  • Limited as per UAE law
  • Force majeure provisions apply
  • User responsibility for data accuracy

Updates to Privacy Policy

We reserve the right to update this policy in compliance with UAE laws. Users will be notified of significant changes through:

  • Email notification
  • Website announcement
  • Service application notice

Last Updated: 27 Jan 2026

Questions about privacy?

We're here to help. Contact our support team for any privacy-related questions or concerns.

Contact SupportBack to Home