1. Legal Framework and Jurisdiction

This Privacy Policy is governed by Egyptian Law No. 151 of 2020 on the Protection of Personal Data ("PDPL") and its implementing regulations. Any disputes arising from this Privacy Policy shall be subject to Egyptian law and the jurisdiction of Egyptian courts.

Tasawom LLC acts as a Data Controller for personal data processed through our Platform. Where we engage third-party service providers to process data on our behalf (Data Processors), we ensure appropriate Data Processing Agreements are in place as required by the PDPL.

Introduction

We, Tasawom LLC, organized and existing under the laws of Egypt with commercial registration [NUMBER] having its registered address at [ADDRESS], Egypt ("us", "we", "our") respect the privacy of all our users and are committed to protecting personal data collected through our Strategic Business Suite platform and its associated services (collectively, the "Platform").

This privacy policy ("Privacy Policy") sets out the basis on which we collect and use any of your personal data in connection with your access and use of the Platform or any services provided by us. We understand the importance you place on your personal data, and we are committed to protecting and respecting your privacy. Please read the following Privacy Policy carefully to understand our practices regarding your personal data.

By using the Platform and Services, you agree to the collection and handling of your personal data in accordance with this Privacy Policy. References to "user", "you" or "your" (or similar) are references to you as an individual or legal entity as the case may be.

The Platform may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices/statements. When you leave our Platform, we encourage you to read the privacy notice of every website you visit.

Cookie Management

Our platform uses cookies and similar technologies to enhance your experience and provide essential functionality. We categorize our cookies as follows:

Essential Cookies

These cookies are necessary for the platform to function and cannot be switched off. They include:

• Authentication cookies to keep you signed in
• Security cookies to prevent unauthorized access
• Basic platform functionality cookies

Optional Cookies

These cookies help us improve our services and provide enhanced functionality. They include:

• Analytics cookies to understand usage patterns
• Preference cookies to remember your settings
• Performance cookies to optimize platform speed

Managing Your Cookie Preferences

You can manage your cookie preferences in several ways:

• Using our cookie consent banner when you first visit the platform
• Adjusting your browser settings to block or delete cookies
• Contacting us to update your preferences

Please note that blocking essential cookies may affect the platform's basic functionality and your ability to use certain features.

2. Information We Collect

We collect your Personal Data to provide our Strategic Business Suite platform and AI-powered business strategy services. Personal Data refers to any information that can identify you as an individual. We collect, process, and protect the following types of data:

2.1 Account and Business Information

• Identity Data: Name, business role, company information
• Contact Data: Business email, phone number, company address
• Authentication Data: Login credentials (securely hashed), account preferences

2.2 Business Strategy Data

• Strategic Planning Data: Business models, strategic frameworks, market analysis
• Performance Metrics: KPIs, business goals, performance data
• Industry Data: Market information, competitive analysis, industry trends
• Generated Strategies: AI-generated recommendations, strategy iterations

2.3 Platform Usage Data

• Interaction Data: How you use our platform features and AI tools
• Technical Data: Browser information, device details, IP address
• Session Data: Login patterns, feature usage, preferences

3. How We Use Your Data

We use your data for the following purposes:

3.1 Core Service Provision

• Generate AI-powered business strategies and recommendations
• Provide strategic planning and analysis tools
• Facilitate communication with users
• Analyze usage patterns to improve the Service
• Maintain and improve our AI models
• Ensure platform security and performance

3.2 Service Enhancement

• Improve our AI recommendations using anonymized data
• Enhance platform features based on usage patterns
• Develop new strategic planning tools
• Optimize user experience and interface

3.3 Communication

• Send important platform updates and notifications
• Provide customer support and assistance
• Share relevant business insights and resources
• Communicate about new features and improvements

4. Data Protection in AI Processing

Our platform uses artificial intelligence to analyze business data and generate strategic recommendations. Here's how we protect your data in AI processing:

• Data Anonymization: Business data is anonymized before being used to train our AI models
• Secure Processing: All AI processing occurs in secure, encrypted environments
• Access Controls: Strict controls on who can access AI training data and models
• Transparency: Clear documentation of how AI makes recommendations
• Human Oversight: Regular review of AI processes and decisions

5. Business Data Security

We understand the sensitivity of your business strategy data and implement robust security measures:

• End-to-end encryption of strategy documents and data
• Regular security audits and penetration testing
• Multi-factor authentication options
• Secure backup and disaster recovery systems
• Regular security training for our team

6. How We Collect Your Data

We collect your Personal Data through the following means:

Direct Collection

• When you register on our Platform
• When you make payments or request refunds
• When you participate in surveys or provide feedback
• When you contact our support team
• When you use our Platform's features and services

Indirect Collection

• From our service providers and partners
• Through your interactions with us on other platforms
• From payment service providers

Automatic Collection

We automatically collect certain data through cookies and similar technologies. You can control cookie settings through your browser preferences. However, disabling cookies may limit your ability to use certain features of our Platform.

Legal Basis for Processing

We process your Personal Data under the following specific legal bases:

Performance of Contract

• Account creation and management
• Providing access to platform features
• Processing payments and subscriptions
• Sending essential service notifications

Legitimate Interests

Following our Legitimate Interests Assessment (LIA), we process data for:

• Generating AI-powered business strategies (to improve service quality)
• Analytics and performance monitoring (to maintain service stability)
• Security monitoring (to protect our platform and users)
• Product improvement (to enhance user experience)

Explicit Consent

We obtain your explicit opt-in consent for:

• Marketing communications
• Cookie usage (except essential cookies)
• Processing of sensitive business data
• Personalized recommendations

You can withdraw your consent at any time through:

• Your account privacy settings at settings.tasawom.com/privacy
• Emailing our Data Protection Officer at privacy@tasawom.com
• Using the "unsubscribe" link in our communications

Data Breach Notification

In the event of a personal data breach, we will:

• Notify the Egyptian Data Protection Authority within 72 hours of becoming aware of the breach, or immediately if the breach relates to national security
• Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
• Provide information about the nature of the breach, its likely consequences, and measures taken to address the breach and mitigate its effects
• Document all breaches, including the facts, effects, and remedial actions taken

Children's Data

Our Platform is not intended for use by individuals under the age of 18 ("Children"). We do not knowingly collect personal data from Children. If you become aware that a Child has provided us with personal data, please contact us immediately. If we become aware that we have collected personal data from Children without verification of parental consent, we will take steps to remove that information from our servers.

Data Protection Officer

We are in the process of appointing a Data Protection Officer (DPO) in accordance with Egyptian Law No. 151 of 2020 on the Protection of Personal Data. In the meantime, all inquiries regarding data protection, including requests to exercise your rights under the law, should be directed to:

Email: privacy@tasawom.com

Address:
Tasawom LLC [Egypt Address]

Once appointed, our DPO will be responsible for monitoring compliance with data protection regulations, conducting internal audits, providing advice on data protection impact assessments, and acting as the primary point of contact for data protection matters. We will update this Privacy Policy with the DPO's contact information as soon as the appointment is made.

8. Your Privacy Rights

Under Egyptian Data Protection Law, you have the following rights:

• Right to Access: Request a copy of your personal data and information about how we process it
• Right to Correction: Request correction of inaccurate or incomplete personal data
• Right to Deletion: Request deletion of your personal data when it's no longer necessary or if you withdraw consent
• Right to Object: Object to processing based on legitimate interests, including profiling, and for direct marketing
• Right to Restrict Processing: Request limiting how we use your data while we consider your other rights
• Right to Data Portability: Request a copy of your data in a structured, commonly used, machine-readable format
• Right to Withdraw Consent: Withdraw previously given consent for specific processing activities

How to Exercise Your Rights

You can exercise your rights in the following ways:

• Email Request: Send your request to privacy@tasawom.com
• Account Settings: Use the privacy settings in your account dashboard
• Written Request: Send a letter to our registered address

To protect your privacy, we may need to verify your identity before processing your request. We will respond to all legitimate requests within 20 working days as required by Egyptian law. In complex cases, we may extend this period by an additional 20 working days, but we will inform you of any such extension within the initial 20-day period.

You will not have to pay a fee to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Egyptian Data Protection Authority.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data during transmission
• Secure password hashing
• Regular security audits
• Access controls and authentication measures
• Compliance with Payment Card Industry Data Security Standard (PCI DSS)

10. International Data Transfers

We may transfer your personal data to countries outside Egypt. When we do so, we ensure appropriate safeguards are in place to protect your data:

• Standard Contractual Clauses: We use approved contractual clauses to protect data transferred internationally
• Data Protection Agreements: We ensure our service providers commit to protecting your data according to Egyptian law
• Privacy Shield: When applicable, we work with US-based providers certified under the Privacy Shield framework
• Data Localization: Where required by law, we store certain data types on servers located in Egypt

Countries where your data may be transferred to include:

• United States (for cloud services and AI processing)
• European Union (for backup and disaster recovery)
• United Kingdom (for analytics and support services)

You can request information about the specific safeguards applied to the export of your data by contacting our Data Protection Officer.

11. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods are as follows:

• Account Information: Retained for the duration of your account plus 30 days after account deletion
• Business Strategy Data: Retained for 5 years from last modification, unless explicitly deleted by you
• Usage Data: Retained for 2 years
• Communication Records: Retained for 3 years from last interaction
• Cookie Data: Session cookies are deleted when you close your browser; persistent cookies last up to 12 months

After the retention period expires, your data is securely deleted or anonymized. You can request earlier deletion through your account settings or by contacting us.

Changes to Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. Significant changes will be communicated via email if we have your contact information.

12. Contact Us

For any questions about this Privacy Policy or our data practices, including data protection inquiries, please contact us at:

privacy@tasawom.com

Tasawom LLC [Egypt Address]