Applicable Law  Yasi One is a global service, accessible to users worldwide. This Privacy Notice is primarily governed by the UAE Federal Decree by Law No. (45) of 2021 on the Protection of Personal Data (UAE PDPL), which applies because AIONSENTIA INNOVATION AND ARTIFICIAL INTELLIGENCE – L.L.C is established in Abu Dhabi, United Arab Emirates, and processes personal data of individuals in the UAE and worldwide. Compliance with the UAE PDPL constitutes the baseline standard. In addition, the General Data Protection Regulation (EU) 2016/679 (GDPR) applies to the processing of personal data of individuals located in the European Economic Area, by virtue of its extra-territorial scope (Art. 3 GDPR). The relevant provisions applicable by jurisdiction are set out in the Appendix to this Notice. Depending on your country or state of residence, additional data protection rights or disclosure requirements may apply under applicable local law. The relevant provisions are set out in the Appendix to this Notice. In particular: •          Users in the UAE and Gulf region: the UAE Federal Decree by Law No. (45) of 2021 on the Protection of Personal Data (UAE PDPL) applies as the primary applicable framework. Where users are located in the ADGM free zone, the ADGM Data Protection Regulations 2021 may also apply. •          Users in the United Kingdom: the UK GDPR and the Data Protection Act 2018 apply. Users in the UK may lodge complaints with the Information Commissioner’s Office (ICO) at ico.org.uk. •          Users in the United States: there is no single federal privacy law of general application in the United States. AIONSENTIA applies the UAE PDPL and GDPR as its baseline standards, which provide a level of protection consistent with or exceeding applicable US state privacy laws. To the extent that specific US state privacy laws apply, AIONSENTIA will comply with those requirements. For enquiries, contact compliance@aionsentia.com indicating your state of residence. •          Users in other jurisdictions may have additional rights under applicable local law. For jurisdiction-specific enquiries, contact us at compliance@aionsentia.com indicating your country of residence.

 

1. Who we are

This Privacy Notice is issued by AIONSENTIA INNOVATION AND ARTIFICIAL INTELLIGENCE – L.L.C (“AIONSENTIA”, “we”, “us”, “our”), a limited liability company incorporated under the laws of the United Arab Emirates, with registered offices in Abu Dhabi.

AIONSENTIA is the Data Controller of your personal data within the meaning of Article 1 of the UAE Federal Decree by Law No. (45) of 2021 (UAE PDPL) and, where applicable, Article 4(7) GDPR. This means we are responsible for deciding how and why your personal data is processed and for ensuring that it is handled in accordance with applicable data protection law.

 

Data Controller	AIONSENTIA INNOVATION AND ARTIFICIAL INTELLIGENCE – L.L.C
Registered address	Al Tunoub Street, Al Hisn, W5, Abu Dhabi, United Arab Emirates
Commercial Licence No.	CN-64138214
Data Protection Officer
Privacy contact	compliance@aionsentia.com
Website	www.aionsentia.com
Last updated	June 2026

 

For questions or requests regarding your personal data, or to exercise any of the rights described in Section 9, please contact us at compliance@aionsentia.com.

2. Scope of this notice

This Privacy Notice applies to all users who access the Yasi One application or visit the website www.aionsentia.com, regardless of their country or state of residence. Depending on your jurisdiction, additional rights or disclosure requirements may apply under applicable local law, as set out in the Appendix.

This Notice applies to:

•          Users who register for and use the Yasi One application, available as a web app and as a mobile application for iOS and Android devices;

•          Visitors to the institutional website www.aionsentia.com, including individuals who submit enquiries through the contact form.

This Notice does not apply to third-party websites or services accessible via external links from Yasi One. We encourage you to read the privacy policies of any third-party services you access.

Use of Yasi One is reserved exclusively for adults who have reached the age of majority under the law applicable to them and who have the legal capacity to enter into binding contracts. If we become aware that an Account is being used by a minor, we may suspend or deactivate it.

3. Personal data we process

The following sections describe the categories of personal data we collect, the purposes for which we use it, the legal basis for processing under the UAE PDPL and, where applicable, the GDPR, and the applicable retention approach.

3.1 Categories of personal data

Depending on how you interact with Yasi One, we process the following categories of personal data:

•          Account and identity data: full name, email address, username, password (hashed), country of residence, date of birth, gender, language preferences, and — where applicable for invoicing purposes — billing address and tax identification details.

•          Authentication and security data: IP address, device type and identifier, operating system version, session token, and access logs generated during login and use of the platform.

•          Search queries and conversation history: text queries submitted to the AI search, voice inputs (converted to text and retained for the duration of the Account), geolocation data (only where explicitly enabled), search history and blacklisted sources.

•          User-uploaded content: files and documents (PDF, DOCX, PPTX, XLSX, TXT, code files), images, and audio files uploaded to My Files or submitted for processing via Quick Actions (Summarise, Translate, Transcribe, Describe). Quick Actions may be activated on: (a) content directly uploaded by the User within Yasi One — this content is stored within the User's account; and (b) content shared from third-party applications (such as voice messages from WhatsApp or Telegram) directly into Yasi One via the device's native sharing functionality — this content is processed solely to generate the requested output and is not stored within the User's account. Also includes text prompts and reference images submitted for Image Mode, and prompts and style inputs submitted for Music Mode.

•          Generated outputs: AI-generated search summaries, Quick Action outputs (transcriptions, translations, summaries, image descriptions), images stored in My Gallery, and musical compositions stored in My Music.

•          Payment and transaction data: subscription plan, Yasi Credits balance, transaction history, transaction date and amount. Payment card data is processed exclusively by Stripe, our payment service provider, acting as data processor. Payment collection is managed on AIONSENTIA's behalf by Synapsia S.r.l. (Italy). Payment card data is not stored by AIONSENTIA.

•          Support and communications data: email address, name and content of support requests, and communication preferences (marketing opt-in/opt-out).

•          Website contact form data: name, email address and message content submitted through the contact form on www.aionsentia.com

•          Usage and technical metadata: session duration, type of service used, volume of requests, error logs and operational metrics generated by normal use of the platform.

3.2 Special categories of personal data

Yasi One is a general-purpose AI tool. We do not intentionally collect special categories of personal data (such as health information, religious or political beliefs, racial or ethnic origin, or sexual orientation). However, because some features involve user-generated content, such data could appear incidentally in content you enter or upload. Where this occurs, we process it solely to provide the service you have requested and do not use it for any other purpose.

You are expressly prohibited from uploading or sharing criminal conviction data or judicial data relating to identified or identifiable third parties.

Note on voice and audio data: voice inputs submitted for AI search are processed on our servers and converted to text by our AI processing infrastructure. Both the original audio recording and the resulting text transcript are retained for the duration of the Account, unless deleted earlier by the User.

3.3 Purposes, legal bases and retention

The table below sets out the purposes for which we process personal data, the legal basis under the UAE PDPL and, where applicable, the GDPR, and the applicable retention approach.

 

Purpose	Legal Basis (UAE PDPL / GDPR)	Retention
Account creation, authentication and subscription management	Art. 4(9) UAE PDPL — necessary to perform a contract; Art. 6(1)(b) GDPR — performance of contract.	Duration of Account + 3 years after termination. Accounting records retained as required by applicable law.
Providing AI-powered search, Quick Actions, Image Mode, Music Mode, My Files — core service delivery	Art. 4(9) UAE PDPL — necessary to perform a contract; Art. 6(1)(b) GDPR — performance of contract. For special categories processed incidentally: Art. 6 UAE PDPL — consent; Art. 9(2)(a) GDPR — explicit consent, where required.	Duration of Account. Content uploaded directly to Yasi One (My Files, Quick Actions): retained until deleted by the User or Account closure. Content shared from third-party applications via Quick Actions (e.g. WhatsApp/Telegram voice messages): processed solely to generate the output, not stored. Generated outputs retained until Account closure.
Geolocation for search result relevance	Art. 6 UAE PDPL — consent; Art. 6(1)(a) GDPR — consent. Enabled only where explicitly activated by the user; can be disabled at any time.	Duration of the active session or until consent is withdrawn.
Payment processing and Yasi Credits management	Art. 4(9) UAE PDPL — necessary to perform a contract; Art. 4(9) UAE PDPL — necessary to perform a contract; Art. 6(1)(b) GDPR — performance of contract. Art. 4(10) UAE PDPL — legal obligation; Art. 6(1)(c) GDPR — legal obligation (accounting/tax).	Transaction records and Credits ledger retained for the period required by applicable accounting and tax law.
Customer support	Art. 4(9) UAE PDPL — necessary to perform a contract; Art. 6(1)(b) GDPR — performance of contract.	For the period necessary to resolve the request and manage follow-up, subject to applicable legal requirements.
Responding to website contact form enquiries	Art. 4(7) UAE PDPL — necessary to protect the interests of the Data Subject (ensuring prompt response to user-initiated contact); Art. 6(1)(f) GDPR — legitimate interests (responding to inbound enquiries).	Up to 24 months from receipt, unless an ongoing relationship develops.
Transactional service communications (account notifications, subscription status)	Art. 4(9) UAE PDPL — necessary to perform a contract; Art. 6(1)(b) GDPR — performance of contract.	Duration of Account.
Marketing and promotional communications	Art. 6 UAE PDPL — consent; Art. 6(1)(a) GDPR — consent. You can withdraw consent at any time via the unsubscribe link or by contacting compliance@aionsentia.com.	Until consent is withdrawn.
Platform security, fraud prevention, abuse detection and integrity monitoring	Art. 6(1)(f) GDPR — legitimate interests (ensuring platform security and protecting users). Art. 4(10) UAE PDPL — legal obligation; Art. 6(1)(c) GDPR — legal obligation, where applicable.	Access and security logs: minimum period necessary to detect and investigate incidents. Usage metadata: duration of Account.
Technical support, service quality improvement and operational monitoring (by authorised team members)	Art. 4(7) UAE PDPL — necessary to protect the interests of the Data Subject (platform security, fraud prevention); Art. 6(1)(f) GDPR — legitimate interests (maintaining a secure, reliable and compliant service).	As per the underlying data category (search history, conversation data, usage metadata).
Compliance with legal obligations and handling of lawful authority requests	Art. 4(10) UAE PDPL — legal obligation; Art. 6(1)(c) GDPR — legal obligation.	For the period required by the applicable legal obligation.
Handling notices, reports, complaints and moderation or enforcement actions	Art. 4(7) UAE PDPL — necessary to protect the interests of the Data Subject; Art. 4(7) UAE PDPL — necessary to protect the interests of the Data Subject; Art. 6(1)(f) GDPR — legitimate interests. Art. 4(10) UAE PDPL / Art. 6(1)(c) GDPR — legal obligation, where applicable.	For the period necessary to assess and manage the notice or complaint. Thereafter, for the period necessary to comply with applicable legal obligations and/or establish, exercise or defend legal claims.
Communication of personal data to third-party partner controllers (where consent has been given)	Art. 6 UAE PDPL — consent; Art. 6(1)(a) GDPR — consent. Collected separately at registration. May be withdrawn at any time without affecting access to the Service.	Until consent is withdrawn. Upon withdrawal, no further communication takes place; data already transferred to third-party controllers is subject to their own retention policies.
Establishing, exercising or defending legal claims	Art. 6(1)(f) GDPR — legitimate interests.	Duration of the relevant claim or dispute and applicable statutory limitation period.

 

Automated decision-making

You have the right not to be subject to a decision based solely on automated processing that produces legal effects or significantly affects you (Art. 18 UAE PDPL; Art. 22 GDPR). AIONSENTIA does not make decisions of this nature. The automated mechanisms used by Yasi One (algorithmic source selection, content filtering, speech-to-text transcription) are functional processes necessary for service delivery and do not produce such effects.

When your Account is closed, we apply a structured deletion process: immediate pseudonymisation of directly identifying fields upon account closure request; permanent deletion of all data without a legal retention basis within 30 days; and elimination of residual backup copies within 65 days. You can delete specific content (search history, files in My Files) at any time from within the application; deleted content is permanently removed and cannot be recovered.

4. We do not train AI models on your data

AIONSENTIA does not use your personal data, your queries, your files or any other content you generate within Yasi One to train, fine-tune or improve AI models — whether our own or those of our technology providers.

The AI model providers we work with process your data solely to generate responses to your requests, on our instruction. For information on how specific providers handle data operationally — including any temporary logging for platform security and abuse prevention purposes — see Section 5.2.

AI-generated outputs are produced by AI systems and may not be accurate, complete or representative of the original content or source material. AIONSENTIA does not guarantee the accuracy, reliability or uniqueness of any AI-generated output. You are responsible for verifying information before relying on it.

5. Who has access to your data

5.1 Within AIONSENTIA and its partner

Access to personal data within AIONSENTIA is restricted on a need-to-know basis. We apply role-based access controls and log access to sensitive data.

Some members of our team, and authorised personnel of Synapsia S.r.l. (our Italian R&D and operations partner, acting as data processor on our behalf), may access data relating to how the platform is used, in the performance of functions relating to technical support, service quality improvement, abuse prevention and platform security.

In both cases, access is subject to internal authorisation controls, is logged, and is limited to what is necessary for the specific purpose. This access is necessary to protect the security and integrity of the service and the interests of our users (Art. 4(7) UAE PDPL — necessary to protect the interests of the Data Subject; Art. 6(1)(f) GDPR — legitimate interests of the Controller).

5.2 Third-Party service providers (Processors)

We share your personal data with third-party providers who process it on our behalf and on our instruction, solely for the purposes described in this Notice. These providers are contractually bound to process your data only as we direct, to maintain appropriate security measures, and not to use it for their own purposes.

 

Category	Purpose	Location
Cloud infrastructure and AI processing	Hosting, storage, AI model inference (text, voice, image generation)	United Arab Emirates (primary)
AI processing (web search and embeddings)	Web search results and content retrieval	European Union
AI processing (music generation)	Musical composition generation (Music Mode)	Singapore
Content delivery and network security (CDN/WAF)	Traffic routing, DDoS protection, web application firewall	Global (EU SCC in place)
Payment processing	Subscription and Yasi Credits transactions. Payment collection is managed on AIONSENTIA's behalf by Synapsia S.r.l. (Italy).	European Union / United States
Email and communications platform	Transactional and marketing email delivery	European Union
CRM and helpdesk	Support ticket management, account administration	European Union / United States
Web hosting	Hosting of the institutional website www.aionsentia.com	European Union (Lithuania)
Application development and maintenance	Technical development and support of the Yasi One platform	Italy (EU) — Synapsia S.r.l., acting as data processor

Where you have given your specific consent at registration, your name, email address and registration data may also be communicated to partner companies that promote or contribute to the distribution of Yasi One, acting as independent data controllers for their own managerial and promotional purposes. This communication is optional and does not condition access to the Service. You may withdraw consent at any time via compliance@aionsentia.com.

5.4 Authorities and legal obligations

We may disclose personal data to competent authorities, regulatory bodies or courts where required to do so by applicable law, by a binding court order, or by a lawful request from a public authority. In such cases, we will disclose only what is strictly required and, where permitted by law, we will notify the affected user.

6. International transfers of personal data

AIONSENTIA is incorporated in the United Arab Emirates and its primary processing infrastructure is located in the United Arab Emirates.

Where personal data is transferred outside the UAE to a country that has not been recognised as adequate by the UAE Data Bureau, we put in place appropriate safeguards in accordance with Articles 22–23 of the UAE PDPL. For transfers of personal data of EEA-based users to countries outside the EEA not recognised as adequate by the European Commission, we implement safeguards in accordance with Chapter V GDPR, including Standard Contractual Clauses (EU SCC 2021). Transfers to EEA Member States require no additional mechanism under the GDPR.

The main transfer scenarios are:

•          EEA → UAE (cloud infrastructure): EU SCC 2021 + Transfer Impact Assessment in place. Under the UAE PDPL, transfers to adequacy-recognised countries or under contractual safeguards (Art. 22–23 UAE PDPL) are permitted.

•          EEA → US (certain processors, including payment and CRM): EU SCC 2021 or EU-US Data Privacy Framework adequacy decision, as applicable.

•          UAE → EEA: no specific adequacy decision by the UAE Data Bureau is required; transfers are governed by the contractual safeguards described above, including EU SCC 2021.

For further information on the safeguards adopted for international transfers, please contact us at compliance@aionsentia.com.

7. How long we keep your data

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required or permitted by applicable law. When you close your Account, we apply a structured deletion process:

•          Immediate pseudonymisation of directly identifying fields upon account closure request.

•          Permanent deletion of all data without a legal retention basis within 30 days.

•          Elimination of residual backup copies within 65 days of the deletion date.

Certain data is retained beyond the period of active Account use where required by applicable law — for example, financial and accounting records, records required for legal proceedings, and the Yasi Credits transaction ledger. In these cases, the data is retained for the minimum period required and access is restricted to those with a legitimate need.

You can delete specific content (such as your search history or files in My Files) at any time from within the application. Deleted content is permanently removed and cannot be recovered.

8. How we protect your data

We apply technical and organisational security measures appropriate to the nature of the data we process. These include:

•          Encryption of data in transit and at rest on our primary cloud infrastructure.

•          Role-based access controls and multi-factor authentication for all personnel with access to production systems.

•          Separation of production and development environments.

•          Monitoring of system activity through our internal observability stack.

•          Regular penetration testing by an independent external provider.

•          A structured data breach detection and response procedure (see Section 10)..

9. Your Rights

Under the UAE PDPL (Articles 13–18) and, where applicable, the GDPR (Articles 15–22), you have the following rights in relation to your personal data:

 

Right	What this means
Access (Art. 13 UAE PDPL; Art. 15 GDPR)	You may request a copy of the personal data we hold about you.
Rectification (Art. 15(1) UAE PDPL; Art. 16 GDPR)	You may ask us to correct or update personal data that is inaccurate or incomplete.
Erasure (Art. 15(2) UAE PDPL; Art. 17 GDPR)	You may ask us to delete your personal data where it is no longer necessary for the purpose for which it was collected, subject to any overriding legal retention obligations.
Restriction (Art. 16 UAE PDPL; Art. 18 GDPR)	You may ask us to pause or limit the processing of your personal data in certain circumstances.
Objection (Art. 17 UAE PDPL — marketing/statistics; Art. 18 UAE PDPL — automated processing; Art. 21 GDPR)	You may object to processing based on our legitimate interests or for direct marketing purposes.
Data portability (Art. 14 UAE PDPL; Art. 20 GDPR)	You may request to receive your personal data in a structured, machine-readable format or to have it transmitted to another controller.
Withdraw consent (Art. 6(2) UAE PDPL; Art. 7(3) GDPR)	Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
Lodge a complaint (Art. 24 UAE PDPL; Art. 77 GDPR)	You have the right to lodge a complaint with the UAE Data Bureau. EU-based users may also lodge complaints with the supervisory authority of their country of residence or place of work within the EU.

 

To exercise any of these rights, please contact us at compliance@aionsentia.com. We may need to verify your identity before processing your request. We will respond within the timeframe required by applicable law. We do not charge a fee for requests unless they are manifestly unfounded or excessive.

In addition to the rights above, you can manage your data directly within the application, including deleting your search history, deleting files from My Files, and requesting Account closure.

10. Data breaches

We have in place procedures to detect, investigate and respond to personal data breaches. In the event of a breach that is likely to result in a risk to your rights and freedoms, we will notify the UAE Data Bureau in accordance with Article 9 of the UAE PDPL, and where applicable the competent EU supervisory authority (Art. 33 GDPR). Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly (Art. 9(2) UAE PDPL; Art. 34 GDPR).

11. Cookies and similar technologies

The Yasi One web application and the website www.aionsentia.com use cookies and similar technologies. A separate Cookie Policy, available at www.aionsentia.com/policies/ provides full details of the cookies used, their purpose, and how to manage your preferences.

Strictly necessary cookies are used to enable the core functionality of the application, including authentication and session management. They are set without requiring your consent. Other cookies are only set with your consent, which you can withdraw at any time through the cookie preference centre.

12. Changes to this notice

We may update this Privacy Notice from time to time to reflect changes in our practices, in the services we offer, or in applicable law. Where changes are material, we will notify you in advance through the application or by email to the address associated with your Account, in accordance with the General Terms and Conditions.

The date of the last update is shown at the top of this Notice. We encourage you to review it periodically.

13. Contact and complaints

For any questions or concerns regarding this Privacy Notice, or to exercise your data subject rights, please contact us:

 

Email	compliance@aionsentia.com
Post	AIONSENTIA INNOVATION AND ARTIFICIAL INTELLIGENCE – L.L.C, Al Tunoub Street, Al Hisn, W5, Abu Dhabi, United Arab Emirates
DPO

 

You also have the right to lodge a complaint with the UAE Data Bureau (uaedataoffice.ae). EU-based users may lodge complaints with the supervisory authority of their country of residence or place of work within the EU; a list of EU supervisory authorities is available at edpb.europa.eu.

Users in the UAE may lodge complaints with the UAE Data Bureau. Information on how to do so is available on the UAE Data Office website at uaedataoffice.ae.

Appendix — Jurisdiction-Specific Provisions

Additional rights and disclosures applicable in specific regions

A. United Arab Emirates (UAE Federal Decree by Law No. 45/2021 — UAE PDPL)

AIONSENTIA is established in Abu Dhabi, United Arab Emirates (mainland). The primary applicable data protection framework is the UAE Federal Decree by Law No. (45) of 2021 on the Protection of Personal Data (UAE PDPL). This Notice is designed to satisfy the transparency requirements of the UAE PDPL. The GDPR applies in addition for users located in the European Economic Area, by virtue of its extra-territorial scope (Art. 3 GDPR).

Users in the UAE may lodge complaints with the UAE Data Bureau (UAE Data Office). Information on how to do so is available on the UAE Data Office website at uaedataoffice.ae.

International transfers from the UAE to countries outside the UAE are governed by Articles 22–23 of the UAE PDPL and the safeguards described in Section 6 of this Notice. Transfers of EEA-user data are additionally subject to Chapter V GDPR requirements as described in Section 6.

B. United Kingdom (UK GDPR)

Where Yasi One is accessed by users located in the United Kingdom, the UK GDPR and the Data Protection Act 2018 apply. The rights and obligations described in this Notice apply equally to UK users, with references to the GDPR to be read as references to the UK GDPR where the context requires.

Users in the UK may lodge complaints with the Information Commissioner’s Office (ICO) at ico.org.uk.

International transfers from the UK to the UAE are subject to UK adequacy regulations or International Data Transfer Agreements (IDTAs), as applicable.

D. United States

There is currently no single federal privacy law of general application in the United States. Privacy rights for US residents are governed at the state level and vary depending on the state of residence. Certain states — including California, Virginia, Colorado, Connecticut, and Texas — have enacted comprehensive privacy laws that may grant residents additional rights with respect to their personal data, such as the right to know, the right to delete, the right to correct, the right to opt out of the sale or sharing of personal data, and the right to non-discrimination for exercising privacy rights.

AIONSENTIA applies the UAE PDPL and GDPR as its baseline standards, which provide a level of protection consistent with or exceeding the requirements of applicable US state privacy laws for all users, regardless of their state of residence. To the extent that specific US state privacy laws apply to AIONSENTIA's processing activities, AIONSENTIA will comply with those requirements. Users located in the United States who wish to exercise rights under applicable state law, or who have questions about how their data is handled, may contact us at compliance@aionsentia.com indicating their state of residence.

D. Other Jurisdictions

Users in other jurisdictions may have additional rights under applicable local law. For jurisdiction-specific enquiries, please contact us at compliance@aionsentia.com indicating your country of residence. We will assess applicable requirements and respond accordingly.