Privacy Policy

We may collect the following categories of information: • Account Information: Name, email address, organization, job title, and password when you register. • Usage Data: Pages visited, features used, session duration, browser type, operating system, and IP address. • Content Data: Legal queries, documents, and contracts you submit or generate through the platform. • Payment Information: Billing details processed securely through our payment providers (we do not store card numbers). • Communication Data: Messages you send to our support team or through demo booking forms. • Microsoft Word Add-in Data: Text selections, document content fragments, and metadata that you explicitly send to Malakah for processing. No document data is accessed without your direct action.

We use collected information to: • Provide, operate, and improve our legal AI services. • Personalize your experience and remember your preferences. • Process transactions and send related billing notices. • Respond to inquiries, support requests, and scheduled demos. • Send service announcements, security alerts, and product updates (you may opt out at any time). • Analyze usage patterns to enhance platform performance and accuracy. • Comply with applicable legal obligations.

Malakah's Microsoft Word Add-in (the "Add-in") integrates with Microsoft Word to deliver AI-powered legal assistance directly inside your documents. The following practices apply specifically to the Add-in: • Data Access: The Add-in accesses the document content you submit for review (paragraph text and structural metadata) when you explicitly trigger an action. It does not read or process your document in the background. • Data Transmission: Content you submit is transmitted over an encrypted HTTPS connection to Malakah's servers for AI processing. • No Advertising Use: Data originating from your Word documents is never used for advertising, profiling, or sold to third parties. • No Persistent Storage of Document Content: Document content processed through the Add-in is used solely to generate the requested output and is not stored in Malakah's databases beyond the duration of the request. • Microsoft API Compliance: The Add-in is built in accordance with Microsoft's Office Add-ins platform policies and the Microsoft Partner Center requirements. • Offline Mode: The Add-in requires an internet connection to function. No AI processing occurs locally on your device.

We use cookies, web beacons, and similar technologies to: • Maintain your authenticated session. • Remember language and region preferences. • Gather aggregate analytics on how the platform is used. You can control cookies through your browser settings. Disabling certain cookies may limit platform functionality. We do not use cross-site tracking cookies for advertising purposes.

We do not sell your personal information. We may share data in the following limited circumstances: • Service Providers: Trusted third-party vendors who assist with hosting, payment processing, analytics, and customer support, bound by confidentiality agreements. • Legal Requirements: When required by applicable law, court order, or governmental authority. • Business Transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity under equivalent privacy protections. • Aggregated Data: De-identified, aggregated statistics that cannot identify any individual may be shared publicly for research or business purposes.

We implement industry-standard technical and organizational measures to protect your data: • All data in transit is encrypted using TLS 1.2 or higher. • Data at rest is encrypted using AES-256 encryption. • Access to personal data is restricted to authorized personnel on a need-to-know basis. • Our infrastructure is regularly audited and tested for vulnerabilities. • We are compliant with Saudi Arabia's Personal Data Protection Law (PDPL) and relevant international standards. No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We retain personal data for as long as necessary to provide our services and fulfill the purposes described in this policy: • Account data is retained for the lifetime of your account and for up to 2 years after account deletion for legal compliance purposes. • Document content processed through the Add-in is not stored beyond the duration of a single request. • Usage logs are retained for up to 12 months for security and analytics purposes. • You may request deletion of your data at any time by contacting privacy@malakah.ai.

Depending on your jurisdiction, you may have the following rights regarding your personal data: • Right of Access: Request a copy of the personal data we hold about you. • Right to Rectification: Request correction of inaccurate or incomplete data. • Right to Erasure: Request deletion of your personal data (subject to legal obligations). • Right to Restriction: Request that we limit how we process your data. • Right to Data Portability: Receive your data in a structured, machine-readable format. • Right to Object: Object to processing based on legitimate interests. • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent. To exercise any of these rights, contact us at privacy@malakah.ai. We will respond within 30 days.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will promptly delete it. If you believe we have inadvertently collected information from a minor, please contact us immediately.

Our platform may contain links to third-party websites or integrate with third-party services (such as Microsoft Office). We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you use in conjunction with Malakah.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date and, where appropriate, by sending you an email notification. Your continued use of our services after the effective date constitutes your acceptance of the revised policy.