Privacy

Your data is yours. Our role is to protect it and handle it responsibly.Edrak is designed to help organizations use AI without giving up control over their data. Customer data remains under customer control, is processed only to deliver and secure the service, and is not used to train Edrak models or third-party AI models.
Privacy at a glance
Customer ownershipCustomers retain ownership and control of their data, including prompts, uploaded files, and outputs generated through the platform.
No training on customer dataEdrak does not use customer data or outputs to train, fine-tune, or improve Edrak models or third-party AI models.
Limited use onlyCustomer data is processed only as needed to provide, secure, support, and administer the service.
Controlled provider accessWhere customers choose to use supported third-party AI providers, data is routed only as needed to deliver the requested functionality.
Retention with limitsCustomer data is retained only for as long as needed to operate the service, meet legal obligations, support security, and complete ordinary backup and deletion cycles.
Our privacy principlesPrivacy at Edrak is built around a small number of clear commitments.
You keep controlCustomer data belongs to the customer. Edrak does not claim ownership over prompts, files, inputs, or outputs generated for the customer through the service.
We limit how data is usedCustomer data is processed only for service delivery, security, support, and related operational purposes. It is not used for advertising, sold to third parties, or used to train models.
We support governed useEdrak gives organizations administrative tools and workspace controls so they can manage access, oversight, and internal governance in a structured way.
We are transparent about provider routingWhen customers use supported third-party AI models through Edrak, relevant data may be transmitted to those providers only to generate the requested response.
We design for enterprise trustPrivacy is part of the platform design, contract structure, and operating model, not an afterthought.
What data Edrak processesDepending on how the service is used, Edrak may process:
  • Prompts and inputs submitted by users
  • Uploaded files and customer content
  • Outputs generated through the platform
  • Account, workspace, and user administration data
  • Usage and activity data needed to operate, secure, and support the service
  • Technical and log data related to performance, security, and platform integrity
Edrak processes this data only as needed to provide and maintain the service.How we use customer dataEdrak uses customer data only for limited and legitimate service purposes, including to:
  • Provide the platform and requested functionality
  • Route requests to supported AI providers selected through the service
  • Maintain security, integrity, and availability
  • Support administration, troubleshooting, and customer support
  • Comply with legal, regulatory, and contractual obligations
  • Manage retention, deletion, and backup processes
Edrak does not use customer data beyond those purposes.What we do not do with customer dataEdrak's privacy position is simple on the points that matter most.We do not:
  • Use customer data to train or fine-tune Edrak
  • Use customer data to train or fine-tune third-party AI models
  • Sell customer data
  • Use customer data for advertising
  • Claim ownership over customer data or outputs
  • Use customer data to build competing AI systems
This is a core part of Edrak's enterprise model.Third-party AI providersEdrak supports access to selected third-party AI providers through a controlled platform.When a customer chooses to use those providers:
  • Edrak acts as the intermediary service layer
  • Customer data may be transmitted to the relevant provider only to deliver the requested functionality
  • Edrak seeks contractual protections appropriate to the service design
  • Different providers may have their own technical, operational, and legal limitations
This means customers can use multiple AI providers through one governed environment, while maintaining greater central control than unmanaged direct usage.Data retention and deletionEdrak is designed to apply retention limits rather than open-ended storage.In general:
  • Customer data may be retained during the subscription term as needed to provide the service
  • After termination, data may be retained for a limited period to support retrieval or export
  • After that period, data is deleted or anonymized, unless longer retention is required for legal, regulatory, billing, dispute, fraud-prevention, security, or backup reasons
  • Residual copies in backup systems are removed through ordinary backup-cycle processes
Customers with specific retention or deletion requirements should contact Edrak to discuss available options.Data residency and transfersUnless otherwise agreed, Edrak's default hosting position is Saudi Arabia, subject to operational availability.Alternative hosting options may be available depending on customer requirements, applicable law, and service configuration.Where customer data is routed to supported third-party providers, that processing may involve additional jurisdictions depending on the provider and selected setup. Customers with specific localization or transfer requirements should contact Edrak before deployment.Customer controlsEdrak is designed to support customer control, not replace it.Depending on the service configuration, customer controls may include:
  • Workspace administration
  • User access management
  • Role-based permissions
  • Usage visibility and activity oversight
  • Data export and deletion workflows where available
  • Internal governance through customer-defined policies and processes
Customers remain responsible for how they configure their environment and how their users handle data within the platform.Security and privacyPrivacy and security work together, but they are not the same.Edrak supports privacy through technical and organizational safeguards, including:
  • Encryption in transit and at rest
  • Role-based access controls
  • Workspace-level segregation
  • Secure API-based integrations
  • Monitoring and controls designed to protect against unauthorized access, disclosure, or misuse
For more information, see the Security page.Customer responsibilitiesCustomers are responsible for:
  • Ensuring they have the rights and legal basis to submit data to the platform
  • Managing their own internal access policies and user permissions
  • Determining whether personal data, regulated information, or sensitive business data should be used in specific workflows
  • Reviewing outputs before relying on them in legal, regulatory, financial, operational, or other high-impact contexts
  • Ensuring their use of Edrak complies with the laws and regulations applicable to their business
Edrak provides the platform and controls. Customers remain responsible for their own use of the platform.Documentation and enterprise reviewFor enterprise customers with diligence requirements, Edrak may make privacy-related documentation available under appropriate confidentiality controls.Available materials may include:
  • Privacy and data governance documentation
  • Contractual privacy commitments
  • Data processing terms
  • Information regarding subprocessors
  • Responses to reasonable enterprise diligence requests
Contactprivacy@edrak.com