Qematt

Privacy Policy

Effective Date / Last Updated: 19 May 2026

This Privacy Policy explains how Qematt collects, uses, stores, shares, and protects personal data and customer content when you use our website, AI tools, chatbot interfaces, SaaS products, online courses, consultancy services, digital products, software offerings, subscriptions, and related services.

Qematt is the customer-facing brand operated by:

QEMAT ALTAMAYOZ STATISTICAL SERVICES CONSULTANCIES CO. L.L.C
Dubai, United Arab Emirates
Email: voc@qematt.com

For the purposes of this Privacy Policy, “Qematt,” “we,” “us,” and “our” refer to QEMAT ALTAMAYOZ STATISTICAL SERVICES CONSULTANCIES CO. L.L.C and its related services.

  1. Scope of this Privacy Policy

This Privacy Policy applies to:

our website at https://qematt.com/;
any current or future subdomains operated under qematt.com;
AI tools, chatbots, assistants, and automation products;
SaaS subscriptions, dashboards, workspaces, and client portals;
online courses, learning platforms, digital products, and downloadable resources;
consultancy, advisory, training, and professional services;
payment, checkout, subscription, and customer-account processes;
communications through email, contact forms, customer accounts, WhatsApp, LinkedIn, and other customer-support channels;
future mobile applications, marketplaces, partner platforms, or software offerings, unless a separate privacy notice is provided.

If a specific product or service has its own privacy notice, product addendum, or data-processing agreement, that document may apply in addition to this Privacy Policy.

  1. Important AI privacy notice

Some of our services may use artificial intelligence, large language models, chatbot systems, automation tools, document analysis tools, workflow tools, and third-party AI service providers.

When you use our AI tools or chatbots, you may submit prompts, messages, files, instructions, business documents, ISO documents, HSE documents, environmental records, audit evidence, training records, incident information, images, spreadsheets, PDFs, Word files, and other content.

AI-generated outputs are intended to support learning, analysis, drafting, decision-support, consultancy workflows, and productivity. They are not a substitute for professional judgment, legal advice, regulatory advice, HSE judgment, environmental consulting judgment, technical validation, or management approval.

Users remain responsible for reviewing, validating, and deciding whether to rely on any AI-generated output.

Attorney review recommended: This AI section should be reviewed before launching enterprise AI tools, regulated-sector tools, or products that process sensitive employee, health, incident, or compliance data.

  1. Information we collect

We may collect the following categories of information depending on how you interact with us.

3.1 Contact and identity information

This may include:

name;
email address;
phone number;
job title;
company name;
country or region;
billing contact details;
communication preferences;
information submitted through forms, surveys, applications, or direct messages.
3.2 Account and subscription information

If you create an account or access paid services, we may collect:

username or login details;
password or authentication information;
customer account information;
course enrolment information;
subscription status;
product access permissions;
workspace membership;
admin and team-user roles;
account activity;
purchase history;
support history.

If your organisation creates a team or company account, an account administrator may invite users, manage access, view subscription status, and access certain workspace or usage information depending on the service.

3.3 Payment and billing information

When you purchase products, courses, subscriptions, consultancy services, or digital products, we may collect or receive:

billing name;
billing email;
billing address where required;
transaction details;
invoice details;
tax or accounting information;
payment status;
order history.

Payments may be processed by third-party payment processors, checkout tools, banking channels, invoicing systems, or marketplace platforms. We do not intentionally store full payment-card numbers where payment information is processed by third-party payment providers.

3.4 AI interactions, chatbot data, and user content

When you use AI tools, chatbots, document-analysis tools, SaaS platforms, or automation products, we may collect and process:

prompts and chat messages;
uploaded files;
user instructions;
documents submitted for analysis;
AI-generated outputs;
usage summaries;
interaction insights;
tool activity;
feedback;
error reports;
support requests related to AI outputs.

Uploaded content may include PDFs, Word documents, spreadsheets, images, ISO documents, HSE documents, environmental records, audit reports, incident summaries, risk assessments, training records, policies, procedures, compliance documents, project documents, and other business information.

3.5 Sensitive or employee-related data

Our services are intended mainly for business, HSE, environmental, ISO, audit, compliance, training, consultancy, and professional purposes. We do not request unnecessary sensitive personal data.

However, users may submit HSE-related or business-related documents that include sensitive or employee-related information, such as:

injury or incident information;
health or medical-related details;
disability or work restriction information;
employee names or identifiers;
training records;
investigation records;
workplace location information;
audit evidence;
compliance records;
images or documents that may identify individuals.

You should avoid uploading unnecessary sensitive, medical, biometric, financial, national ID, passport, personal, or employee-identifiable information unless it is genuinely necessary for the requested service.

Where possible, users should anonymise, redact, minimise, or remove personal and sensitive information before uploading documents or using AI tools.

Attorney review recommended: If you use our services to process employee data, incident data, health data, or other sensitive information, you should ensure you have the legal right to do so and may need a separate data-processing agreement.

3.6 Technical and usage data

When you visit our website or use our services, we may automatically collect technical and usage information, including:

IP address;
browser type;
device type;
operating system;
approximate location;
referring pages;
pages visited;
date and time of access;
login activity;
cookies and similar technologies;
error logs;
security logs;
product usage data;
feature interaction data;
analytics information.

We use this information to operate, secure, troubleshoot, monitor, analyse, and improve our website, AI tools, SaaS products, courses, digital products, and related services.

3.7 Communications and marketing information

If you contact us, subscribe to updates, register for webinars, download resources, buy products, or interact with us through professional channels, we may collect:

email messages;
contact-form submissions;
support requests;
WhatsApp messages;
LinkedIn messages;
webinar registrations;
newsletter preferences;
marketing consent records;
unsubscribe records;
email open and click activity where provided by email tools.

  1. How we use information

We may use personal data and customer content for the following purposes:

to provide, operate, and maintain our website and services;
to deliver AI tools, chatbot services, SaaS functionality, online courses, consultancy services, digital products, and software offerings;
to create and manage user accounts, subscriptions, workspaces, and access permissions;
to process orders, invoices, payments, refunds, and billing records;
to analyse uploaded content and generate requested outputs;
to provide customer support and respond to enquiries;
to improve AI tools, product features, course content, user experience, and service quality;
to troubleshoot errors, detect abuse, and prevent misuse;
to monitor security and protect our systems;
to send service updates, account notices, transactional emails, and administrative messages;
to send newsletters, product updates, webinar invitations, AI tool launch announcements, and promotional offers where permitted;
to understand website performance and service usage;
to comply with legal, tax, accounting, regulatory, and contractual obligations;
to resolve disputes and enforce our agreements;
to protect the rights, safety, property, and legitimate interests of Qematt, our users, customers, partners, and the public.

  1. Legal bases for processing

Where GDPR, UK GDPR, or similar privacy laws apply, we may rely on one or more of the following legal bases:

Contract: to provide products, subscriptions, courses, consultancy services, SaaS access, AI tools, support, and customer accounts.
Legitimate interests: to operate, secure, improve, analyse, and develop our services; prevent misuse; communicate with business users; and maintain business records.
Consent: for certain marketing communications, non-essential cookies, optional analytics, or specific processing where consent is required.
Legal obligation: to comply with tax, accounting, regulatory, dispute-resolution, and legal requirements.
Vital interests or public interest: only where applicable and legally justified, such as safety-related situations or legal obligations.

You may withdraw consent where processing is based on consent, but this will not affect processing already carried out before withdrawal.

  1. AI data handling and human review

We may store, access, and review AI conversations, prompts, uploaded files, usage summaries, interaction insights, AI-generated outputs, and support communications where reasonably necessary to:

provide the requested AI tool or service;
generate outputs requested by the user;
troubleshoot technical issues;
respond to support requests;
maintain service quality;
improve product performance;
develop better AI tools and workflows;
detect misuse or abuse;
monitor security;
comply with legal obligations;
maintain business and service records.

Where practical, we prefer to use aggregated, anonymised, or de-identified information for analytics, product improvement, and service development.

We do not intentionally use customer confidential documents or uploaded business files to train public AI foundation models unless this is clearly disclosed, authorised by the customer, necessary to provide the requested service, or covered by a separate written agreement.

AI tools may rely on third-party AI, cloud, automation, hosting, and infrastructure providers. These providers may process data as necessary to deliver the relevant service, subject to their contractual and technical controls.

Attorney review recommended: This section should be reviewed before enterprise launch, especially if customers upload sensitive employee records, confidential business files, or regulated-sector documents.

  1. User-uploaded content and customer responsibilities

You are responsible for the content you submit, upload, transmit, or provide through our services.

If you upload data relating to employees, contractors, clients, students, suppliers, or other third parties, you confirm that you have the necessary rights, permissions, notices, consents, legal basis, or authority to provide that data to us for processing.

You should not upload:

unnecessary sensitive personal data;
unnecessary medical information;
unnecessary national ID, passport, or government identity documents;
unnecessary biometric data;
unnecessary financial data;
confidential data you are not authorised to share;
content that violates laws, regulations, contracts, intellectual property rights, or confidentiality obligations.

Where possible, you should anonymise or redact personal and sensitive information before uploading content.

  1. B2B customer data and processor role

For business customers, organisational accounts, consultancy clients, and enterprise users, you may provide data relating to your employees, contractors, clients, suppliers, sites, operations, audits, incidents, training, risks, environmental compliance, ISO implementation, or internal business processes.

In many B2B situations, the customer may act as the data controller or business owner of that data, and Qematt may process the data as a service provider or processor to deliver the requested service.

A separate Data Processing Agreement, service agreement, or product-specific addendum may be required for enterprise customers or customers uploading sensitive employee, HSE, incident, health, or compliance data.

Attorney review recommended: Create a separate DPA before offering enterprise SaaS, team workspaces, employee-data processing, or sensitive HSE document analysis at scale.

  1. Automated decision-making and AI outputs

Our AI tools are intended to provide advisory, educational, analytical, drafting, productivity, and decision-support outputs.

We do not use AI tools to make final legal, employment, medical, insurance, financial, regulatory, or similarly significant decisions about individuals.

Users are responsible for reviewing, validating, correcting, approving, or rejecting AI-generated outputs before using them in business, HSE, environmental, ISO, legal, regulatory, operational, or management contexts.

  1. Cookies and similar technologies

We may use cookies and similar technologies to operate our website, improve user experience, understand website performance, manage accounts, support checkout processes, secure the website, and analyse traffic.

Cookies may include:

Strictly necessary cookies: needed for website operation, login, cart, checkout, security, and account access.
Analytics cookies: used to understand website performance, page visits, traffic sources, and user interaction patterns.
Functional cookies: used to remember preferences or improve functionality.
Marketing cookies: may be used in the future for advertising, retargeting, conversion tracking, or campaign measurement.

Where required by law, we will request consent before placing non-essential analytics, advertising, or tracking cookies. You may manage cookie preferences through our cookie banner, browser settings, or cookie settings where available.

If you block or disable cookies, some website features, account functions, checkout processes, or services may not work properly.

Attorney review recommended: Implement a cookie banner and a separate Cookie Policy before actively targeting EU/UK users or using advertising/retargeting tools.

  1. Marketing communications

We may send newsletters, educational content, product updates, course updates, AI tool launch announcements, webinar invitations, promotional offers, and other marketing communications.

You may unsubscribe from marketing emails at any time by using the unsubscribe link in the email or contacting us at voc@qematt.com.

We may still send non-marketing messages, such as order confirmations, invoices, account notices, product access information, legal notices, service updates, and security alerts.

  1. Sharing personal data with service providers

We do not sell personal data to third parties.

We may share personal data, technical data, customer content, or service-related information with trusted third parties who help us operate, deliver, secure, analyse, or improve our services. These may include:

payment processors;
checkout and billing providers;
learning management platforms;
AI model providers and chatbot service providers;
cloud hosting providers;
website hosting providers;
analytics providers;
email marketing and customer communication tools;
automation and workflow providers;
customer-support tools;
file storage and collaboration providers;
marketplace, partner, reseller, or affiliate platforms;
professional advisers, including legal, accounting, tax, security, or compliance advisers;
government, regulatory, law-enforcement, or dispute-resolution bodies where legally required.

We require service providers to process data only as necessary for the services they provide to us and in accordance with applicable legal or contractual requirements.

  1. Third-party platforms, marketplaces, and external services

Our products, courses, AI tools, digital products, SaaS access, consultancy offers, and software services may be delivered through our own website, subdomains, learning platforms, chatbot platforms, marketplaces, partner websites, reseller channels, affiliate platforms, or external service providers.

When you interact with a third-party platform, that platform may also collect and process your data under its own privacy policy, terms, cookie policy, and account settings. We encourage you to review the privacy notices of any third-party platform you use.

  1. International data transfers

Qematt is operated from the United Arab Emirates and may serve users in the UAE, Saudi Arabia, the GCC, the EU, the UK, the United States, and other countries.

Because we use cloud, AI, hosting, payment, analytics, email, automation, learning, and support providers, personal data and customer content may be processed or stored outside your country, including outside the UAE, Saudi Arabia, the GCC, the UK, or the European Economic Area.

Where required by applicable law, we will use appropriate safeguards, contractual protections, technical measures, or service providers with suitable data-protection commitments.

Attorney review recommended: Review international transfer mechanisms before actively targeting EU/UK enterprise customers or processing sensitive Saudi/UAE employee data through international providers.

  1. Security

We use reasonable technical and organisational measures designed to protect personal data and customer content against unauthorised access, loss, misuse, alteration, or disclosure.

These measures may include:

password-protected accounts;
HTTPS/SSL;
secure hosting;
administrative access controls;
limited access to authorised persons;
provider-level encryption where available;
backups where available;
security updates;
monitoring and troubleshooting;
use of reputable cloud, AI, hosting, payment, and software service providers.

However, no method of transmission or storage over the internet is completely secure. We cannot guarantee absolute security.

You are responsible for keeping your login credentials confidential and for using strong passwords and appropriate account-security practices.

  1. Data retention

We retain personal data and customer content only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

provide services;
manage accounts and subscriptions;
process payments and invoices;
support customers;
improve AI tools and products;
maintain security;
prevent misuse;
comply with tax, accounting, regulatory, and legal obligations;
resolve disputes;
maintain business records.

Different categories of data may be retained for different periods.

For example:

account data may be kept while the account is active and for a reasonable period after closure;
AI interactions, uploaded files, and outputs may be kept as needed for service delivery, support, improvement, security, legal, or business purposes;
billing, tax, invoice, and accounting records may be kept for the period required by applicable law;
marketing data may be kept until you unsubscribe or request deletion, subject to suppression records;
support messages may be kept as needed to resolve issues and maintain service records;
backups and security logs may be retained for limited technical or security periods;
anonymised or aggregated information may be retained for longer where it no longer identifies an individual.

Where appropriate, we may delete, anonymise, or aggregate data instead of retaining identifiable personal data.

  1. Your privacy rights

Depending on your location and applicable law, you may have rights to:

request access to your personal data;
request correction of inaccurate or incomplete data;
request deletion of personal data;
request restriction of processing;
object to certain processing;
withdraw consent where processing is based on consent;
request data portability where applicable;
opt out of marketing communications;
request information about how your data is used;
complain to a relevant data protection authority.

To make a privacy request, contact us at:

voc@qematt.com

We may need to verify your identity before responding. Some requests may be limited by legal, security, accounting, backup, contractual, or legitimate business requirements.

  1. Account deletion and deletion requests

You may request deletion of your account, uploaded files, AI conversation records, or personal data by contacting voc@qematt.com.

We will review and respond to deletion requests in accordance with applicable law and our legitimate business, security, legal, tax, accounting, backup, and dispute-resolution obligations.

Deletion from active systems may not immediately remove data from backups, logs, archives, or records that must be retained for legal or technical reasons. Where deletion is not possible, we may restrict, archive, anonymise, or securely retain data as appropriate.

  1. Children and young users

Our services are primarily intended for business, professional, educational, consultancy, and adult users aged 18 or older.

We do not intentionally direct our services to children under 13, and we do not knowingly collect personal data from children under 13.

Users aged 13–17 should use our educational tools only with appropriate parent, guardian, school, or organisational supervision. They should not submit unnecessary personal data, sensitive information, confidential documents, or employee-related data.

If we become aware that we have collected personal data from a child where consent or supervision is required by law, we may delete the information or take other appropriate steps.

Attorney review recommended: If Qematt later creates products specifically for schools, students, minors, or children, a separate children’s privacy notice and age-appropriate design review may be required.

  1. Regional privacy notes
    UAE users

Qematt is operated from Dubai, United Arab Emirates. We aim to handle personal data in a transparent, secure, and responsible manner consistent with applicable UAE privacy expectations.

Saudi Arabia users

If we provide services to users or customers in Saudi Arabia, we aim to consider relevant Saudi personal data protection expectations, especially for business customers, employee data, sensitive information, and international data processing.

EU/UK users

If GDPR or UK GDPR applies to your use of our services, we process personal data according to applicable legal bases and provide rights such as access, correction, deletion, objection, restriction, portability, and withdrawal of consent where applicable.

US users

We do not sell personal data. If US state privacy laws apply to your interaction with us, you may contact us at voc@qematt.com to request information about your privacy rights.

Attorney review recommended: Regional legal notices should be reviewed before running targeted campaigns or paid subscriptions in the EU, UK, California, or other regulated markets.

  1. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, AI tools, SaaS products, business operations, legal requirements, or privacy practices.

When we update the policy, we will revise the “Last Updated” date. If changes are material, we may provide additional notice through the website, account dashboard, email, or other appropriate communication channels.

Your continued use of our services after an updated Privacy Policy becomes effective means that you acknowledge the updated policy.

  1. Contact us

For privacy questions, data deletion requests, account deletion requests, or legal/privacy enquiries, contact us at:

QEMAT ALTAMAYOZ STATISTICAL SERVICES CONSULTANCIES CO. L.L.C
Dubai, United Arab Emirates
Email: voc@qematt.com