Request a Demo

Amwaj

Privacy Policy

Amwaj AI ESG Platform
Last Updated: 06/18/2025

1. Introduction

Welcome to Amwaj (“we,” “our,” or “us”), a leading ESG compliance and sustainability SaaS platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our web application, mobile applications, APIs,
and consultant marketplace (collectively, the “Services”).

We are committed to protecting your privacy and ensuring transparency in how we handle your
personal and business data. This policy applies to all users of our Services, including SMEs,
consultants, and other stakeholders.

2. Information We Collect

2.1. Personal Information

  • Account Information: Name, email address, phone number, job title, company name, and business address.
  • Profile Information: Professional background, certifications, expertise areas (for consultants).
  • Authentication Data: Username, password (encrypted), and security credentials.
  • Communication Data: Messages, support tickets, and correspondence with our team.
  • Identification Data: Personal identification numbers, license numbers, and other identifying information as required for compliance.


2.2. Business and ESG Data

  • Company Information: Business registration details, industry type, size, and operational data.
  • ESG Metrics: Environmental, social, and governance data you input or generate through our platform.
  • Compliance Data: Regulatory information, audit reports, and certification documents.
  • Performance Analytics: Sustainability metrics, benchmarking data, and progress reports.
  • Credit Data: Financial information related to ESG financing, loans, and credit assessments (where applicable).


2.3. Technical Information

  • Usage Data: Platform interactions, feature usage, session duration, and navigation patterns
  • Device Information: IP address, browser type, operating system, and device identifiers.
  • IoT and Sensor Data: Data from connected devices and sensors (where applicable).
  • API Usage: Data accessed through our APIs and third-party integrations.
  • Consultant Profiles: Professional information, ratings, reviews, and transaction history.
  • Project Data: Collaboration details, deliverables, and communication between clients and consultants.
  • Financial Information: Payment details, invoicing data, and commission records.

3. How We Use Your Information

3.1. Platform Services

  • Provide and maintain our ESG compliance and sustainability services.
  • Generate real-time analytics, reports, and AI-driven insights.
  • Enable digital twin modeling and IoT integrations.
  • Facilitate compliance with global ESG standards and Vision 2030 requirements.


3.2. Marketplace Operations

  • Connect SMEs with qualified ESG consultants.
  • Process transactions and manage payments.
  • Maintain quality through ratings and review systems.
  • Provide customer support for marketplace activities.


3.3. Platform Improvement

  • Analyze usage patterns to enhance user experience.
  • Develop new features and improve existing functionality.
  • Conduct research and development for AI and machine learning capabilities.
  • Optimize platform performance and security.


3.4. Communication

  • Send service updates, security alerts, and important notifications.
  • Provide customer support and respond to inquiries.
  • Share relevant industry insights and best practices.
  • Conduct surveys and gather feedback.


3.5. Legal and Compliance

  • Comply with applicable laws and regulations.
  • Protect against fraud, abuse, and security threats.
  • Enforce our Terms of Service and other agreements.
  • Respond to legal requests and court order.

4. Information Sharing and Disclosure

4.1. Within Our Platform

  • Marketplace Visibility: Consultant profiles and ratings are visible to potential clients.
  • Collaboration: Project-related data is shared between clients and assigned consultants.
  • Benchmarking: Anonymized industry data may be used for comparative analytics.


4.2. Third-Party Service Providers

We may share information with trusted partners who assist us in:

  • Cloud hosting and data storage.
  • Payment processing and financial services.
  • Analytics and performance monitoring.
  • Customer support and communication tools.
  • Security and fraud prevention.


4.3. Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes or government requests.
  • Protect our rights, property, or safety.
  • Investigate potential violations of our Terms of Service.
  • Respond to emergencies involving personal safety.


4.4. Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as
part of the business transaction, subject to confidentiality agreements.

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

5.1. Consent

  • Explicit consent for marketing communications and non-essential features.
  • Consent for processing sensitive data categories.
  • Consent for data transfers outside your jurisdiction.


5.2. Contract Performance

  • Processing necessary to provide our ESG platform services.
  • Facilitating consultant marketplace transactions.
  • Maintaining user accounts and subscriptions.


5.3. Legal Obligations

  • Compliance with ESG reporting requirements.
  • Regulatory compliance and audit requirements.
  • Response to legal requests and court orders.


5.4. Legitimate Interests

  • Platform security and fraud prevention.
  • Service improvement and analytics.
  • Business operations and customer support.
  • Marketing to existing customers (subject to opt-out rights).


5.5. Legitimate Interests

  • Emergency situations involving health and safety.
  • Prevention of environmental harm.

You have the right to withdraw consent at any time where processing is based on consent. This will not affect the lawfulness of processing before withdrawal.

6. Data Security

6.1. Technical Safeguards

  • Encryption: Data is encrypted in transit and at rest using industry-standard protocols.
  • Access Controls: Multi-factor authentication and role-based access permissions.
  • Infrastructure: Secure cloud hosting with regular security audits and monitoring.
  • Backup Systems: Regular data backups with disaster recovery procedures.


6.2. Organizational Measures

  • Employee Training: Regular security awareness training for all staff.
  • Access Limitation: Strict need-to-know basis for accessing personal data.
  • Incident Response: Comprehensive procedures for handling security breaches.
  • Compliance Monitoring: Regular audits and compliance assessments.


6.3. Data Breach Notification

In the event of a data breach that may affect your rights and interests, we will:

  • Notify the relevant supervisory authority within 72 hours (where required).
  • Inform affected users without undue delay if the breach poses a high risk.
  • Document all breaches and remedial actions taken.
  • Implement measures to prevent future occurrences.

 

7. Data Retention

7.1. Retention Periods

  • Active Accounts: Data retained while your account remains active.
  • Inactive Accounts: Personal data deleted after 24 months of inactivity.
  • ESG Data: Business data may be retained longer for compliance and auditing purposes.
  • Legal Requirements: Some data retained as required by applicable laws.


7.2. Deletion Rights

You may request deletion of your personal data, subject to:

  • Legal retention requirements.
  • Ongoing business relationships.
  • Technical limitations in anonymizing interconnected data.

8. Your Rights and Choices

8.1. Access and Control

  • Account Access: View and update your personal information through your account settings.
  • Data Portability: Request a copy of your data in a commonly used format.
  • Correction: Update or correct inaccurate personal information purposes.
  • Deletion: Request deletion of your personal data (subject to limitations).


8.2. Communication Preferences

  • Email Notifications: Opt out of marketing communications while maintaining service notifications.
  • Data Processing: Object to certain types of data processing where legally permitted.
  • Marketing: Unsubscribe from promotional communications at any time.


8.3. Complaint Process

If you have concerns about our privacy practices, you may:

  • Contact our Privacy Officer directly.
  • File a complaint with relevant data protection authorities.
  • Seek resolution through our internal complaint process.

9. International Data Transfers

9.1. Cross-Border Processing

As a global platform, we may transfer your data to countries outside your jurisdiction, including:

  • Cloud hosting providers in various regions.
  • Partner organizations for service delivery.
  • Subsidiaries and affiliates worldwide.


9.2. Safeguards

We implement appropriate safeguards for international transfers:

  • Adequacy Decisions: Transfers to countries with adequate data protection laws.
  • Standard Contractual Clauses: Legal agreements ensuring data protection standards.
  • Certification Programs: Compliance with recognized international frameworks.

10. Cookies and Tracking Technologies

10.1. Types of Cookies

  • Essential Cookies: Required for platform functionality and security.
  • Analytics Cookies: Help us understand usage patterns and improve services.
  • Preference Cookies: Remember your settings and customizations.
  • Marketing Cookies: Deliver relevant content and measure campaign effectiveness.


10.2. Cookie Management

You can control cookies through:

  • Browser settings and preferences.
  • Our cookie preference center.
  • Third-party opt-out mechanisms.
  • Platform-specific privacy controls.

11. Children’s Privacy

Our Services are designed for business users and are not intended for individuals under 16
years of age. We do not knowingly collect personal information from children. If we become
aware of such collection, we will take immediate steps to delete the information.

12. Regional Privacy Rights

12.1. Saudi Arabia

We comply with the Saudi Personal Data Protection Law (PDPL), including:

  • Explicit consent requirements for sensitive data processing.
  • Data subject rights including access, correction, and deletion.
  • Mandatory data breach notifications.
  • Restrictions on international data transfers.
  • Marketing communication consent requirements.


12.2. UAE and Qatar

We adhere to applicable data protection laws in the UAE and Qatar, including sector-specific regulations.

12.3. United States

For US users, we comply with applicable federal and state privacy laws, including CCPA where applicable.

12.4. European Union

For EU users, we provide rights under GDPR including enhanced consent mechanisms and the right to lodge complaints with supervisory authorities.

12.5. Malaysia

We comply with the Personal Data Protection Act (PDPA) and related Malaysian privacy
regulations.

13. Third-Party Integrations

13.1. Saudi Arabia

Our platform may integrate with third-party services including:

  • IoT device manufacturers and data providers.
  • Financial institutions and payment processors.
  • Government databases and regulatory systems.
  • Industry-specific compliance platforms.


13.2. Data Sharing Limitations

We limit data sharing with third parties to:

  • Information necessary for service functionality.
  • Data required for compliance and reporting.
  • Anonymized or aggregated information for analytics.
  • Information shared with your explicit consent.

14. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including:

  • New AI-driven analytics features.
  • Large-scale IoT data processing.
  • Cross-border data transfers.
  • Automated decision-making processes.

These assessments help us identify and mitigate privacy risks before implementing new features or processes.

15. Record Keeping and Compliance

15.1. Processing Records

We maintain detailed records of all personal data processing activities, including:

  • Contact details and purposes of processing.
  • Categories of data subjects and personal data.
  • Data sharing and transfer information.
  • Retention periods and security measures.


15.2. Regulatory Cooperation

We cooperate with supervisory authorities and provide necessary documentation upon request
to demonstrate compliance with applicable privacy laws.

 

16. Updates to This Privacy Policy

16.1. Policy Changes

We may update this Privacy Policy to reflect:

  • Changes in our business practices.
  • New legal requirements.
  • Enhanced privacy protections.
  • User feedback and concerns.


16.2. Notification Process

We will notify you of material changes through:

  • Email notifications to registered users.
  • Prominent notices on our platform.
  • Updated version dates and change logs.
  • Direct communication for significant modifications.

17. Contact Information

17.1. Privacy Inquiries

  • Email: privacy@amwaj.com


17.2. General Support

  • Email: support@amwaj.com

This Privacy Policy is effective as of june 24th 2025 and governs your use of the Amwaj AI ESG platform and services. By using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Quick Access

About Us

Platform

Why Amwaj?

Marketplace

Contact

Legal Information

Privacy Policy

Terms of Service

CONTACT

Registration Number: 7049976124

Amwaj Logo

Empowering SME's to Ride the Wave of Sustainability

Linkedin X-twitter Instagram

Copyright © Amwaj 2025 All Rights Reserved

Scroll to Top