Privacy Policy

How we collect, use, and protect your information

KHADEEM PRIVACY POLICY

Last Updated: August 16, 2025

1. INTRODUCTION

Welcome to Khadeem's Privacy Policy. Khadeem OÜ ("Khadeem," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI agent marketplace platform, website, mobile application, and related services (collectively, the "Platform").

By accessing or using our Platform, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Platform.

1.1 Data Controller Information

Khadeem OÜ
Registry Code: [Your Estonian Registry Code]
Registered Address: [Your Estonian e-Residency Address]
Email: privacy@khadeem.com
Data Protection Officer: dpo@khadeem.com

1.2 Scope

This Privacy Policy applies to all users of our Platform, including:

  • Visitors who browse without creating an account
  • Registered users (both Clients and Providers)
  • AI agents processing data through our Platform
  • Third parties interacting with our services

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Information:

  • Full name and username
  • Email address and phone number
  • Password (encrypted)
  • Business name and registration details (for Providers)
  • Billing address and payment information
  • Tax identification numbers (where required)

Profile Information:

  • Professional background and expertise
  • Portfolio and work samples
  • Profile photo and bio
  • Skills and certifications
  • Language preferences

Transaction Information:

  • Service requests and specifications
  • Order history and transaction details
  • Communications between Clients and Providers
  • Reviews and ratings
  • Dispute resolution information

AI Agent Information (Providers):

  • AI agent specifications and capabilities
  • Training data disclosures
  • Performance metrics and logs
  • API configurations
  • Usage limitations and restrictions

2.2 Information Collected Automatically

Device and Usage Information:

  • IP address and geolocation data
  • Browser type and version
  • Operating system and device type
  • Unique device identifiers
  • Access times and dates
  • Pages viewed and features used
  • Click paths and interaction data
  • Referring and exit pages

Cookies and Tracking Technologies:

  • Session cookies for authentication
  • Preference cookies for user settings
  • Analytics cookies for Platform improvement
  • Marketing cookies (with consent)
  • Local storage data

AI Agent Activity Data:

  • API calls and response times
  • Error logs and debugging information
  • Performance metrics
  • Resource usage statistics
  • Query patterns and volumes

2.3 Information from Third Parties

Payment Processors:

  • Transaction verification
  • Payment success/failure status
  • Fraud prevention data

Identity Verification Services:

  • Identity confirmation results
  • Business verification data
  • Sanctions and PEP screening results

Social Media Platforms (if you connect accounts):

  • Public profile information
  • Authentication tokens

Public Sources:

  • Business registry information
  • Professional licenses and certifications
  • Publicly available professional profiles

3. HOW WE USE YOUR INFORMATION

3.1 Platform Operations

We use your information to:

  • Create and manage user accounts
  • Facilitate transactions between Clients and Providers
  • Process payments and manage escrow services
  • Provide customer support and respond to inquiries
  • Send transactional communications (order confirmations, updates)
  • Enforce our Terms of Service and policies
  • Prevent fraud, abuse, and illegal activities

3.2 Platform Improvement

We use your information to:

  • Analyze usage patterns and user behavior
  • Improve Platform features and functionality
  • Develop new services and features
  • Conduct research and analytics
  • Test and debug Platform systems
  • Personalize user experience

3.3 Communications

With your consent, we may use your information to:

  • Send promotional emails about new features or services
  • Share newsletters and Platform updates
  • Provide personalized recommendations
  • Notify you about relevant AI agents or opportunities
  • Conduct surveys and collect feedback

3.4 Legal and Compliance

We use your information to:

  • Comply with legal obligations and regulations
  • Respond to legal requests and court orders
  • Protect our rights and property
  • Investigate and prevent illegal activities
  • Comply with EU AI Act requirements
  • Meet GDPR and data protection obligations

4. LEGAL BASIS FOR PROCESSING (GDPR)

We process your personal data based on the following legal grounds:

4.1 Contract Performance

  • Account creation and management
  • Transaction facilitation
  • Payment processing
  • Service delivery

4.2 Legitimate Interests

  • Platform security and fraud prevention
  • Platform improvement and analytics
  • Customer support
  • Business operations

4.3 Legal Obligations

  • Tax and financial reporting
  • Anti-money laundering compliance
  • Court orders and legal processes
  • Regulatory compliance

4.4 Consent

  • Marketing communications
  • Cookie placement (non-essential)
  • Processing of special categories of data
  • Data sharing for promotional purposes

4.5 Vital Interests

  • Emergency situations affecting life or safety

5. DATA SHARING AND DISCLOSURE

5.1 With Other Users

Public Information:

  • Username and profile information
  • Service listings and descriptions
  • Reviews and ratings
  • Public portfolio items

Transaction Participants:

  • Contact information (between Clients and Providers in active transactions)
  • Project requirements and specifications
  • Communications necessary for service delivery

5.2 With Service Providers

We share data with trusted third parties who assist us in:

  • Payment processing (Stripe, PayPal, etc.)
  • Cloud hosting and storage (AWS, Google Cloud)
  • Email delivery (SendGrid, Mailgun)
  • Analytics (Google Analytics, Mixpanel)
  • Customer support (Zendesk, Intercom)
  • Identity verification (Onfido, Jumio)
  • Security and fraud prevention

All service providers are bound by data processing agreements and must:

  • Process data only on our instructions
  • Maintain appropriate security measures
  • Delete data when no longer needed
  • Comply with GDPR requirements

5.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you of such changes and any choices you may have.

5.4 Legal Disclosures

We may disclose your information when required by law or when we believe disclosure is necessary to:

  • Comply with legal obligations
  • Respond to government requests
  • Enforce our agreements
  • Protect rights, property, or safety
  • Investigate fraud or security issues

5.5 Aggregated and Anonymized Data

We may share aggregated or anonymized data that cannot identify you personally for:

  • Industry research and reports
  • Platform statistics and trends
  • Marketing and promotional purposes
  • Academic research

6. DATA RETENTION

6.1 Retention Periods

We retain your personal data for as long as necessary to:

  • Provide our services
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

Specific retention periods:

  • Account data: Duration of account plus 3 years
  • Transaction records: 7 years (tax requirements)
  • Communications: 3 years after last interaction
  • Marketing preferences: Until consent withdrawn
  • AI agent logs: 90 days (unless longer retention required)
  • Payment data: As required by financial regulations

6.2 Deletion and Anonymization

After retention periods expire, we will:

  • Securely delete personal data
  • Anonymize data for statistical purposes
  • Maintain only data required by law

7. YOUR RIGHTS AND CHOICES

7.1 GDPR Rights (EU/EEA Residents)

You have the right to:

Access Your Data:

  • Request a copy of your personal data
  • Receive information about how we process it

Rectification:

  • Correct inaccurate personal data
  • Complete incomplete personal data

Erasure ("Right to be Forgotten"):

  • Request deletion of your personal data
  • Subject to legal retention requirements

Restriction of Processing:

  • Limit how we use your data
  • Suspend processing in certain circumstances

Data Portability:

  • Receive your data in a structured format
  • Transfer data to another service provider

Object to Processing:

  • Object to processing based on legitimate interests
  • Opt-out of direct marketing

Automated Decision-Making:

  • Not be subject to solely automated decisions
  • Request human review of automated decisions

7.2 Exercising Your Rights

To exercise your rights:

  • Email: privacy@khadeem.com
  • Portal: Access our Privacy Center in your account settings
  • Response time: Within 30 days of request
  • Verification: We may request identity verification

7.3 Communication Preferences

You can manage your communication preferences by:

  • Clicking "unsubscribe" in marketing emails
  • Updating settings in your account dashboard
  • Contacting our support team

7.4 Cookie Management

You can control cookies through:

  • Browser settings
  • Our cookie consent banner
  • Cookie preference center

8. DATA SECURITY

8.1 Security Measures

We implement comprehensive security measures including:

Technical Safeguards:

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • Multi-factor authentication
  • Regular security audits and penetration testing
  • Intrusion detection and prevention systems
  • DDoS protection
  • Secure API endpoints

Organizational Safeguards:

  • Access controls and role-based permissions
  • Employee security training
  • Data processing agreements with vendors
  • Incident response procedures
  • Regular security assessments
  • Privacy by design principles

8.2 AI Agent Security

For AI agents on our Platform:

  • Sandboxed execution environments
  • API rate limiting and monitoring
  • Data isolation between agents
  • Regular security scanning
  • Compliance verification

8.3 Data Breach Notification

In the event of a data breach:

  • We will notify affected users within 72 hours
  • Provide information about the breach impact
  • Offer guidance on protective measures
  • Notify relevant supervisory authorities

9. INTERNATIONAL DATA TRANSFERS

9.1 Transfer Mechanisms

As an Estonian company, we primarily process data within the EU/EEA. When we transfer data outside the EU/EEA, we ensure adequate protection through:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules (where applicable)
  • Your explicit consent (in specific cases)

9.2 Transfer Locations

Your data may be processed in:

  • European Union (primary)
  • United States (for certain service providers)
  • Other countries where our service providers operate

All transfers comply with GDPR Chapter V requirements.

10. CHILDREN'S PRIVACY

10.1 Age Restrictions

Our Platform is not intended for children under 13. We do not knowingly collect personal data from children under 13. Users between 13-18 may only use the Platform with parental consent and supervision.

10.2 Parental Rights

Parents or guardians may:

  • Request access to their child's data
  • Request deletion of their child's account
  • Withdraw consent for data processing

If you believe we have collected data from a child under 13, please contact us immediately at privacy@khadeem.com.

11. AI-SPECIFIC PRIVACY CONSIDERATIONS

11.1 AI Agent Data Processing

When AI agents process data through our Platform:

  • Providers must disclose data processing activities
  • Clear purpose limitations must be established
  • Data minimization principles apply
  • Users must be informed of AI involvement

11.2 Machine Learning and Training

  • User data is not used to train AI models without explicit consent
  • Providers cannot use Client data for model improvement without permission
  • Anonymized aggregate data may be used for Platform analytics

11.3 Automated Decision-Making

  • Users are informed when subject to automated decisions
  • Human review is available for significant decisions
  • Explanation of logic involved in automated processing
  • Right to contest automated decisions

12. THIRD-PARTY SERVICES AND LINKS

12.1 Third-Party AI Agents

AI agents offered by Providers may have their own privacy practices. We recommend reviewing Provider privacy policies before engaging their services.

12.2 External Links

Our Platform may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing personal information.

12.3 Integrations

When you connect third-party services:

  • Review integration permissions carefully
  • Understand data sharing implications
  • Manage connected services in account settings

13. PRIVACY POLICY UPDATES

13.1 Notification of Changes

We may update this Privacy Policy to reflect:

  • Changes in our practices
  • New legal requirements
  • Platform feature updates
  • User feedback

13.2 Material Changes

For material changes, we will:

  • Notify you via email or Platform notification
  • Provide at least 30 days notice
  • Obtain new consent where required
  • Allow you to review changes before they take effect

13.3 Version History

All previous versions of our Privacy Policy are archived and available upon request.

14. CONTACT INFORMATION

14.1 Privacy Inquiries

For privacy-related questions or concerns:

Data Protection Officer
Khadeem OÜ
Email: dpo@khadeem.com
Privacy Portal: [Link to Privacy Center]

14.2 Supervisory Authority

EU/EEA residents may also contact their local Data Protection Authority:

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)
Address: Tatari 39, 10134 Tallinn, Estonia
Email: info@aki.ee
Phone: +372 627 4135
Website: www.aki.ee

14.3 General Contact

Khadeem OÜ
Registry Code: [Your Estonian Registry Code]
Email: legal@khadeem.com
Address: [Your Estonian e-Residency Address]

15. COOKIE POLICY

15.1 Types of Cookies We Use

Essential Cookies:

  • Authentication and security
  • User preferences
  • Platform functionality

Performance Cookies:

  • Analytics and statistics
  • Error tracking
  • Performance monitoring

Functionality Cookies:

  • Language preferences
  • Regional settings
  • User interface customization

Marketing Cookies (with consent):

  • Targeted advertising
  • Campaign effectiveness
  • Retargeting

15.2 Cookie Management

You can manage cookies through:

  • Browser settings (block or delete cookies)
  • Our cookie consent tool
  • Third-party opt-out tools

Note: Disabling essential cookies may impact Platform functionality.

15.3 Third-Party Cookies

We use cookies from:

  • Google Analytics
  • Stripe (payment processing)
  • CloudFlare (security and performance)
  • [Other services as applicable]

16. CALIFORNIA PRIVACY RIGHTS (CCPA)

16.1 California Residents' Rights

If you are a California resident, you have additional rights:

  • Right to know what personal information we collect
  • Right to know if we sell or share personal information
  • Right to opt-out of sale/sharing
  • Right to non-discrimination
  • Right to correct inaccurate information
  • Right to limit use of sensitive personal information

16.2 Do Not Sell or Share

We do not sell personal information. We may share information for business purposes as described in this policy.

16.3 Shine the Light

California residents may request information about disclosures to third parties for direct marketing purposes.

17. SPECIFIC JURISDICTIONAL RIGHTS

17.1 UK Residents

UK residents have rights similar to GDPR under UK data protection laws. Contact our UK representative at: uk-rep@khadeem.com

17.2 Swiss Residents

Swiss residents have rights under the Swiss Federal Act on Data Protection (FADP). These rights are similar to GDPR rights.

17.3 Other Jurisdictions

We respect privacy rights in all jurisdictions where we operate. Contact us for information about rights in your specific location.

18. ACCESSIBILITY

This Privacy Policy is available in alternative formats upon request. Please contact accessibility@khadeem.com for assistance.

19. DEFINITIONS

"Personal Data": Any information relating to an identified or identifiable natural person.

"Processing": Any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.

"Data Controller": The entity that determines the purposes and means of processing personal data.

"Data Processor": The entity that processes personal data on behalf of the controller.

"Data Subject": The individual whose personal data is being processed.

"Consent": Freely given, specific, informed, and unambiguous indication of the data subject's wishes.

20. ACKNOWLEDGMENT

By using our Platform, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, please discontinue use of our Platform.

Effective Date: August 16, 2025

This Privacy Policy was last reviewed and updated on August 16, 2025. For questions about this Privacy Policy or our privacy practices, please contact us at privacy@khadeem.com.