Privacy Policy

 

**Last updated:** 14 June 2026

**Effective date:** 14 June 2026

This Privacy Policy explains how **Disrupt-X** (“we”, “us”, “our”) collects, uses, stores, and protects your information when you use the **ALEF 360° HSEQ** mobile application (the “App”) on iOS and Android.

ALEF 360° HSEQ is an **enterprise Health, Safety, Environment and Quality (HSEQ) management tool**. It is provided to you by your employer or organization (“your Organization”) under a business account. Access requires an active organizational account; the App is **not intended for personal or consumer use**, and is **not directed at children under the age of 16**.

—

The App is published by **Disrupt X FZCO** (“Disrupt-X”).

In most cases your **Organization is the data controller** of the HSEQ records you create in the App (incidents, tickets, assets, templates, and related content), and Disrupt-X acts as a **data processor** on the Organization’s behalf. Where Disrupt-X determines the purposes of processing (for example, account security and product analytics), Disrupt-X acts as a controller for those limited purposes.

If you have questions about how your Organization uses your data, contact your Organization’s administrator. For questions about the App itself, contact us using the details in Section 12.

—

We collect only the information needed to provide HSEQ functionality.

### 2.1 Information you provide

– **Account & profile data** — name, email address, username, job title, profile photo, and the organization/site you belong to.

– **Authentication data** — credentials used to sign in (including via your Organization’s single sign-on, where configured).

– **HSEQ content you create** — tickets and board records (incidents, near-misses, hazards, audits, inspections, corrective/preventive actions, management reviews, management of change, job safety analyses), asset records, templates, and response-set selections.

– **Attachments** — photos, files, and digital signatures you add to tickets and records.

– **Voice input** — audio you record when you use the AI Agent’s voice feature.

– **Communications** — messages and questions you send to the in-app AI Agent, and any support requests you send to us.

### 2.2 Information collected automatically

– **Device & technical data** — device model, operating system version, app version, language, and time zone.

– **Diagnostics & usage data** — crash reports, performance data, and basic usage events used to keep the App stable and improve it.

– **Identifiers** — a user/account identifier and, where applicable, an installation identifier used for security and diagnostics.

### 2.3 Camera, photos, microphone, and location

– **Camera & Photos** — accessed only when you choose to capture or attach a photo to a record. We do not access your photo library in the background.

– **Microphone** — accessed only while you actively use the AI Agent voice input.

– **Location** — if you grant permission, approximate or precise location may be attached to a record you create (for example, an incident location). Location is collected only at the moment you add it; the App does not track your location in the background.

You can grant or revoke these permissions at any time in your device settings.

—

We use the information above to:

– Provide, operate, and secure the App and your HSEQ workspace.

– Create, route, and resolve tickets and records across boards.

– Store and display attachments, assets, templates, and response sets.

– Process your requests to the AI Agent and return responses or perform actions you confirm.

– Authenticate you and protect against unauthorized access and abuse.

– Diagnose problems, fix bugs, and improve performance and reliability.

– Comply with legal obligations and enforce our agreements.

We do **not** use your HSEQ content or attachments for advertising, and we do **not** sell your personal data.

—

The App includes an **AI Agent** that helps you find information, create and update records, and answer questions.

– When you interact with the AI Agent, the text or voice input you provide, along with relevant HSEQ context, is processed to generate a response.

– The AI Agent operates under a **confirm-before-act** model for actions that change data — it asks for your confirmation before creating or modifying records.

– Your inputs to the AI Agent are processed to provide the feature and are handled under the same protections described in this policy. We do **not** use your private HSEQ content to train third-party public AI models.

—

We share information only as needed to run the service:

– **Within your Organization** — your records and activity are visible to authorized members of your Organization according to the roles and permissions your administrators configure.

– **Service providers (processors)** — trusted vendors that provide hosting, cloud storage, crash/diagnostics reporting, and AI processing on our behalf, under contractual confidentiality and security obligations.

– **Legal & safety** — when required by law, regulation, legal process, or to protect the rights, property, or safety of users, the public, or Disrupt-X.

– **Business transfers** — in connection with a merger, acquisition, or asset sale, subject to this policy.

We do **not sell** personal data, and we do **not share** it with third parties for their own marketing.

—

– **Security** — we use industry-standard measures including encryption in transit, access controls, and role-based permissions to protect your data. No method of transmission or storage is 100% secure, but we work to protect your information.

– **Retention** — HSEQ records are retained for as long as your Organization maintains its account or as required by applicable law and regulatory recordkeeping obligations. Diagnostics data is retained for a limited period needed to maintain and improve the App.

– **Deletion** — when data is no longer needed, it is securely deleted or anonymized.

—

Depending on your location (for example, under GDPR, UAE PDPL, or similar laws), you may have the right to:

– Access the personal data we hold about you.

– Correct inaccurate data.

– Request deletion of your data.

– Object to or restrict certain processing.

– Request a copy of your data in a portable format.

– Withdraw consent where processing is based on consent.

Because your Organization usually controls your HSEQ records, please direct requests about that content to your Organization’s administrator. For requests we can action directly, contact us using Section 12. We will respond within the timeframe required by applicable law.

—

You can request deletion of your account and associated personal data.

Account deletion is handled through the **ALEF 360° HSEQ web platform**, not the mobile app:

– **On the web:** sign in at **https://cloud.hseq.alef360.io**, open your account settings, and select **Delete account** to request deletion of your account.

– **By email:** if you cannot access the platform, send a deletion request to **[email protected]** from your account email address and we will action it.

Because ALEF 360° HSEQ is an organization-managed product, your Organization’s administrator may need to authorize or perform the deletion on your behalf. Some records may be retained where required by law or for legitimate recordkeeping (for example, regulatory HSEQ audit obligations); we will delete or anonymize the remainder.

—

Your information may be processed and stored in countries other than your own, including where our service providers operate. Where data is transferred across borders, we use appropriate safeguards consistent with applicable law to protect it.

—

The App is a workplace tool intended for use by employees of our customer organizations. It is **not intended for or directed at children under the age of 16**, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

—

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you in the App or by other means. Your continued use of the App after an update constitutes acceptance of the revised policy.

—

If you have questions, requests, or concerns about this Privacy Policy or your data:

– Disrupt X FZCO

– Privacy: [email protected]

– Support: [email protected]