Privacy Policy

1. Who We Are & Applicable Law

The DouJou platform is owned and operated by AgileCatalyst.AI Ltd ("we", "us"), incorporated in the Dubai International Financial Centre (DIFC), Dubai, UAE. We operate the website doujou.ai and the DouJou enterprise AI platform. We are the data controller for personal data processed through our website and marketing activities.

This policy is issued in compliance with the DIFC Data Protection Law 2020 (DIFC Law No. 5 of 2020) and its accompanying regulations, which is our primary applicable law as a DIFC-registered entity. Where we serve individuals in the European Economic Area (EEA) or the United Kingdom, we additionally apply GDPR-equivalent standards as set out in this policy.

We do not currently meet the threshold requiring mandatory appointment of a Data Protection Officer (DPO) under DIFC DP Law 2020. All privacy enquiries are handled directly at compliance@agilecatalyst.ai.

2. Data We Collect

  • Contact & registration data — name, email address, company, and role when you sign up, contact us, or register for platform access.
  • Usage data — pages visited, session duration, referral source, browser type, and IP address, collected via analytics tools.
  • Platform usage data — aggregated and anonymised feature usage metrics used to improve the product. Client data processed within the platform under a data processing agreement is governed by that agreement, not this policy.

3. How We Use Your Data

  • To provide access to the platform and respond to your enquiries.
  • To manage your account and pilot or subscription relationship.
  • To improve platform features and website experience.
  • To send product updates and relevant communications where you have provided consent or where we have a legitimate interest.
  • To comply with legal and regulatory obligations under DIFC law.

4. Processing Conditions (DIFC DP Law 2020) & Legal Bases (GDPR)

Under the DIFC Data Protection Law 2020, we process personal data on the following conditions, which also correspond to GDPR lawful bases for EEA/UK individuals:

  • Performance of a contract — processing necessary to deliver platform access or respond to your requests.
  • Legitimate interests — analytics, platform security, and business communications, where these do not override your rights and freedoms.
  • Consent — marketing communications. You may withdraw consent at any time by emailing us or using the unsubscribe link in any communication.
  • Legal obligation — where required by applicable DIFC or UAE law.

5. Data Retention

Account and contact data is retained for the duration of your relationship with us plus three (3) years. Data processed as a data processor under a client agreement is retained per that agreement. Analytics data is retained for up to 26 months.

6. Third-Party Tools & International Transfers

We use infrastructure and analytics providers that may process data outside the DIFC or EEA. Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or transfers to jurisdictions recognised as providing adequate protection. We do not sell personal data to third parties.

7. Your Rights

Under the DIFC Data Protection Law 2020, you have the right to: access your personal data; request correction of inaccurate data; request deletion in certain circumstances; object to processing based on legitimate interests; and request portability of data you have provided to us in structured, machine-readable form.

If you are in the EEA or UK, you additionally have the right to restrict processing and to withdraw consent where processing is based on consent.

To exercise any of these rights, contact compliance@agilecatalyst.ai. We will respond within 30 days.

8. Security

We implement industry-standard technical and organisational measures to protect personal data. The DouJou platform is designed for sovereign VPC deployment to minimise data exposure. If you believe your data has been compromised, contact us immediately at compliance@agilecatalyst.ai.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the DIFC Commissioner of Data Protection without undue delay and, where feasible, within 72 hours of becoming aware of the breach, as required by DIFC DP Law 2020. Where the breach poses a high risk to affected individuals, we will also notify those individuals without undue delay.

10. Cookies

We use essential cookies for site operation and, where you consent, analytics cookies. You can manage cookies through your browser settings at any time.

11. Complaints

If you are located in the DIFC or UAE, you have the right to lodge a complaint with the DIFC Commissioner of Data Protection. If you are in the EEA, you may contact your national data protection supervisory authority. We would appreciate the opportunity to address your concerns directly first — please contact us at compliance@agilecatalyst.ai.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date and notify you of material changes via email or a website notice at least 14 days before they take effect.

13. Contact & Data Controller

AgileCatalyst.AI Ltd (operating as DouJou)
DIFC, Dubai, United Arab Emirates
compliance@agilecatalyst.ai