Privacy Policy

Last updated: July 6, 2026

This Privacy Policy explains how Alghaya Alshabakiya Company for Artificial Intelligence, operating under the brand name Gaia (“Gaia”, “we”, “our”, or “us”), collects, uses, stores, and protects personal data when you visit our website, contact us, request a demo, or interact with our services.

Gaia is an enterprise AI platform built to help organizations search, understand, and act on their internal knowledge securely. We are committed to protecting personal data and handling it responsibly, transparently, and in accordance with applicable data protection requirements, including the Personal Data Protection Law of the Kingdom of Saudi Arabia where applicable.

1. Scope of this Policy

This Privacy Policy applies to personal data collected through:

  • Our website
  • Contact forms
  • Demo requests
  • Marketing communications
  • Business inquiries
  • Events, meetings, and sales interactions
  • Website analytics and cookies

This Privacy Policy does not replace the separate contractual terms, data processing agreements, or enterprise customer agreements that may apply when an organization uses Gaia’s platform. When Gaia processes customer data on behalf of an enterprise customer, Gaia may act as a data processor or service provider under the relevant agreement with that customer.

2. Information We Collect

We may collect the following types of information:

Information you provide directly

  • Name
  • Work email address
  • Phone number
  • Company name
  • Job title
  • Industry
  • Country or region
  • Message content submitted through forms
  • Demo or sales inquiry details
  • Any information you choose to share with us

Information collected automatically

When you visit our website, we may collect technical and usage information such as:

  • IP address
  • Browser type
  • Device type
  • Operating system
  • Pages visited
  • Time spent on pages
  • Referral source
  • Approximate location based on IP address
  • Cookie and analytics identifiers

Enterprise customer and product-related data

If your organization uses Gaia’s platform, the types of data processed may depend on the customer’s configuration and connected systems. This may include enterprise documents, metadata, user information, access permissions, activity logs, search queries, prompts, responses, and audit records.

Gaia does not use enterprise customer data for unrelated purposes. Customer data is handled according to the customer agreement, applicable security controls, and agreed deployment model.

3. How We Use Personal Data

We may use personal data to:

  • Respond to inquiries and demo requests
  • Provide information about Gaia’s products and services
  • Manage sales, partnership, and customer relationships
  • Improve our website and user experience
  • Understand website performance and visitor interest
  • Send relevant business communications, where permitted
  • Maintain security and prevent misuse
  • Comply with legal, regulatory, and contractual obligations
  • Support product delivery, administration, auditability, and security for enterprise customers

4. Legal Basis for Processing

Where applicable, we process personal data based on one or more lawful grounds, including:

  • Your consent
  • Our legitimate business interests
  • Performance of a contract or pre-contractual steps
  • Compliance with legal or regulatory obligations
  • Protection of security, fraud prevention, and system integrity

5. Cookies and Analytics

Our website may use cookies and similar technologies to improve functionality, measure performance, and understand how visitors use the website.

Cookies may help us:

  • Remember preferences
  • Analyze website traffic
  • Improve page performance
  • Measure marketing effectiveness
  • Protect the website from misuse

You can manage or disable cookies through your browser settings. Some website features may not work properly if cookies are disabled.

6. How We Share Personal Data

We do not sell personal data.

We may share personal data with trusted third parties only when necessary, such as:

  • Website hosting providers
  • Cloud infrastructure providers
  • Analytics and security tools
  • CRM and communication tools
  • Professional advisors
  • Regulators, authorities, or legal bodies where required
  • Service providers supporting Gaia’s operations

Where we use service providers, we require them to handle personal data securely and only for authorized purposes.

7. Data Sovereignty and International Transfers

Gaia is designed with Saudi data sovereignty and enterprise control in mind.

For enterprise deployments, data location and hosting depend on the deployment model agreed with the customer. Gaia may support Saudi cloud, customer-owned cloud, private VPC, or on-premise deployment models.

If personal data is transferred outside the Kingdom of Saudi Arabia, we will apply appropriate safeguards and comply with applicable legal and regulatory requirements, including requirements related to personal data transfers where applicable.

8. Data Security

We apply organizational, technical, and administrative measures designed to protect personal data from unauthorized access, loss, misuse, alteration, or disclosure.

These measures may include:

  • Access controls
  • Encryption where appropriate
  • Authentication and authorization controls
  • Audit logging
  • Tenant separation
  • Role-based permissions
  • Secure infrastructure practices
  • Monitoring and incident response processes
  • Vendor and access management controls

No system can be guaranteed to be completely secure, but we work to protect personal data using appropriate safeguards based on the nature of the data and processing activity.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required by law, regulation, contractual obligation, dispute resolution, or legitimate business need.

For enterprise customers, retention of customer data is governed by the applicable customer agreement, deployment configuration, and agreed retention settings.

10. Your Rights

Depending on applicable law, you may have rights in relation to your personal data, including the right to:

  • Be informed about how your personal data is collected and used
  • Access your personal data
  • Request a copy of your personal data in a clear and readable format
  • Request correction of inaccurate, incomplete, or outdated personal data
  • Request deletion or destruction of personal data where applicable
  • Withdraw consent where processing is based on consent
  • Object to certain processing activities where applicable
  • Submit a complaint to the relevant authority

To exercise your rights, contact us using the details below. We may need to verify your identity before responding to your request.

11. Enterprise Customer Data

When Gaia is used by an organization, access to information inside the platform is controlled by that organization’s permissions, identity systems, and connected data sources.

Gaia is designed to preserve enterprise access controls so users only access information they are authorized to view. Product usage may generate logs, audit records, prompts, responses, retrieval activity, and system events for security, debugging, compliance, and service improvement purposes, subject to the applicable customer agreement.

12. Marketing Communications

If you choose to receive communications from us, we may send you product updates, event information, or relevant business content.

You may opt out of marketing communications at any time by using the unsubscribe link in our emails or contacting us directly.

We may still send non-marketing communications related to active business relationships, service updates, security notices, or legal matters.

13. Children’s Privacy

Gaia’s website and services are intended for business and enterprise use. They are not directed to children, and we do not knowingly collect personal data from children through our website.

14. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices, content, or security of third-party websites. We encourage you to review their privacy policies before sharing personal data.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, services, legal requirements, or privacy practices.

When we update this Policy, we will revise the “Last updated” date above. Material changes may be communicated through appropriate channels where required.

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, you can contact us at:

Alghaya Alshabakiya Company for Artificial Intelligence

Brand: Gaia

Kingdom of Saudi Arabia

For general inquiries: info@gaia.sa