Privacy Policy

1. Who we are and our roles

For our website, sales, billing, administration, security and vendor management, we generally act as a controller of personal data. When we process Customer Data inside a paid customer workflow on your behalf, we generally act as a processor/service provider under the Data Processing Addendum.

2. Personal data we collect

Depending on how you interact with us, we may collect website and device data, contact and sales data, booking details, billing and account data, Customer Data processed for services, and support or operations data such as tickets, approvals, quality checks, audit logs and troubleshooting information.

Customer Data may include documents, workflow records, CRM fields, messages, conversation histories, task data, contact lists, suppression lists and connected-system metadata.

3. How we use personal data

We use personal data to operate the website, respond to enquiries, book calls, prepare proposals, provide and improve services, configure workflows, monitor quality, secure systems, manage billing, comply with law, enforce our terms and protect customers, recipients and our business.

4. B2B marketing and opt-outs

We may contact business representatives about Shifter where permitted by applicable law. We aim to use professional, relevant and non-deceptive outreach and to honour unsubscribe, STOP, do-not-contact and objection requests that are made known to us. Customers using Shifter for outreach workflows remain responsible for lawful basis, consent, suppression lists and compliance for their own campaigns.

5. Sharing and subprocessors

We may share data with personnel, contractors, advisors, hosting providers, communications providers, booking tools, payment or billing providers, AI providers, CRM/spreadsheet/workflow tools, analytics or logging tools, and other providers needed to deliver or secure the service. Public subprocessor information is maintained on the Subprocessors page.

We do not intentionally sell Customer lead data. We do not intentionally use Customer Personal Data to train third-party public AI models unless expressly agreed or the provider terms/settings support no-training for that data.

6. AI providers and automated tools

Shifter may use AI model providers and automated tools to summarise, draft, classify, route, research, analyse or otherwise support workflows. AI outputs may be inaccurate or incomplete and should be reviewed appropriately, especially before external or high-impact use.

7. International transfers

We operate from the United Arab Emirates and may use service providers or customer-selected systems in other countries. Where required, we use contractual, technical and organisational safeguards appropriate to the nature of the processing and applicable data protection law, including the UAE Personal Data Protection Law where relevant.

8. Privacy rights

Depending on where you are located and the applicable law, you may have rights to access, correct, delete, restrict, object to or receive a copy of certain personal data. You may also have the right to complain to a data protection authority. To exercise rights, contact legal@agentsdub.ai. For Customer-controlled data, we may refer the request to the relevant Customer.

9. Retention, security and changes

We retain personal data for as long as reasonably needed for the purposes above, including service delivery, records, security, legal, tax, dispute and backup requirements. Operational Customer Data is generally returned or deleted within 90 days after contract end unless the Customer asks otherwise or legal, platform, security, backup or dispute requirements require longer retention.

We use reasonable administrative, technical and organisational measures designed to protect data. No internet, cloud, AI, messaging or integration system is perfectly secure. We may update this policy from time to time and post the updated version here.