Privacy Policy

1. Who we are

ENSI Solutions (“we”, “us”) is a consulting-first technology partner providing advisory, software engineering, cybersecurity and incident readiness services. We are established in the United Arab Emirates. For website and marketing activities we act as a controller. For project delivery, we typically act as a processor on behalf of our Clients.

2. Scope & roles

This Policy applies to personal data processed through our website and in the course of providing Services. We follow the UAE Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (“PDPL”) and its Executive Regulations (Cabinet Decision No. 44 of 2022). Where a Client is established in a free zone (DIFC/ADGM), we also align with those regimes contractually.

3. Personal data we collect

  • Contact data — name, business email, phone, company, role, when you enquire or sign up to meetings.
  • Professional/engagement data — information you provide for proposals, NDAs, SOWs and the delivery of Services.
  • Usage data — device/browser information, pages viewed, timestamps and referring URLs via privacy-respecting analytics (with IP masking where possible).

4. How we use personal data

  • to respond to enquiries, schedule consultations and manage proposals;
  • to perform the Services and provide Deliverables;
  • to maintain security, audit logs and compliance records;
  • to improve our website and Services, and send relevant updates (with opt-out controls).

5. Legal bases under PDPL

  • Consent — for certain marketing and optional cookies;
  • Contractual necessity — to perform a contract or take steps at your request;
  • Legitimate interests — to operate our business, prevent fraud and improve Services, provided your rights are not prejudiced;
  • Legal obligation — to meet applicable laws and regulatory requests.

6. Sharing & international transfers

We do not sell personal data. We may share data with vetted service providers (e.g., secure hosting, communication, analytics) bound by confidentiality and data protection obligations. Transfers outside the UAE will follow PDPL requirements — e.g., to jurisdictions approved by the UAE Data Office, or using appropriate contractual safeguards and/or explicit consent, or where necessary to perform a contract at your request.

7. Security & access approach

We apply layered security and least-privilege access. By default, we do not request direct access to Client production systems; we work with public artefacts, sanitized datasets or materials explicitly provided by the Client. Sensitive data is processed only within the agreed scope and is not used for any other purpose.

8. Retention

Personal data is retained only as long as necessary for the purposes above or as required by UAE law. Project data is returned or deleted at the end of an engagement (unless legal retention applies). Backups are overwritten in line with our retention schedules.

9. Your rights

Subject to PDPL and applicable free-zone rules, you may have rights to access, correct, delete, restrict or object to processing, request portability, and withdraw consent. To exercise rights, contact us using the details below. We will respond within statutory timeframes.

10. Cookies & analytics

We use essential cookies to run the site and, with consent where required, analytics cookies to understand usage and improve content. You can disable non-essential cookies in your browser or via our cookie controls.

11. Children

Our website and Services are intended for business users and are not directed to children under 16.

12. Changes

We may update this Policy from time to time to reflect legal or operational changes.