Privacy Policy

Effective date: 26 April 2026

This Privacy Policy explains how Sefarai FZC LLC ("Sefarai", "we", "us"), a company registered in the Sharjah SPC Free Zone, United Arab Emirates, collects and uses information when you use the Mizan service available at mizan.sefarai.com(the "Service").

We aim to be straightforward: we collect the minimum data needed to operate the Service, we do not sell or share your data with advertisers, and we delete uploaded contracts as soon as they are analyzed.

1. Information We Collect

When you create an account and use the Service, we collect:

  • Account information — email address, full name, profile picture URL, and (if you sign in via Google) your Google account identifier. Stored in our authentication database.
  • Subscription tier — your current plan (Free, Professional, Business, or Enterprise).
  • Usage counters — the number of chat queries and contract analyses you have run in the current billing period, used to enforce plan limits.
  • Payment metadata — Stripe customer ID and subscription ID. Card details are handled directly by Stripe and never reach our servers.
  • Authentication cookies — strictly necessary cookies set by Supabase Auth to keep you signed in. We do not use advertising or tracking cookies.

2. Information We Do Not Store

  • Uploaded contract PDFs. Contracts are written to a temporary file on the server, processed for analysis, and deleted immediately when the response is returned. They are never persisted to a database, object storage, or backup.
  • Contract analysis results. Analysis output is streamed to your browser and not retained on our servers.
  • Chat conversation history. Chat questions and answers are processed in real time and not logged to our database.

If you require a record of past analyses, save the on-screen results yourself before leaving the page.

3. How We Use Your Information

  • To create and authenticate your account.
  • To process your contract and chat requests in real time.
  • To enforce plan limits and bill subscriptions.
  • To respond to support enquiries you send to us.
  • To detect abuse and protect the security of the Service.

We do not use your information for advertising, do not profile you for marketing purposes, and do not sell your data to anyone.

4. Third-Party Services (Sub-Processors)

The Service relies on the following third parties, each of which receives only the data needed to perform its function:

  • Supabase Inc. — hosts the authentication database, user profiles, and usage counters. Privacy policy.
  • OpenAI L.L.C. — processes the text of your contracts and chat questions to generate AI responses. Per OpenAI's API data policy, this data is not used to train OpenAI's models. Privacy policy.
  • Stripe, Inc. — processes subscription payments and stores card data on its own infrastructure. Privacy policy.
  • Google LLC — only if you choose "Sign in with Google". Privacy policy.

5. Data Retention

  • Account information and subscription metadata are retained for as long as your account exists, plus up to 90 days after deletion to satisfy financial-record obligations.
  • Usage counters are retained for the current billing period and rolled over.
  • Uploaded contracts and chat questions are retained only for the seconds required to process them, then deleted.

6. Your Rights

You can:

  • Request a copy of the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Withdraw consent and stop using the Service at any time.

To exercise any of these rights, email contact@sefarai.com from the address registered to your account. We will respond within 30 days.

7. Security

We use HTTPS for all traffic, store passwords hashed via Supabase Auth, and restrict server-side access to the data infrastructure to authorized personnel only. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

8. International Transfers

Some of our sub-processors (OpenAI, Stripe, Supabase, Google) operate servers outside the UAE, including in the United States and the European Union. By using the Service you consent to your information being transferred to and processed in those jurisdictions, subject to the protections each provider implements.

9. Children

The Service is intended for businesses and HR professionals and is not directed at individuals under 18. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this Policy from time to time. The effective date at the top of the page reflects the latest version. Material changes will be highlighted on the Service or sent to your account email where appropriate.

11. Contact

Sefarai FZC LLC
Sharjah SPC Free Zone, Sharjah, United Arab Emirates
Email: contact@sefarai.com
License No.: 4425991.01 · Formation No.: 4425991