Privacy Policy

SOOMA AI – Privacy Policy

Effective Date: April 17, 2026 · Version 1.1 · DATAVAR Technologies

AI-Powered CRM for Field Sales Teams

1. Introduction and Who We Are

Welcome to SOOMA AI, an AI-powered Customer Relationship Management (CRM) application designed exclusively for field sales teams. SOOMA AI is developed and operated by DATAVAR Technologies ("DATAVAR", "we", "us", or "our"), a company registered in the United Arab Emirates.

This Privacy Policy explains how we collect, use, process, store, share, and protect information about you when you use the SOOMA AI mobile application ("App") and related services (collectively, the "Services"). It also describes your rights and choices regarding your personal data.

By downloading, installing, or using SOOMA AI, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you are using the App on behalf of an organisation, you confirm that you have the authority to agree to this policy on behalf of that organisation.

If you have any questions or concerns about this Privacy Policy, please contact us at legal@soomaai.com or visit www.soomaai.com.

2. Information We Collect

We collect the following categories of information when you use SOOMA AI:

2.1 Account and Registration Information

Full name, email address, and job title
Organisation name, business unit or sales territory
Username, password (stored in encrypted form only), and authentication credentials
Profile photograph (optional)
Subscription plan and billing contact details

2.2 CRM and Sales Data

As a CRM platform, SOOMA AI is designed to store and process business data you or your organisation inputs, including:

Lead and contact information (names, email addresses, phone numbers, company affiliations, job roles)
Deal and opportunity records, pipeline stages, deal values, and close dates
Sales activity logs (calls, meetings, emails, notes, and follow-up tasks)
Interaction history and communication records with prospects and customers
Custom fields and tags created by your organisation
Documents and attachments associated with deals or contacts

2.3 AI-Generated and Derived Data

AI-calculated lead scores and prioritisation rankings
Revenue forecasts and sales performance predictions generated by our AI/ML models
Behavioural patterns and activity trends derived from your usage of the App

2.4 Device and Technical Information

Device type, model, manufacturer, and operating system version (iOS or Android)
App version, unique device identifiers (e.g., Android Advertising ID)
IP address and network type (Wi-Fi / mobile data)
Crash logs, error reports, and diagnostic data
Time zone and locale settings

2.5 Usage and Analytics Data

Features accessed and frequency of use
Navigation patterns and session duration
Interaction events (taps, swipes, Kanban board drag-and-drop actions)
Search queries within the App
App performance metrics

2.6 Information We Do NOT Collect

SOOMA AI does not collect precise GPS location data, access your device camera or microphone, read your contacts or calendar unless explicitly granted permission for a specific integrated feature, or collect biometric data of any kind.

3. How We Use Your Information

We process your information for the following purposes, relying on the lawful bases identified below:

Purpose	Details	Lawful Basis
Service Delivery	Core CRM functionality, authentication, data sync	Contract
AI Lead Scoring	ML models to score and prioritise leads	Legitimate interest / Contract
Revenue Forecasting	Predictive forecasts using historical sales data	Legitimate interest / Contract
Analytics & Dashboards	Leaderboards, KPI dashboards, team performance reports	Contract
Security & Fraud Prevention	Detecting unauthorised access and preventing abuse	Legitimate interest
Product Improvement	Aggregated, anonymised usage analysis to enhance features	Legitimate interest
Research & Development	Using Customer Data to improve AI/ML models, develop new features and products, and advance sales intelligence technology	Legitimate interest / Consent
Legal Compliance	Meeting obligations under UAE law and international regulations	Legal obligation
Communications	Service notifications, updates, and (with consent) marketing	Consent / Legitimate interest

4. AI and Machine Learning Data Processing

SOOMA AI incorporates artificial intelligence (AI) and machine learning (ML) technologies as core features of the platform. We are committed to transparent and responsible AI use.

4.1 How Our AI Works

Our AI engine analyses historical sales data, deal outcomes, activity logs, and interaction frequency to produce lead scores, deal prioritisation rankings, and revenue forecasts. These models are trained on aggregated, pseudonymised datasets derived from the App's usage.

4.2 Data Used for AI Processing

CRM data you input (lead records, deal values, pipeline stages, activity logs)
Temporal patterns (e.g., response times, follow-up frequency, deal progression speed)
Outcome data (won/lost deals, conversion rates) used as training signals

4.3 Automated Decision-Making

AI-generated lead scores and forecasts are provided as informational recommendations to assist sales professionals in making decisions. SOOMA AI does NOT make fully automated decisions that produce legal or similarly significant effects without human oversight. All AI outputs are advisory in nature.

4.4 AI Model Improvement and Research & Development

We may use aggregated and anonymised usage data to improve the accuracy and performance of our AI models. In addition, by using SOOMA AI, you acknowledge and agree that all CRM data, lead information, deal records, contact data, and other business data that you or your Organisation input into SOOMA AI ("Customer Data") may be used by DATAVAR Technologies for research and development ("R&D") purposes, including but not limited to improving AI/ML models, developing new features and products, conducting data analysis, and advancing the state of the art in sales intelligence technology. Such R&D use may involve processing Customer Data in aggregated, anonymised, or pseudonymised form. DATAVAR Technologies will implement appropriate technical and organisational safeguards to protect Customer Data used for R&D purposes.

4.5 Your Rights Regarding AI Processing

You have the right to request an explanation of how an AI-generated score or recommendation was produced. You may also request that AI-derived insights about you be reviewed by a human member of our team. To exercise these rights, contact legal@soomaai.com.

5. Data Sharing and Third Parties

We do not sell your personal data. We may share information only as described below:

5.1 Within Your Organisation

SOOMA AI is an enterprise CRM tool. Your data is visible to other authorised users within your organisation's account, including managers who have access to team leaderboards, KPI dashboards, and pipeline views. Access is controlled by your organisation's administrator.

5.2 Service Providers and Sub-Processors

We engage trusted third-party service providers who process data on our behalf under strict contractual obligations. These include:

Cloud infrastructure providers (secure hosting and data storage)
Authentication service providers (secure login and session management)
Analytics providers (aggregated, anonymised usage analytics)
Customer support software providers
Email delivery services (for transactional notifications)

We require all sub-processors to implement appropriate technical and organisational security measures and to process data solely for the purposes we specify.

5.3 Legal Requirements

We may disclose your information if required to do so by UAE law, court order, regulatory authority, or government request, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of DATAVAR Technologies, our users, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, asset sale, or corporate restructuring, user data may be transferred to the successor entity. We will notify affected users via email or prominent App notice at least 30 days prior to any such transfer where required by law.

5.5 No Sale of Personal Data

DATAVAR Technologies does not sell, rent, or trade personal data to advertisers, data brokers, or any other third parties for their independent commercial use. This applies to all users, including California residents under the CCPA.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, to provide the Services, and to comply with our legal obligations.

Data Category	Retention Period
Account Information	Subscription duration + 12 months after account closure
CRM & Sales Data	Subscription duration + 6 months after account closure
AI Scores & Forecasts	Active subscription period; anonymised thereafter
Device & Technical Logs	90 days
Usage Analytics	12 months identifiable; anonymised thereafter
Billing Records	7 years (UAE tax and commercial law obligation)

Upon account deletion, we will delete or anonymise your personal data within 30 days, except where retention is required by law. You may request data deletion at any time as described in Section 7.

7. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

7.1 Rights Under GDPR (EEA, UK and Related Jurisdictions)

Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete data.
Right to Erasure (‘Right to be Forgotten’): Request deletion of your personal data.
Right to Restriction: Request that we limit processing of your data in certain circumstances.
Right to Data Portability: Receive your data in a structured, machine-readable format.
Right to Object: Object to processing based on legitimate interests or for direct marketing.
Right Not to be Subject to Automated Decision-Making: Request human review of AI-generated recommendations.
Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time.

7.2 Rights Under CCPA (California Residents)

Right to Know: Request disclosure of personal information collected in the preceding 12 months.
Right to Delete: Request deletion of personal information we have collected.
Right to Opt-Out of Sale: We do not sell personal data. No opt-out action is required.
Right to Non-Discrimination: You will not be discriminated against for exercising your CCPA rights.
Right to Correct: Request correction of inaccurate personal information.
Right to Limit Use of Sensitive Personal Information: Contact us to limit use of sensitive data.

7.3 How to Exercise Your Rights

To exercise any of the rights above, submit a written request to legal@soomaai.com. We will respond within 30 days (GDPR) or 45 days (CCPA) of receiving a verified request. We may need to verify your identity before processing your request. There is no charge for exercising your rights in most circumstances.

7.4 Complaints

If you believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with the competent data protection supervisory authority in your jurisdiction. For UAE residents, you may contact the UAE Data Office. For EEA residents, contact your local Data Protection Authority.

8. Security Measures

We implement comprehensive technical and organisational security measures to protect your data against unauthorised access, loss, destruction, or alteration.

8.1 Technical Safeguards

Encryption at rest using industry-standard AES-256 encryption
Encryption in transit: all data is transmitted exclusively over HTTPS/TLS
Secure credential storage using platform secure storage mechanisms such as iOS Keychain and Android Keystore
API authentication using secure, time-limited tokens
Regular automated vulnerability scanning and penetration testing
Intrusion detection and real-time security monitoring

8.2 Organisational Safeguards

Role-based access controls ensuring minimum necessary data access for all personnel
Regular security training and awareness programmes for all staff
Confidentiality obligations for all employees and contractors with access to user data
Documented incident response and data breach notification procedures

8.3 Data Breach Notification

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and will notify affected users without undue delay as required by applicable law.

9. International Data Transfers

DATAVAR Technologies is headquartered in the UAE. If you are located outside the UAE, your data may be transferred to and processed in the UAE or other countries where our service providers operate. We ensure that any such international transfers are subject to appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission where applicable, or other lawful transfer mechanisms. By using the App, you consent to such transfers in accordance with this Privacy Policy.

10. Children's Privacy

SOOMA AI is an enterprise B2B application intended exclusively for professional use by adults (aged 18 and over) who are authorised employees or contractors of business organisations. We do not knowingly collect personal data from individuals under the age of 18.

If you become aware that a minor has provided us with personal information without appropriate consent, please contact us immediately at legal@soomaai.com and we will take steps to delete such information promptly.

11. Third-Party Links and Integrations

SOOMA AI may integrate with or contain links to third-party services, applications, or websites. These third parties have their own privacy policies, and we are not responsible for their data practices. We encourage you to review the privacy policies of any third-party service you connect to SOOMA AI.

12. Cookies and Tracking Technologies

As native iOS and Android applications, SOOMA AI does not use browser cookies. However, we may use:

Mobile analytics SDKs to collect anonymised usage data
Firebase Crashlytics or equivalent crash reporting tools
Locally stored tokens for authentication persistence (secured via Android Keystore)

You can control analytics data collection through the App's Privacy Settings menu. Disabling analytics will not impair core CRM functionality.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

Displaying a prominent notice within the SOOMA AI App
Sending an email notification to the registered administrator of your organisation's account
Updating the “Effective Date” at the top of this policy on our website at https://www.soomaai.com/privacy

Your continued use of the App after the effective date of any changes constitutes acceptance of the updated policy. If you do not agree to any material changes, you must discontinue use of the App and contact legal@soomaai.com to close your account.

14. Contact Information

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:

Company	DATAVAR Technologies
Privacy Contact	Data Privacy Team
Email	legal@soomaai.com
Website	https://www.soomaai.com
Privacy Policy URL	https://www.soomaai.com/privacy
Address	United Arab Emirates

We are committed to resolving any complaints about our collection or use of your personal data. If you contact us, we will endeavour to respond to you promptly and, in any case, within the timeframes required by applicable data protection law.

Back to SOOMA AI