SOOMA AI is built for UAE-resident enterprise and government-adjacent customers, with data hosted in the GCC region under UAE PDPL.
Customer data — leads, contacts, organisation rosters, conversation transcripts, invoice records — is stored in our Supabase Postgres cluster hosted in AWS Middle East (me-south-1, Bahrain). This is the GCC region closest to UAE customers and meets UAE PDPL data-residency expectations for transactional CRM data. AI inference uses Anthropic models (US-region); transcript text crosses borders for processing only and is not retained by Anthropic per their zero-retention agreement.
We support the rights granted under UAE Federal Decree-Law No. 45 of 2021 (PDPL): right to access, right to rectification, right to erasure, right to restrict processing, and right to data portability. Data subjects may exercise these rights by contacting privacy@sooma.ai; we respond within 30 days.
| Sub-processor | Purpose |
|---|---|
| Supabase (AWS me-south-1, Bahrain) | Database hosting |
| Vercel (EU & global edge) | Application hosting |
| Anthropic (US) | AI inference for lead scoring & summarisation |
| Resend (US) | Transactional email delivery |
| Expo (US) | Mobile push notifications |
We notify customers at least 30 days before adding a new sub-processor. Customers may object in writing and we will work with them on alternatives or contract termination if no resolution is reached.