Risk MindBY ARTIFICIAL MIND
Register
PRIVACY

Privacy Policy

Last updated: 24 April 2026

This Privacy Policy explains how Artificial Mind (“Artificial Mind”, “we”, “us”, “our”) collects, uses, discloses and protects personal data processed through the Risk Mind platform and website at www.riskmind.qa (the “Service”).

Artificial Mind is established in Doha, Qatar. This policy is written to meet the requirements of the Qatar Personal Data Privacy Protection Law (Law No. 13 of 2016), and is additionally aligned with the UK GDPR and the EU General Data Protection Regulation (Regulation 2016/679) where those laws apply to you.

1. Who we are and how to contact us

The data controller for the Service is Artificial Mind. For any privacy-related query, data subject request, or complaint, please contact us at:

  • Email: anupam@artificialmind.io
  • Post: Artificial Mind, Lusail Marine Tower 50, Floor 16, Office 03, Building 5, Zone 69, Street 315, Lusail City, Doha, State of Qatar
  • Phone: +974 4040 8953

2. Information we collect

We collect the following categories of personal data:

2.1 Information you provide directly

  • Account registration data (name, work email, organisation, role)
  • Briefing-request data submitted through our forms
  • Authentication credentials and multi-factor authentication tokens
  • Content you upload, input or generate inside the Service, including risk-context documents, analyses and exports
  • Support communications (emails, chat, call notes)

2.2 Information collected automatically

  • Device and browser information (type, operating system, screen resolution)
  • Log data (IP address, access times, pages viewed, referring URLs)
  • Cookies and similar technologies (see section 8)
  • Approximate geolocation derived from IP address
  • Product usage telemetry where you are an authenticated user

2.3 Information from third parties

  • Enrichment data from business-information providers (where lawful)
  • Authentication data from federated identity providers, if you sign in via one
  • Advertising-platform identifiers for campaign measurement (see section 8)

3. How we use personal data

We process personal data for the following purposes:

  • Providing, operating and improving the Service
  • Authenticating users and maintaining account security
  • Responding to briefing requests, enquiries and support messages
  • Sending service communications (incident notices, security alerts, material Service changes)
  • Measuring and improving the performance of marketing campaigns
  • Complying with legal, regulatory and audit obligations applicable to Artificial Mind
  • Detecting, investigating and preventing fraud, abuse and security incidents
  • Establishing, exercising or defending legal claims

4. Legal bases for processing

Where the UK or EU GDPR applies, we rely on the following legal bases:

  • Contract: to provide the Service you or your organisation has contracted for.
  • Legitimate interests: to secure the Service, prevent misuse, understand how the Service is used, and communicate with enterprise prospects in a professional capacity. We balance these interests against your rights and freedoms.
  • Consent: for non-essential cookies and for marketing communications where consent is required.
  • Legal obligation: to comply with applicable laws and regulator requests.

Where the Qatar PDPL applies, we process personal data consistent with the principles set out in that law, including purpose limitation, data minimisation and accuracy.

5. How we share personal data

We do not sell personal data. We share it only with:

  • Service providers acting as processors under written agreements, including cloud-infrastructure, email, analytics, advertising-measurement, and customer-support providers.
  • Sub-processors engaged by our service providers under equivalent protections.
  • Professional advisers (lawyers, auditors, accountants) under confidentiality obligations.
  • Regulators, courts and public authorities where we are legally required to do so.
  • Successor entities in the event of a merger, acquisition, reorganisation or sale of assets, subject to the terms of this policy.

6. International transfers

Personal data may be transferred to and processed in countries other than the country from which it was collected, including Qatar, the United Kingdom, the European Economic Area, the United States, India and Singapore. Where transfers involve jurisdictions that do not provide an adequate level of data protection under applicable law, we implement appropriate safeguards, including Standard Contractual Clauses, Data Transfer Agreements or equivalent mechanisms.

7. Data retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, provide the Service, and comply with our legal, tax and accounting obligations. Retention periods vary by data category. On request, we will provide more specific retention information for the data categories applicable to you.

8. Cookies, advertising and analytics

The Service uses cookies and similar technologies to operate the site, remember preferences, measure usage, and measure the performance of our marketing campaigns.

8.1 Categories of cookies

  • Strictly necessary: authentication, session management, security. These cannot be disabled.
  • Analytics: to understand how the Service is used. We use Google Analytics 4.
  • Advertising and conversion measurement: to measure the performance of our advertising campaigns. We use Google Ads, Microsoft Ads (Bing) and LinkedIn Insight Tag where consent is given or, in jurisdictions where consent is not required, on the basis of legitimate interests.
  • Preferences: to remember language, locale and accessibility preferences.

8.2 Your choices

You can configure your browser to block or delete cookies. Blocking strictly necessary cookies will prevent the Service from functioning. In jurisdictions requiring consent for non-essential cookies, we ask for that consent before setting them.

9. Your rights

Subject to applicable law, you have the following rights in relation to your personal data:

  • Access: request a copy of your personal data.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data.
  • Restriction: request that we limit the processing of your data.
  • Objection: object to processing based on legitimate interests or for direct marketing.
  • Portability: receive your data in a structured, commonly used format.
  • Withdraw consent where processing is based on consent.
  • Complain to your data protection supervisory authority.

To exercise any of these rights, contact anupam@artificialmind.io. We may need to verify your identity before responding.

10. Security

We implement technical and organisational measures designed to protect personal data, aligned to ISO 27001 conventions. These include encryption in transit and at rest, access controls, logging, segregation of duties, vendor risk assessment and staff training. No system is perfectly secure; in the event of a personal data breach affecting your rights, we will notify you and the relevant regulator as required by law.

11. Children

The Service is a business-to-business platform and is not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

12. Artificial intelligence and automated processing

The Service is built around AI reasoning agents. Content you input may be processed by these agents to generate risk analyses, registers and outputs. We do not use customer content to train third-party foundation models without explicit authorisation. Decisions that have legal or similarly significant effects on you are not produced solely by automated means; a human-in-the-loop is required for such decisions.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the “Last updated” date above and, where appropriate, by in-service notice. Continued use of the Service after a change constitutes acceptance of the revised policy.

14. Governing law and jurisdiction

This Privacy Policy is governed by the laws of the State of Qatar. Nothing in this policy restricts rights you may have under mandatory laws that apply to you, including the UK GDPR, the EU GDPR, or the laws of your country of residence.

15. Contact

For any question about this policy, to exercise your rights, or to raise a complaint, contact us at anupam@artificialmind.io. We will respond within the timeframes required by applicable law.