Privacy Policy

This Privacy Policy describes how Khalifa University Enterprises Company (KUEC) ("KUEC", "we", "us") processes personal information when you use KUEC UVenture ( "UVenture" or the "Platform"). Read it together with our Terms of Service.

UVenture supports university technology transfer and commercialisation. Your organisation may apply additional policies in an institutional workspace.

1. Who is responsible for your data?

KUEC acts as the data controller for personal information processed to provide and secure the Platform, subject to your institution's arrangements in a university tenant workspace.

KUEC is part of the Khalifa University ecosystem. Contact details are in section 14.

2. Information we collect

We collect information you provide and information generated through use of the Platform.

Account and profile

• Name, email address, phone number, and professional details (role, department, organisation).
• Authentication data (password credentials or institution sign-in identifiers).
• Profile preferences, research interests, expertise areas, and optional identifiers such as ORCID.

Research and commercialisation activity

• Projects, invention disclosures, assessments, deals, meetings, documents, and workflow data.
• Comments, messages, notifications, and support correspondence.
• Files and exports you upload or generate on the Platform.

Technical and security

• Session and device information needed to operate and secure the service.
• Audit and email activity records for compliance and troubleshooting.

3. How we use information and our legal bases

We use personal information to:

• Provide, operate, and improve the Platform for your organisation and role.
• Authenticate users and enforce access controls within your tenant workspace.
• Facilitate matching, collaboration, and commercialisation workflows you participate in.
• Send service, security, and support communications.
• Meet legal, regulatory, and institutional obligations (including reporting where enabled).
• Protect the Platform, investigate incidents, and prevent misuse.

Core Platform use is generally based on contract performance, legitimate interests in operating a secure institutional service, and legal obligations. It does not rely on a separate data processing consent toggle in settings.

4. AI processing

Optional AI features (assistant chat, synergy analysis, venture decks, commercial assessments, and related tools) process content you submit in those workflows, including project text, disclosure narratives, and other workspace context.

AI features require explicit consent in Settings → Privacy before model-backed actions run. You may withdraw that consent at any time in the same place. Withdrawal does not affect processing necessary to operate the rest of the Platform.

AI outputs are advisory. You remain responsible for reviewing results before relying on them for legal, regulatory, IP, or commercial decisions.

5. Sharing and confidentiality

We do not sell your personal information. Content is shared within the Platform according to your role, visibility settings, and workflows you or your organisation initiate.

We may share information with:

• Other authorised users in your tenant, as permitted by your role and record visibility.
• Service providers listed in section 6, under contractual safeguards.
• Your institution's identity provider when you use single sign-on.
• Regulators, courts, or authorities when required by applicable law.

6. Service providers

We use trusted suppliers to host, secure, and operate the Platform. They process personal information on our instructions. Their privacy policies:

• Anthropic — AI assistant, assessments, and related model features
• Microsoft — Institution single sign-on and optional Azure-hosted AI services
• Google — Institution single sign-on (Google Workspace)
• Cloudflare — Content delivery, object storage, and infrastructure services
• Sentry — Error monitoring and application diagnostics
• Resend — Transactional email delivery
• Vercel — Application hosting (where deployed)
• Neon — Managed database hosting (where deployed)

Optional integrations

• ORCID — Researcher identifier linking (when you provide an ORCID iD)
• iEdison — US government invention reporting (where enabled for your organisation)

7. Security

We apply technical and organisational measures appropriate to an institutional platform, including encryption in transit, access controls, authentication, and operational monitoring. Please protect your credentials and report suspected compromise promptly.

8. Retention and erasure

We retain personal information while your account is active and as needed to provide the Platform, meet legal obligations, and resolve disputes. Your organisation may configure retention policies for certain record types.

You may request account deletion in Settings → Privacy. Requests are reviewed before anonymisation. Some institutional records may be retained in redacted form where the university must keep a compliance trail. Append-only audit and email activity logs may also be retained as required by law and institutional policy.

9. Your rights

Depending on applicable law (including UAE PDPL and, where relevant, GDPR), you may have the right to access, correct, erase, restrict, or object to certain processing, withdraw AI consent in settings, and lodge a complaint with a supervisory authority.

To exercise rights not available in the app, contact privacy@kuec.ae.

Complaints and regulators

• UAE Data Office — United Arab Emirates data protection framework
• European Data Protection Board — Information on GDPR supervisory authorities in the EU

10. Cookies and similar technologies

We use strictly necessary cookies and similar technologies to keep you signed in, protect sessions, and support institution single sign-on. We do not use a separate marketing or analytics cookie consent banner. You can clear or block cookies in your browser, but essential features may not work without them.

11. International transfers

Personal information may be processed in the United Arab Emirates and in other countries where our service providers operate (including the United States and the European Economic Area). Where required, we rely on appropriate safeguards with subprocessors listed in section 6.

12. Children

The Platform is intended for adults in a professional or academic context. We do not knowingly collect personal information from anyone under 18 years of age.

13. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will change when we do.

14. Contact us

For privacy questions or rights requests: