Privacy Policy

This Privacy Policy explains how Locus ("Locus", "we", "us") collects, uses, shares and protects personal data when you use our website, applications and services (the "Services"). We are committed to handling your data in line with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and applicable Dubai regulations.

01Who we are

Locus provides location-intelligence software that helps businesses decide where to operate or invest, using a combination of official public records, licensed datasets and our own modelling. For the purposes of the PDPL, Locus acts as the data controller for personal data you provide to us, and as a data processor where we process data on behalf of business customers under a separate agreement.

02Personal data we collect

Information you give us

• Account & contact data — name, work email, company name, role and phone number.
• Billing data — billing name, country and VAT/TRN where applicable. Card details are processed directly by our payment provider and are never stored on our servers.
• Communications — messages, support requests and demo enquiries you send us.

Information we collect automatically

• Usage data — pages and features used, searches and locations scored, and actions within the Services.
• Device & log data — IP address, browser type, device identifiers, and timestamps.
• Cookies & local storage — used to remember your plan, saved sites and preferences on your device, and measure performance (see Cookies below).

The location and market data used to generate Locus Scores relates to places, not individuals, and is derived from public and licensed sources.

03How we use your data

• To create and manage your account and provide the Services.
• To process subscriptions, payments and invoices.
• To respond to enquiries and provide customer support.
• To improve, secure and develop our Services and models.
• To send service messages and, where permitted, relevant updates — you can opt out of marketing at any time.
• To comply with legal, tax and regulatory obligations in the UAE.

04Lawful basis for processing

Under the PDPL we process personal data where: (a) you have given consent; (b) processing is necessary to perform a contract with you; (c) processing is necessary to comply with a legal obligation; or (d) processing is necessary for our legitimate interests (such as securing and improving the Services), provided these do not override your rights. Where we rely on consent, you may withdraw it at any time.

05Sharing & service providers

We do not sell your personal data. We share it only with trusted processors who help us run the Services, under contracts that require appropriate safeguards, including:

• Payment processing — to take subscription payments securely.
• Cloud hosting & infrastructure — to store and serve the Services.
• Analytics & communications tools — to understand usage and contact you.

We may also disclose data where required by law, regulation or a valid request from a UAE competent authority, or to protect our rights, users and the public.

06Payments

Subscription payments are processed by Stripe, a PCI-DSS Level 1 certified payment provider. When you pay, your card details are submitted directly to Stripe over an encrypted connection; Locus receives only a confirmation and limited billing metadata. Stripe's handling of your data is governed by its own privacy policy. Prices are shown in AED and include applicable UAE VAT (5%).

07International data transfers

Some of our processors may store or process data outside the UAE. Where personal data is transferred internationally, we take steps required by the PDPL to ensure an adequate level of protection, including contractual safeguards with the recipient. By using the Services you acknowledge such transfers where necessary to provide the Services.

08Data retention

We keep personal data only for as long as needed for the purposes set out here — typically for the life of your account and a reasonable period afterward — and longer where required to meet legal, tax or accounting obligations in the UAE. When data is no longer needed, we securely delete or anonymise it.

09Your rights

Subject to the PDPL, you have the right to: access your data; request correction of inaccurate data; request deletion; restrict or object to certain processing; request portability of data you provided; and withdraw consent. You may also lodge a complaint with the UAE Data Office. To exercise any right, email grow@ampliouae.com; we will respond within the period required by law.

10Security

Locus is currently provided as a hosted prototype. The application runs in your browser and is served over encrypted HTTPS connections; your saved sites, reports and preferences are stored locally on your own device (in your browser's storage), not in a Locus account on our servers. As a result we hold very little personal data about you. As we move core features onto a server-based platform, we will apply technical and organisational measures appropriate to the risk — including access controls and least-privilege practices — and will notify you and the relevant authority of a qualifying breach as required by the PDPL. No method of transmission or storage is completely secure.

11Cookies & local storage

We use your browser's local storage to remember your plan, saved sites and preferences on your device, and strictly-necessary cookies to operate core features. We do not currently maintain server-side login sessions. We may use limited analytics to understand and improve performance. You can control cookies and clear local storage through your browser settings; doing so may reset your saved data and affect functionality.

12Children

The Services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

13Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version here with a new "Last updated" date and, where changes are material, take reasonable steps to notify you.

14Contact us

For any privacy question or to exercise your rights, contact our data team:

• Email: grow@ampliouae.com
• Entity: AMPLIO PROJECT DEVELOPMENT CONSULTANT, Dubai, UAE