Privacy Policy

1. Introduction

AML Compass ("we", "us", "our") operates an online assessment platform for UAE-based AML compliance consultants. This Privacy Policy explains what personal data we collect, how we use it, how we store it, and your rights in relation to it.

By using the Platform, you agree to the collection and use of information in accordance with this policy.

2. What Data We Collect

Account Data

When you register for an account, we collect:

• Full name
• Firm name
• Email address
• Phone / WhatsApp number
• Password (stored as a secure hash — never stored in plain text)

Demo Request Data

When you submit a demo request, we collect your name, firm name, email address, and WhatsApp number. This information is used solely to schedule and conduct your demo session.

Assessment Data

When you conduct an assessment on the Platform, you input information about a client firm. This may include the firm's name, answers to structured compliance questions, and the resulting scores and risk outputs. This data is stored against your account to allow you to access your assessment history and download reports.

You are the data controller for any personal or business data you input about your clients. AML Compass acts as a data processor on your behalf. We do not use your clients' data for any purpose other than generating the assessment output for you. We have no direct relationship with your clients and accept no responsibility for how you collect, use, or share their information.

Usage Data

We collect standard technical information when you use the Platform, including browser type, device type, IP address, pages visited, and timestamps. This is used for platform security, debugging, and improving the service.

3. How We Use Your Data

We use the data we collect only for the following purposes:

• To create and manage your account
• To provide access to the Platform and its features
• To send transactional emails (account confirmation, password reset)
• To contact you regarding your demo request or subscription
• To store your assessment history and make it accessible to you
• To maintain the security and performance of the Platform
• To comply with applicable legal obligations

We do not use your data for profiling, behavioural advertising, or any purpose beyond operating the Platform for you.

4. Data Storage & Third-Party Processors

We use a limited number of carefully selected third-party services to operate the Platform:

We do not share your data with any other third parties. We do not sell your data. We do not use your data for advertising or marketing to third parties.

5. Your Responsibility for Client Data

AML Compass is a tool used by consultants to assess third-party businesses (your clients). When you enter data about your clients into the Platform, you are acting as the data controller for that client data. You are solely responsible for:

• Obtaining any required consent from your clients to process their information
• Complying with all applicable data protection laws in relation to your clients' data
• Ensuring the accuracy of the information you enter
• How you use, present, or share assessment outputs with or about your clients

AML Compass accepts no liability for any data protection violation arising from a consultant's use of client data on the Platform.

6. Data Retention

We retain your account data and assessment history for as long as your account is active. If you cancel your subscription or request account deletion, we will delete your personal data within 30 days, unless we are required to retain it for legal or regulatory reasons.

Demo request data is retained for up to 90 days from the date of submission and then deleted.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Object to processing of your data in certain circumstances

To exercise any of these rights, contact us at support@amlcompass.ae. We will respond within 30 days.

8. Cookies

AML Compass uses only functional cookies that are strictly necessary to operate the Platform. These include session cookies that keep you logged in during your session. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies.

9. Data Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. Passwords are hashed and never stored in plain text. All data transmission occurs over encrypted HTTPS connections. However, no method of internet transmission or electronic storage is 100% secure. You use the Platform at your own risk and are responsible for keeping your login credentials confidential.

10. No Sale of Data

We do not sell, rent, trade, or otherwise transfer your personal data or your clients' data to any third party for commercial purposes, ever. Your data is used solely to provide the Service to you.

11. Assessment Outputs Are Not Retained for Our Use

Assessment scores, risk levels, red flags, and report content generated by the Platform belong to you. We store this data to make it accessible to you through your account history. We do not use assessment outputs for any purpose unrelated to providing your account history feature. We do not analyse, aggregate, or share assessment content for any commercial, research, or external purpose.

12. Governing Law

This Privacy Policy is governed by the laws of the United Arab Emirates. Any disputes relating to privacy or data processing shall be subject to the exclusive jurisdiction of the courts of the United Arab Emirates.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. Your continued use of the Platform after changes are posted constitutes your acceptance of the updated policy.

14. Contact

For any questions about this Privacy Policy or to make a data request, contact us at support@amlcompass.ae.