Privacy Policy | Fusion-42

Last updated: 11 November 2025

Controller: Fusion Four Two FZ-LLC ("Fusion-42", "we", "us", or "our") — Dubai, United Arab Emirates

1. Scope

This Privacy Policy explains how Fusion-42 FZ-LLC collects, uses, discloses, and protects your personal information when you visit our websites or use our products and services, including Arthur, our AI-powered startup operating system.

This policy applies to all websites, applications, and platforms operated under the fusion-42.com domain (including arthur.fusion-42.com, app.fusion-42.com, and related subdomains).

By using our Services, you consent to the collection and use of your information in accordance with this policy.

2. Information we collect

a) Information you provide

When you interact with us, you may provide:

Name, email address, company, and role
Payment details (processed securely via Stripe)
Files, links, or notes uploaded to our systems (e.g. pitch decks, plans)
Survey responses, event registrations, or support requests
Messages sent via our contact forms, email, or Telegram community

b) Information collected automatically

We automatically collect:

IP address, browser type, device identifiers, operating system
Pages visited, time spent, referring URLs, and usage patterns
Cookies and similar technologies for authentication and analytics

c) Information from integrations (only with your consent)

With your permission, we may collect limited data from: Stripe (billing status), Customer.io / SendGrid (email engagement), Luma (events), Telegram (community), Substack (newsletter analytics), Jiva.ai, AWS, and GCP (infrastructure and AI processing).

You can disconnect or revoke these integrations at any time.

3. How we use your information

We use your personal information to:

Provide and improve our Services and features
Authenticate users and manage access
Communicate updates, events, and support information
Process payments and manage subscriptions
Power AI features responsibly within Arthur
Ensure platform security and prevent misuse
Comply with applicable UAE laws and regulations

We may anonymise or aggregate information to analyse usage trends or improve performance. We never sell your personal data.

4. Legal basis for processing

We rely on one or more of the following lawful bases:

Contractual necessity — to deliver and support your use of our Services
Legitimate interests — to improve functionality and secure operations
Consent — for marketing communications or optional integrations
Legal obligations — to comply with UAE and international requirements

5. Data sharing and disclosure

We share limited information with trusted third parties who help us operate our business:

Purpose	Provider
Payments	Stripe
Email & Messaging	Customer.io, SendGrid, Telegram
Events	Luma
Newsletters	Substack
Hosting / Infrastructure	Amazon Web Services (AWS), Google Cloud Platform (GCP)
AI Infrastructure & Processing	Jiva.ai
Analytics	Google Analytics, PostHog
Authentication	Auth0
Database	RavenDB

All vendors are bound by confidentiality and data-processing agreements and only process data on our instructions. We may also disclose information where required by law or to protect our rights, users, or the public.

6. International transfers

Your data may be stored and processed outside the UAE. We ensure appropriate safeguards — including contractual and technical measures — to maintain a level of protection equivalent to UAE Federal Decree-Law No. 45 of 2021 (PDPL). Our primary hosting regions are provisioned on AWS and GCP; where feasible we use regional data residency and standard contractual safeguards for cross-border transfers.

7. Data retention

We retain your data only as long as necessary:

Account data: while your account is active and up to 12 months after closure
Billing records: 7 years (for compliance)
Analytics and logs: typically 12 months, then anonymised or deleted
Communications: up to 24 months after your last interaction

You may request deletion at any time unless retention is required by law.

8. Cookies

We use cookies to operate our Services and enhance your experience. Essential cookies enable security and login functions. Non-essential cookies (e.g. analytics) are used only with your consent and can be managed via your browser settings.

9. Your rights

Under UAE data-protection laws, you may have the right to:

Access your personal information
Correct inaccurate data
Request deletion of your data
Restrict or object to certain processing
Withdraw consent (where applicable)
Request data portability
Lodge a complaint with the UAE Data Office

To exercise rights, email info@fusion-42.com. We will respond within 30 days and may request identity verification.

10. Security

We implement appropriate technical and organisational measures to protect your information, including:

Encryption in transit and at rest
Role-based access controls
Secure hosting and data segregation
Regular audits and vulnerability checks

While no system is entirely risk-free, we act promptly to address any issues or breaches in accordance with legal obligations.

11. Children's data

Our Services are designed for users 18 years and older. We do not knowingly collect personal data from minors. If a child has provided information, contact us for immediate removal.

12. AI and automated processing

Arthur uses AI to analyse information, generate insights, and recommend actions. These outputs are assistive only. We do not use private user data to train public AI models. Any automated decisions with legal or material impact can be reviewed upon request.

13. Third-party links

Our sites may include links to external services (e.g. Substack, Telegram, Luma). We are not responsible for their privacy practices; please review their policies before sharing information.

14. Updates to this policy

We may update this Privacy Policy periodically. Any major changes will be communicated via email or in-app notice. The date above indicates the latest revision.

15. Contact us

Fusion-42 FZ-LLC
Dubai, United Arab Emirates
Email: info@fusion-42.com