NM
Ratify™ Privacy Policy
Last Updated: February 2026
This Privacy Policy explains how RATIFY TECHNOLOGIES FZCO and its affiliates (collectively, "Ratify," "we," or "us") collect, use, disclose, and protect personal data when you use the Ratify platform, website, apps, APIs, and related services (the "Platform").
Ratify is a secure technology platform that connects users with independent Partner Law Firms for document verification and contract review services. Ratify is not a law firm and provides no legal advice.
By using the Platform, you accept this Privacy Policy.
1. WHO WE ARE AND SCOPE
Controller
RATIFY TECHNOLOGIES FZCO
Unit No: UT-12-CO-196 DMCC Business Centre Level No 12 Uptown Tower
Dubai, United Arab Emirates
Contact
This Policy applies to Platform users, visitors, clients, prospective customers, and business partners. It does not apply to services provided directly by Partner Law Firms, which have their own privacy and professional obligations.
Key Definitions
"Partner Law Firm": independent third-party law firm providing verification and review services.
"Platform": Ratify website, apps, APIs, and services.
"Document Session Data": uploaded documents, analysis, voice notes, and related content subject to 24-hour deletion.
"Business Metadata": non-document information such as contract type, risk scores, and usage patterns that may be retained permanently.
Ratify acts solely as a technology conduit to securely transmit documents to Partner Law Firms. Partner Law Firms are independent, exercise their own judgment, and are solely responsible for verification services. Ratify does not provide legal services or advice.
INFORMATION WE COLLECT
2.1 Account Information You Provide
When you create an account or use our services, you provide:
Name, email address, and phone number
Account credentials (password hash)
Payment and billing information
Communications with our support team
2.2 Optional Profile Information
To personalize your experience, you may optionally provide:
Company name
Industry or business sector
Company size (e.g., 1-10, 11-50, 51-200, 200+ employees)
Your role or job title
Location (Emirate or city)
Residency status (UAE National, UAE Resident, or Non-resident)
We do not collect nationality, date of birth, or government identification numbers unless required for specific identity verification purposes.
2.3 Document Session Data (Ephemeral)
When you submit documents for review, we temporarily process:
Uploaded contracts and agreements
Voice notes and context recordings
AI analysis and risk assessments
Lawyer review notes and redlines
This Document Session Data is stored in an encrypted vault and automatically deleted within 24 hours of service completion. See Section 4 for details.
2.4 Business Metadata (Retained)
We collect and retain non-document metadata to provide and improve our services:
Contract type (e.g., NDA, employment, lease, service agreement)
Selected jurisdiction (UAE Mainland, DIFC, ADGM, Other)
Risk appetite selection (Protected, Balanced, Aggressive)
Contract health scores (numerical scores only, no clause content)
Risk counts (number of high, medium, low risks identified)
Decision patterns (whether you accepted, changed, or questioned items)
Value band (ranges such as under AED 10K, 10-50K, etc., not exact amounts)
Features used (voice notes, explanations, amendment rounds)
Urgency tier selected
Session timestamps and completion status
This metadata does not include any actual contract content, party names, or specific clause language.
2.5 Information Collected Automatically
IP address, device identifiers, browser type
Usage patterns and navigation data
Security and access logs
Referral source (how you found us)
2.6 Information from Third Parties
Payment processors (transaction confirmation)
Identity verification services (where we use independent third-party providers for this purpose, your data is processed by them in accordance with their own privacy policies; we are not responsible for their data practices)
Analytics and infrastructure services
3. PURPOSES OF PROCESSING
We process personal data to:
Operate and provide the Platform and services
Create and manage your account
Securely transmit documents to Partner Law Firms
Process payments and maintain billing records
Provide customer support and respond to inquiries
Personalize your experience based on your preferences and profile
Generate risk reports, health scores, and recommendations
Detect and prevent fraud, abuse, and security threats
Comply with legal and regulatory obligations
3.1 Analytics and Improvement
We use Business Metadata to:
Improve Platform functionality and user experience
Develop new features and services
Generate anonymized benchmarks (e.g., average health scores by industry)
Understand market trends and user needs
3.2 Aggregated Intelligence
We may create anonymized, aggregated reports and market intelligence from Business Metadata. Such reports:
Cannot identify any individual user or company
Do not contain any contract content
May be used for internal research, product development, or shared with partners
Help businesses understand industry benchmarks and trends
4. DOCUMENT HANDLING – THE 24-HOUR VAULT
Ratify operates a strict "No Document Storage" policy. We do not permanently retain your contracts or documents.
4.1 The 24-Hour Deletion Commitment
All uploaded documents are stored in an encrypted vault during processing
Documents are automatically and permanently deleted within 24 hours of service completion via automated system processes
After deletion, Ratify has no ability to retrieve, access, or restore your documents
You are solely responsible for maintaining your own copies of all documents
4.2 What Gets Deleted
The following Document Session Data is permanently deleted within 24 hours:
Original uploaded documents (PDF, Word, images)
AI analysis content and risk descriptions
Lawyer review notes and redlined versions
Voice notes and audio recordings
Party names and specific contract terms
Exact monetary values and dates from contracts
4.3 What Gets Retained
The following is retained permanently (or until you delete your account):
Your account information (name, email, phone)
Business Metadata (contract type, health scores, decision patterns)
Transaction and billing records
Decision Receipt hash (cryptographic proof of your choices)
Case identifiers and timestamps
4.4 Encrypted Backups
Encrypted system backups may retain Document Session Data for up to 30 days solely for disaster recovery and security audit purposes. Backup data is not accessed for operational processing and is automatically overwritten. Individual documents cannot be restored from backups after the 24-hour deletion window.
4.5 Legal and Regulatory Holds
In limited circumstances, deletion may be delayed where required by law, court order, or regulatory investigation. We will notify you where legally permitted.
5. NO AI TRAINING ON YOUR DOCUMENTS
Ratify does not use uploaded documents, or their identifiable content, to train:
Any third-party AI or large language models
Any publicly accessible AI systems
Any external machine learning models
Full original document text is never used for external AI training and never leaves Ratify's controlled infrastructure.
Ratify may retain and use irreversibly anonymized and non-identifiable clause extracts and Business Metadata to improve internal verification workflows, security, and system performance. Such anonymized derivatives cannot be used to reconstruct documents or identify any individual.
6. ANONYMIZED AND AGGREGATED DATA
6.1 Anonymization Process
Before any Business Metadata is used for analytics or shared purposes, it is stripped of direct identifiers (name, email, phone, company name) and aggregated with data from other users.
6.2 Use of Anonymized Data
Anonymized and aggregated data may be used for:
Platform improvement and feature development
Security monitoring and fraud detection
Internal research and analytics
Industry benchmarking reports (e.g., "Average health score for tech sector NDAs")
Market intelligence and trend analysis
6.3 No Re-identification
We will not attempt to re-identify anonymized data or enable third parties to do so. Anonymized data cannot be used to reconstruct original documents or identify individuals.
6.4 Internal Knowledge Base
Ratify maintains an internal knowledge base containing irreversibly anonymized clause patterns and structures. This helps improve verification accuracy and does not contain any personally identifiable information.
7. DATA SHARING AND DISCLOSURE
7.1 Partner Law Firms
We share Document Session Data with the Partner Law Firm assigned to your case solely to provide the requested services. Partner Law Firms are independent controllers bound by professional secrecy obligations.
7.2 Service Providers
We use vetted service providers (hosting, payments, analytics, support) under strict contracts with appropriate data protection safeguards.
7.3 Partner Offers (Opt-In Only)
With your explicit consent, we may share non-document Business Metadata with selected partners to provide you with relevant offers (e.g., insurance, legal services). This requires a separate opt-in consent and you may withdraw consent at any time.
We never share your name, email, phone, or any Document Session Data with marketing partners.
7.4 Aggregated Intelligence
We may share anonymized, aggregated reports and benchmarks with partners, researchers, or the public. Such reports cannot identify any individual user or company.
7.5 Legal Requirements
We may disclose data when required by law, court order, or regulatory authority, or to protect the rights, safety, or property of Ratify, users, or others.
7.6 Business Transfers
In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity subject to the same privacy protections.
Ratify does not sell personal data.
8. INTERNATIONAL TRANSFERS
Our primary application infrastructure is hosted in the United States of America. Business Metadata and Account Information may be processed outside the UAE.
Document Session Data remains encrypted and is deleted within 24 hours regardless of processing location.
We implement standard contractual clauses and other approved transfer mechanisms with all service providers to ensure protection consistent with UAE PDPL and applicable data protection laws.
9. COOKIES AND TRACKING
We use cookies for essential functionality, preferences, and analytics. Non-essential cookies require consent where required by law. See our Cookie Policy for details.
We do not use advertising or profiling cookies. We do not honor "Do Not Track" browser signals.
10. DATA SECURITY
We implement industry-standard security measures including:
AES-256 encryption for data at rest
TLS 1.2+ encryption for data in transit
Per-case encryption keys destroyed after 24-hour deletion
Access controls and audit logging
Regular security testing and monitoring
No system is completely secure. Ratify is not liable for unauthorized access where industry-standard safeguards were in place, to the maximum extent permitted by law.
11. DATA RETENTION
Data Type
Retention Period
Deletion Trigger
12. YOUR RIGHTS
Depending on your jurisdiction and subject to applicable law, you may have the right to:
Access your personal data
Correct inaccurate data
Delete your data (subject to legal retention requirements)
Restrict or object to processing
Withdraw consent at any time
Data portability
Lodge a complaint with the UAE Data Office or relevant authority
To exercise your rights, contact privacy@ratify.ae. We will respond within the timeframes required by applicable law.
Note: Due to our 24-hour deletion policy, we may be unable to provide access to Document Session Data that has already been deleted.
Requests about documents held by Partner Law Firms must be directed to them.
13. CONSENT AND LEGAL BASIS
13.1 Consent Requirements
Under UAE PDPL, we obtain your consent through a clear affirmative action (checking an unchecked box) before processing your personal data. Pre-ticked boxes or silence do not constitute valid consent.
13.2 Legal Bases for Processing
Contract performance: Processing necessary to provide our services
Consent: Where you have given explicit consent (e.g., partner offers)
Legal obligation: Compliance with laws and regulations
Legitimate interest: Analytics and service improvement (for non-sensitive Business Metadata).
13.3 Withdrawal of Consent
You may withdraw consent at any time by contacting privacy@ratify.ae or using the settings in your account. Withdrawal does not affect the lawfulness of processing before withdrawal.
14. CHILDREN
The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact: privacy@ratify.ae.
15. THIRD-PARTY LINKS
The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of such third parties. We encourage you to review their privacy policies.
16. CHANGES TO THIS POLICY
We may update this Policy at any time by posting a revised version on the Platform. Changes are effective upon posting unless we specify otherwise.
For material changes that adversely affect your rights, we will provide 30 days' notice via email or Platform notification.
Your continued use after the effective date constitutes acceptance. If you disagree with any changes, your sole remedy is to stop using the Platform before the effective date.
17. GOVERNING LAW AND DISPUTES
17.1 This Privacy Policy is governed by the laws of the United Arab Emirates and the Emirate of Dubai.
17.2 Any dispute arising out of or relating to this Policy shall be finally resolved by arbitration under the DIAC Arbitration Rules by one arbitrator, in the English language. The seat of arbitration shall be Dubai, United Arab Emirates.
17.3 Class Action Waiver: To the maximum extent permitted by applicable law, all claims must be brought on an individual basis. You waive any right to participate in class, collective, or representative proceedings against Ratify.
18. CONTACT US
If you have questions about this Privacy Policy or wish to exercise your rights, please contact:
RATIFY TECHNOLOGIES FZCO
Unit No: UT-12-CO-196 DMCC Business Centre Level No 12 Uptown Tower
Dubai, United Arab Emirates