Privacy Policy
Effective date: 16 June 2026 Last updated: 16 June 2026
This Privacy Policy explains how LENIVIN AI L.L.C-FZ ("Lenivin AI", "we", "us", "our") collects, uses, shares, and protects personal data when you visit lenivin.ai (the "Site"), purchase or use our online courses (the "Services"), or otherwise interact with us.
We process personal data in compliance with:
- The United Arab Emirates Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "UAE PDPL");
- The EU General Data Protection Regulation 2016/679 ("GDPR"), when applicable;
- The UK General Data Protection Regulation ("UK GDPR"), when applicable;
- The California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), when applicable.
If you do not agree with any part of this Privacy Policy, please do not use the Services.
1. Data Controller
The data controller is:
LENIVIN AI L.L.C-FZ Free-Zone Limited Liability Company, licence No. 2646817.01 Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E. Email: privacy@lenivin.ai Privacy questions: privacy@lenivin.ai Subject-access and rights requests: privacy@lenivin.ai
For users in the European Economic Area, the United Kingdom, or California, you may also contact us at the address above. We are reviewing whether we are required to appoint a representative in the EU and the UK under Article 27 of the EU/UK GDPR; where an appointment is required, we will name the representative and their contact details here. In the meantime, you can reach us directly at privacy@lenivin.ai for any data-protection matter.
2. Personal Data We Collect
We collect the categories of personal data set out below. We collect data directly from you (e.g., when you submit a form), automatically (e.g., through cookies and analytics tools), and from a limited set of third-party sources (e.g., payment processors confirming a transaction).
2.1 Information you provide
| Category | Examples |
|---|---|
| Identification & contact | Full name, email address, phone number, country of residence |
| Account credentials | Username, hashed password, security questions |
| Payment information | Last 4 digits of card and card brand (from Stripe or PayPal — we never see the full card number), billing address, transaction ID, invoice metadata, installment-plan schedule |
| Communication content | The content of forms, support tickets, chat messages, emails, voice calls (we may record customer-support calls and will inform you at the start of any recorded call) |
| Course-related data | Assignments, portfolio submissions, quiz answers, completion progress, community posts, lesson notes |
| Marketing preferences | Email subscription status, communication frequency preferences, language preference |
2.2 Information we collect automatically
| Category | Examples |
|---|---|
| Technical data | IP address, device identifier, browser type and version, operating system, screen resolution, time-zone, referring URL |
| Usage data | Pages viewed, time on page, lessons started/completed, clicks, scroll depth, video play-time, search queries inside the platform |
| Cookies & similar technologies | First- and third-party cookies, local storage, pixels (see Cookie Policy) |
2.3 Information from third parties
| Source | What we receive |
|---|---|
| Stripe | Confirmation of payment status, payment metadata (no full PAN), risk-evaluation flags |
| PayPal (where you choose to pay via PayPal) | Confirmation of payment status, payer email/ID and payment metadata (no full card number), risk-evaluation flags |
| Authentication providers (e.g., Google, Apple) if you choose to sign in via them | Your name, email, and profile-picture URL — only the fields permitted by the provider |
| Analytics providers (privacy-respecting web analytics) | Aggregated traffic data; some providers may use your IP address to derive an approximate geographic location |
| Communication providers (e.g., Telegram bots, WhatsApp Business) | Your contact identifier on that platform if you initiate a conversation |
2.4 Sensitive personal data
We do not knowingly collect sensitive personal data (e.g., racial or ethnic origin, religious or political beliefs, health data, biometric or genetic data). We ask that you do not submit such data. If you nevertheless include it in a course assignment or community post, you do so on your own initiative; we use it only to provide the Services and you may ask us to delete it at any time.
3. How and Why We Use Personal Data
We use personal data for the following purposes, with the legal basis indicated for users to whom GDPR / UK GDPR / UAE PDPL applies:
| Purpose | Categories of data used | Legal basis |
|---|---|---|
| Account creation & operation | Identification, account credentials | Performance of a contract (you, the user, request the account) |
| Delivering the Course | Course-related data, technical data | Performance of a contract |
| Processing payments & installment plans | Payment information, identification | Performance of a contract; legal obligation (tax, accounting) |
| Customer support | Communication content, identification, account credentials | Performance of a contract; legitimate interests (responding to enquiries) |
| Site analytics & product improvement | Technical data, usage data, cookies | Consent (where required); legitimate interests in improving the Services |
| Marketing communications (newsletters, course announcements, promotions) | Identification, contact, marketing preferences | Consent for new prospects; legitimate interests for existing customers (with right to opt out) |
| Personalised marketing & retargeting | Cookies, usage data | Consent only |
| Fraud prevention & platform security | Technical data, payment metadata, account activity | Legitimate interests; legal obligation |
| Legal compliance | All categories as needed | Legal obligation |
| Defence & enforcement of rights | All categories as needed | Legitimate interests in establishing, exercising, or defending legal claims |
| Improvement of AI tools we build | We do not use your assignments or generated content to train models unless you explicitly opt in via a future feature | Consent (if and when offered) |
We do not subject you to any decision based solely on automated processing that produces legal or similarly significant effects.
4. Cookies and Similar Technologies
We use cookies and similar technologies for essential site functions, analytics, and marketing. Detailed information about each cookie, including its purpose, provider, and duration, is set out in our Cookie Policy.
You can manage cookie preferences through the cookie banner at any time, or by using your browser settings. Rejecting non-essential cookies does not affect your ability to purchase or take a Course.
5. Sharing and Disclosure of Personal Data
We share personal data only as described below. We do not sell your personal data in the meaning of CCPA/CPRA, and we have not done so in the preceding 12 months.
5.1 Service providers (processors)
We share personal data with carefully selected service providers acting on our behalf under written data-processing agreements:
| Provider | Purpose | Country / Region |
|---|---|---|
| Stripe (the contracting Stripe entity depends on your region) | Payment processing, fraud prevention | EU / UAE / USA |
| PayPal (PayPal Europe S.à r.l. et Cie, S.C.A. and other PayPal entities) | Payment processing, fraud prevention | Luxembourg, USA |
| Learning-Management-System provider | Hosting course content, tracking progress, account login | International cloud |
| CRM provider | Customer-relationship & lead management | International cloud |
| Marketing-automation provider | Automated messaging & workflows | International cloud |
| Web-analytics provider | Aggregated, privacy-respecting site analytics | International cloud |
| Google Workspace | Email, document storage for our team | USA / EU |
| Cloud-hosting provider | Static-site hosting & content delivery | International |
| Telegram / WhatsApp Business | Customer support messaging | International |
| Email-delivery providers (e.g., SendPulse, Mailgun) | Sending transactional and marketing emails | EU / USA |
We choose providers that we believe offer adequate safeguards. The list above is current as of the Effective Date and may be updated. Please contact privacy@lenivin.ai for the latest list.
5.2 Other recipients
| Recipient | When |
|---|---|
| Professional advisers (lawyers, auditors, accountants) | To obtain advice or to enforce or defend our rights |
| Public authorities | Where required by law, regulation, court order, or to comply with the UAE PDPL, sanctions, or financial-crime obligations |
| Acquirers / successors | In connection with a merger, acquisition, restructuring, or sale of all or part of our business — with appropriate confidentiality protections |
| Affiliates of Lenivin AI | For shared back-office operations, subject to the same safeguards as this Privacy Policy |
5.3 With your consent
We may share data with any other recipient with your explicit consent, which you may withdraw at any time.
6. International Data Transfers
Lenivin AI operates from the United Arab Emirates and uses service providers in multiple countries, including the European Union, the United States, the United Kingdom, and the United Arab Emirates.
6.1 Transfers from the EEA / UK to the UAE and beyond
When personal data of EEA or UK residents is transferred outside the EEA / UK to countries that have not received an adequacy decision from the European Commission or the UK Government, we rely on:
- The Standard Contractual Clauses approved by the European Commission and / or the UK International Data Transfer Agreement; and
- Where appropriate, additional supplementary measures such as encryption in transit, encryption at rest, access controls, and pseudonymisation; or
- Your explicit consent to a specific transfer, after we have informed you of the possible risks of such a transfer in the absence of an adequacy decision and appropriate safeguards.
6.2 Transfers under the UAE PDPL
When personal data is transferred outside the UAE to countries that do not provide an adequate level of protection as determined by the UAE Data Office, we rely on consent, contractual safeguards, or other lawful grounds set out in Article 23 of the UAE PDPL and its Executive Regulations.
You can request a copy of the safeguards in place for international transfers by emailing privacy@lenivin.ai.
7. How Long We Keep Personal Data
We retain personal data only for as long as necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data category | Retention period |
|---|---|
| Account data | Duration of Account + 3 years after Account closure |
| Course progress and submissions | Duration of Subscription Term + 3 years |
| Payment and billing records | 7 years from the transaction (UAE tax / accounting obligations) |
| Customer-support communications | 3 years from the last interaction |
| Marketing preferences | Until you withdraw consent or unsubscribe |
| Cookies | As set out in the Cookie Policy (most expire within 14 months) |
| Server logs (technical data) | 12 months |
| Backups | 90 days after deletion from production systems |
After the applicable retention period, we will securely delete or anonymise the data.
8. Data Security
We implement appropriate technical and organisational measures to protect personal data, including:
- HTTPS / TLS for all data in transit.
- Encryption at rest for sensitive data stored by our principal service providers.
- Role-based access control: staff members only access the data they need to perform their duties, subject to written confidentiality undertakings.
- Multi-factor authentication for administrator accounts.
- Regular software updates and security patching.
- Logging and monitoring of suspicious activity.
- Periodic review of our processors' security practices.
No internet transmission or electronic storage is 100% secure. If we become aware of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent authority within the timeframes required by applicable law (within 72 hours where GDPR applies) and, where the breach is high-risk to you, we will notify you directly.
9. Your Rights
Depending on where you live, you have some or all of the following rights with respect to your personal data. To exercise any of them, email privacy@lenivin.ai with proof of identity sufficient for us to verify the request. We will respond within 30 calendar days, extendable by a further 60 days for complex requests (we will tell you if we need more time).
9.1 Under the UAE PDPL (residents of the UAE)
- Right of access to your personal data and to the way it is processed.
- Right to request transfer of your personal data.
- Right to request correction of inaccurate data.
- Right to request erasure of your data.
- Right to restrict or stop processing.
- Right to object to processing for direct marketing or for decisions based on automated processing.
- Right to withdraw consent at any time where processing is based on consent.
- Right to file a complaint with the UAE Data Office.
9.2 Under GDPR / UK GDPR (residents of the EEA / UK)
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure / "right to be forgotten" (Art. 17)
- Right to restrict processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21), including objection to direct marketing
- Right not to be subject to automated decision-making (Art. 22)
- Right to withdraw consent at any time (Art. 7)
- Right to lodge a complaint with your supervisory authority (in the EEA, the data-protection authority of your country of residence; in the UK, the Information Commissioner's Office, ico.org.uk)
9.3 Under CCPA / CPRA (residents of California)
- Right to know what personal information we collect, use, disclose, and sell or share.
- Right to delete personal information we have collected from you (subject to exceptions).
- Right to correct inaccurate personal information.
- Right to opt out of the sale or sharing of personal information. As stated above, we do not sell or share personal information as defined under the CCPA.
- Right to limit the use and disclosure of sensitive personal information. We do not knowingly process sensitive personal information for the purposes that would trigger this right.
- Right to non-discrimination for exercising your privacy rights.
You may submit a verifiable request through privacy@lenivin.ai. You may also designate an authorised agent to make a request on your behalf — proof of the agent's authorisation will be required.
9.4 Withdrawing marketing consent
You can withdraw consent to marketing emails at any time by:
- Clicking the "unsubscribe" link in any marketing email we send you, or
- Emailing privacy@lenivin.ai.
This will not affect the lawfulness of processing before withdrawal.
10. Children
The Services are not directed at, and we do not knowingly collect personal data from, individuals under 18 years of age (or the age of majority in the user's jurisdiction, if higher). If you believe a child has provided us with personal data, please contact privacy@lenivin.ai and we will take steps to delete the data.
11. Third-Party Links
The Site may contain links to third-party websites, AI tools, or services that we do not control. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of every site you visit.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make a material change, we will notify you by:
- Posting the updated Privacy Policy on the Site with a new "Last updated" date, and
- Where practicable and where the change is material, emailing the registered email address on your Account at least 30 calendar days before the change takes effect.
Continued use of the Services after the change takes effect constitutes acceptance of the updated Privacy Policy.
13. Contact Us
For any questions, requests, or complaints regarding this Privacy Policy or our processing of your personal data, please contact:
LENIVIN AI L.L.C-FZ Attn: Privacy Team Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E. Email: privacy@lenivin.ai
If you are not satisfied with our response, you may lodge a complaint with:
- The UAE Data Office (uaedata.ae) — for residents of the UAE
- Your EU data-protection authority — for residents of the EEA
- The UK Information Commissioner's Office (ico.org.uk) — for residents of the UK
- The California Privacy Protection Agency (cppa.ca.gov) — for residents of California
© 2026 LENIVIN AI L.L.C-FZ. All rights reserved.