NibraSec
HomeAgentsPricingSecurityBlogDocs
Get started
Legal
Terms of ServicePrivacy PolicyData Processing AgreementAcceptable Use PolicyCookie Policy
Last updated 28 June 2026

Data Processing Agreement

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between you (the “Controller”) and NibraSec FZ-LLC (the “Processor”, “we”) and applies where we process Personal Data on your behalf. It is written to align with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, the “UAE PDPL”).

1. Roles of the parties

For the workspace content you submit that relates to your staff or third parties, you are the Controller and we act as your Processor. You are responsible for establishing a lawful basis for the data you provide and for your instructions to us.

2. Scope and purpose of processing

  • Subject matter & duration — provision of the Service for the term of your subscription, plus the deletion period in our Privacy Policy.
  • Nature & purpose — hosting, storing, and processing your content so the agents can generate compliance findings, documents, and audit packs.
  • Categories of data subjects — your personnel, contacts, and individuals referenced in your compliance artefacts.
  • Categories of Personal Data — as determined by you; typically names, business contact details, and role/processing information you enter.

3. Our obligations as Processor

In accordance with Article 8 of the UAE PDPL, we will:

  • process Personal Data only on your documented instructions, including these Terms;
  • ensure persons authorised to process the data are bound by confidentiality;
  • implement appropriate technical and organisational security measures;
  • assist you, where reasonable, in responding to data-subject requests;
  • assist you with security, breach notification, and data-protection impact assessments;
  • delete or return Personal Data at the end of the engagement (Section 7);
  • make available the information reasonably necessary to demonstrate compliance.

4. Sub-processors

You grant general authorisation for us to engage sub-processors (e.g. cloud hosting, LLM inference under zero-data-retention terms, payment, and email) under contracts imposing PDPL-equivalent obligations. A current sub-processor register is available under NDA via our security pack. We will give reasonable notice of intended changes so you may object on legitimate grounds.

5. Cross-border transfers

Any transfer of Personal Data outside the UAE is carried out in accordance with Articles 22 and 23 of the UAE PDPL — to adequate jurisdictions, under contractual safeguards binding the recipient to equivalent protections, or on another lawful basis.

6. Personal Data breach

We will notify you without undue delay after becoming aware of a Personal Data breach affecting your data, with information reasonably available to support your own notification obligations to the UAE Data Office and affected individuals.

7. Return and deletion

On termination, we will delete or, on request, return your Personal Data within the period stated in our Privacy Policy, except where retention is required by law.

8. Audit

We will make available information necessary to demonstrate compliance with this DPA and, on reasonable prior notice and subject to confidentiality, allow for audits limited to your data and conducted in a manner that does not compromise other customers' security.

9. General

This DPA is governed by the same law and jurisdiction as the Terms of Service. In the event of conflict on data protection matters, this DPA prevails. Contact: dpo@nibrasec.com.

NibraSec

AI-native compliance for organizations operating in the Middle East. Five agents, one team, continuous coverage.

Product
AgentsHow it worksWorkspacePricing
Resources
BlogDocumentationChangelog
Company
AboutWho it's forCareersContact
Legal
PrivacyTermsDPASecurity
© 2026 NibraSec. All rights reserved.
🌍 English