Overview
UAE customers — and the regulators that supervise them — increasingly require AI vendors to keep personal data inside the country and to make cross-border processing explicit. Scinops AI was built with that requirement as a primary design constraint, not a bolt-on. The default deployment keeps all customer-identifiable data inside AWS me-central-1 (UAE), and we offer documented controls for the rare cases where data has to leave the region.
Where your data lives
| Data category | Storage region | Notes |
|---|---|---|
| Account & authentication | AWS me-central-1 (UAE) | Managed MariaDB; encrypted at rest |
| Assessment answers & scores | AWS me-central-1 (UAE) | Encrypted at rest; tenant-scoped |
| Generated deep-analysis reports | AWS me-central-1 (UAE) | MariaDB + S3; encrypted at rest |
| PDF exports | AWS me-central-1 (UAE) S3 | Versioned; lifecycle rule available |
| Audit logs | AWS me-central-1 (UAE) | Append-only; ≥ 365 days retention |
| Operational telemetry (errors, latency) | AWS me-central-1 (UAE) | No raw payloads; identifiers redacted |
| Payments metadata (no card data) | Stripe | Card data PCI-handled by Stripe; we never see PANs |
| Email delivery metadata | Transactional email provider | Recipient, timestamp, status only |
LLM inference routing
Generating the deep-analysis report requires a Large Language Model. We support three deployment modes; you choose which one applies to your tenant during onboarding.
Mode A — OpenRouter (default)
Reports are generated by a primary model (Claude Sonnet 4.6) with a fallback (GPT-4o) routed via OpenRouter. OpenRouter routes calls to the model provider with the no-training flag set; providers do not retain prompts or outputs for training. Inference is transient: prompts and completions are not stored by Scinops or by the provider beyond the request lifecycle, save for short-lived abuse-prevention logs on the provider side.
Mode B — In-region inference (recommended for regulated workloads)
- AWS Bedrock in
me-central-1for Anthropic and Amazon Nova models, when those models are available in-region. - Azure OpenAI in UAE North for GPT-class models, with the standard Azure data processing addendum.
- In this mode, neither prompts nor completions leave the UAE. Recommended for security and HR data with named individuals.
Mode C — Sovereign / private deployment
For customers with the strictest residency requirements (government contractors, critical infrastructure), we deploy the platform inside the customer's own AWS account or private cloud. Scinops retains only operational metadata required to support the deployment.
Sub-processors
We use a deliberately small set of sub-processors. The table below is the current authoritative list. We notify enterprise customers in writing at least 30 days before adding a new sub-processor, unless a faster change is required to mitigate a security risk.
| Sub-processor | Purpose | Region |
|---|---|---|
| Amazon Web Services | Application hosting, database, object storage, secrets | me-central-1 (UAE) |
| Stripe Payments | Subscription and one-off billing; card processing | Global (PCI DSS Level 1) |
| OpenRouter | LLM API gateway (Mode A only) | Global (US-routed by default) |
| Anthropic / OpenAI / Google | Underlying model providers via OpenRouter or Bedrock | Per chosen provider |
| Transactional email provider | Magic-link sign-in, report-ready emails | EU / UAE depending on tier |
| Observability provider | Error tracking and performance traces | EU region |
A signed, dated sub-processor list with version history is available on request as part of a procurement pack.
Cross-border transfers
UAE PDPL Article 22 permits cross-border transfers of personal data where adequacy is recognised, an appropriate safeguard is in place (such as standard contractual clauses) or a defined exception applies. Where customer data leaves the UAE in our default OpenRouter mode, we rely on the contractual safeguards Scinops has in place with OpenRouter and the underlying model providers, combined with strict purpose limitation (inference only) and the absence of long-term storage.
Customers who do not wish to rely on this safeguard can disable Mode A entirely and select Mode B or C. The assessment, scoring and storage paths do not perform any cross-border transfer in any mode.
Sovereign deployment options
- Single-tenant deployment inside the customer AWS organisation, with break-glass access only.
- Bring-your-own KMS keys for at-rest encryption.
- Air-gapped option for classified environments — discussed on a case-by-case basis.
- Optional private network peering and IP allowlists.
Retention & deletion
- Account and assessment data retained while the account is active.
- Generated reports retained for 24 months by default; customers may shorten this on request.
- Audit logs retained for at least 365 days for regulatory traceability.
- On account closure, customer data is deleted within 30 days, with cryptographic destruction of backup copies within a further 60 days.
- Customers can request earlier deletion at any time via our deletion request form or by writing to privacy@scinops.ai.
Notifying changes
Material changes to where data is stored, how inference is routed or which sub-processors are used will be reflected on this page and communicated by email to all customers with at least 30 days' notice for non-urgent changes.