Legal

Privacy Policy

Effective: 4 July 2026 · Last updated: 4 July 2026

This Privacy Policy explains how Steinn AI Labs Limited ( "Steinn AI", "we", "us", or "our"), a company incorporated in the Dubai International Financial Centre (DIFC), United Arab Emirates, collects, uses, discloses, and safeguards personal data in connection with our website magpie.so and the Magpie AI governance and observability platform (together, the "Services").

This page is maintained by Steinn AI Labs Limited and is intended as a plain-language explanation of our practices. It is not legal advice. Where you have entered into a separate agreement with us (for example, a Master Services Agreement or Data Processing Agreement), that agreement governs the processing of personal data you provide through the Services.

1. Who we are

Steinn AI Labs Limited is the controller of personal data collected through our public website and marketing channels, and acts as a processor of personal data submitted by our customers to the Magpie platform under a Data Processing Agreement.

  • Registered office: Dubai International Financial Centre (DIFC), Dubai, United Arab Emirates.
  • Product: Magpie — AI governance and observability platform.
  • Contact: privacy@magpie.so

2. Applicable laws

We process personal data in accordance with the DIFC Data Protection Law No. 5 of 2020 and its regulations, which is the primary law that applies to Steinn AI Labs Limited as a DIFC-incorporated entity. Depending on where you are located and how you interact with us, other laws may also apply, including:

  • the UAE Federal Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, "PDPL") for personal data processed outside DIFC in the UAE;
  • the ADGM Data Protection Regulations 2021 where personal data is processed in or from ADGM;
  • the EU/UK General Data Protection Regulation (GDPR/UK GDPR) where we offer Services to, or monitor, individuals located in the EU or UK.

Where these laws grant additional rights or impose additional obligations, we apply the standard that provides the greater protection to the data subject.

3. Personal data we collect

We collect the following categories of personal data:

  • Account and contact data — name, business email, company, job title, phone number, and login credentials when you register, request a demo, or subscribe to our updates.
  • Communications — the content of messages you send to us via email, contact forms, chat, or scheduled calls.
  • Usage and device data — IP address, approximate location derived from IP, browser type, operating system, referring URLs, pages viewed, and interactions with the Services, collected via cookies and similar technologies.
  • Customer platform data — data our customers or their authorised users submit into the Magpie platform (for example, AI model metadata, risk assessments, and audit records). We process this data as a processor on behalf of the customer.
  • Marketing data — records of your interactions with our marketing campaigns, advertising identifiers, and cookie preferences.

We do not knowingly collect personal data from children under 18. The Services are intended for use by employees of regulated financial institutions and their advisers.

4. How we use personal data and legal bases

We use personal data for the following purposes:

  • Providing the Services — creating accounts, delivering the platform, responding to requests, and providing customer support. Legal basis: performance of a contract.
  • Business communications — responding to enquiries, sending service-related notices, and administering our relationship with customers and prospects. Legal basis: legitimate interests, and performance of a contract where applicable.
  • Marketing — sending information about our products, events, and research to business contacts. Legal basis: consent where required, otherwise our legitimate interest in promoting our business. You can opt out of marketing communications at any time.
  • Analytics and product improvement — understanding how our website and platform are used so we can improve them. Legal basis: consent for non-essential cookies; legitimate interests for aggregated and de-identified analytics.
  • Security, fraud prevention, and compliance — protecting the Services, investigating misuse, and meeting our legal obligations. Legal basis: legitimate interests and compliance with a legal obligation.

5. Cookies and tracking technologies

We use strictly necessary cookies to operate the Services, and optional cookies for analytics and marketing. Optional cookies are only set after you provide consent through our cookie banner. Currently we use the following categories:

  • Necessary — session, authentication, and security cookies required to run the Services.
  • Analytics — Google Analytics (Google Ireland Limited / Google LLC), used to measure aggregate usage. IP addresses are anonymised.
  • Marketing — Google Ads and Meta Pixel, used to measure the effectiveness of our advertising. These load only after you opt in, and we operate Google Consent Mode v2.

You can withdraw or change your consent at any time using the link in the footer of every page.

6. How we share personal data

We share personal data only with:

  • Service providers that host our infrastructure, deliver email, provide analytics, or support our operations, all under written contracts that restrict use of personal data to our instructions;
  • Professional advisers, including lawyers, auditors, and accountants, where reasonably necessary;
  • Regulators, law enforcement, or courts where we are legally required to do so, or where necessary to protect our rights or the safety of others;
  • Acquirers or successors in the event of a merger, acquisition, or reorganisation, subject to appropriate confidentiality safeguards.

We do not sell personal data, and we do not share personal data with third parties for their own independent marketing purposes.

7. International transfers

Because our team and service providers are located in the UAE, Europe, and other jurisdictions, personal data may be transferred outside the DIFC or your country of residence. Where we transfer personal data internationally, we rely on adequacy decisions, standard contractual clauses, or other transfer mechanisms permitted under the DIFC Data Protection Law and other applicable laws.

8. Data retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, including to meet legal, accounting, or reporting requirements. Retention periods depend on the category of data, the nature of our relationship, and applicable legal obligations. When personal data is no longer required, we delete or anonymise it in a secure manner.

For customer platform data, retention is governed by the applicable customer agreement and Data Processing Agreement.

9. Security

We maintain administrative, technical, and organisational safeguards designed to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include access controls, encryption in transit, logging, and periodic reviews. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Your rights

Subject to applicable law, you have rights in relation to your personal data, which may include the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete personal data;
  • request deletion of personal data in certain circumstances;
  • object to, or request restriction of, certain processing;
  • request portability of personal data you have provided to us;
  • withdraw consent where processing is based on consent; and
  • lodge a complaint with the DIFC Commissioner of Data Protection or another competent supervisory authority.

To exercise your rights, contact us at privacy@magpie.so. We may need to verify your identity before responding, and we will respond within the timeframes required by applicable law.

11. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice (for example, by email or through the Services).

12. Contact

If you have questions about this Policy or how we handle personal data, please contact us at:

  • Steinn AI Labs Limited
  • Dubai International Financial Centre (DIFC), Dubai, United Arab Emirates
  • Email: privacy@magpie.so