Data Sovereignty & Privacy Policy Last Updated: February 2026

March 30, 2026

1. Introduction

intella ("Company," "we," "us," "our"), accessible at intella.me, is a data-technology company headquartered in Riyadh, Kingdom of Saudi Arabia, with operational presence in Egypt. We specialize in Arabic-first speech intelligence, providing proprietary Speech-to-Text (STT), Text-to-Speech (TTS), and industry-specific Small Language Models (SLMs) to enterprise clients across the MENA region and beyond. This Privacy Policy describes how we collect, use, disclose, retain, and protect Personal Data when you visit our website, use our products and services, interact with our marketing campaigns, or otherwise engage with us. It applies to all users, including website visitors, prospective clients, enterprise clients, and end-users whose data may be processed through our platform. We are committed to processing Personal Data in accordance with all applicable data protection laws, including but not limited to: the Egyptian Personal Data Protection Law No. 151 of 2020 (“EPDPL”), the Kingdom of Saudi Arabia’s Personal Data Protection Law (“PDPL”) and National Data Management Office (“NDMO”) standards.

2. Key Definitions

• “Personal Data” means any information relating to an identified or identifiable natural person, including but not limited to names, email addresses, voice recordings, IP addresses, and device identifiers. • “Processing” means any operation performed on Personal Data, whether automated or manual, including collection, recording, organization, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction. • “Data Controller” means the entity that determines the purposes and means of Processing Personal Data. intella acts as a Data Controller for data collected through our website and marketing activities. • “Data Processor” means the entity that processes Personal Data on behalf of the Data Controller. intella acts as a Data Processor when processing client data through our enterprise products (intellaVX, intellaCX, intellaMX, Ziila). • “Sensitive Personal Data” means Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or genetic data, as defined under applicable law. • “Services” refers collectively to the intella.me website, our product suite (Ziila, intellaCX, intellaMX, intellaVX), APIs, demo environments, and any related services or platforms. intella.me — Confidential | Page 1 intella | Privacy Policy

3. Data Sovereignty and Residency

We understand that for enterprise clients in banking, government, telecommunications, and other regulated industries, data residency is non-negotiable. intella’s infrastructure is architected from the ground up to support full data sovereignty: • Local Hosting: We offer deployment options that ensure your data remains within your national borders, including the Kingdom of Saudi Arabia, Egypt, and other supported jurisdictions. • On-Premise Deployment: For maximum security, our proprietary models (STT, TTS, SLMs) can be deployed entirely on-premise within your internal infrastructure. Under this model, sensitive voice and customer data never leaves your controlled environment. • Private Cloud: Where cloud processing is required, we utilize region-specific data centers that comply with local data sovereignty laws, including NDMO standards in Saudi Arabia.

4. Personal Data We Collect

4.1 Data Collected Directly from You Category Data Elements Collection Context Identity Data Full name, job title, company name Contact forms, demo requests, LinkedIn Lead Gen Forms, account registration Contact Data Email address, phone number, mailing address Contact forms, demo requests, LinkedIn Lead Gen Forms, support inquiries Professional Data Company name, industry, job function, company size LinkedIn Lead Gen Forms,
enterprise onboarding, sales
interactions Account Data Username, password (hashed), account preferences Product registration (intellaVX, intellaMX free trials) Communications Data Contents of messages, inquiries, feedback Contact forms, email, support channels Consent Records Opt-in/opt-out preferences, consent timestamps Cookie banners, marketing forms, LinkedIn forms

4.2 Data Collected Automatically Category Data Elements Technology Used Technical Data IP address, browser type and
version, operating system, device type, screen resolution Server logs, analytics scripts

intella.me — Confidential | Page 2 intella | Privacy Policy Usage Data Pages visited, time spent, click paths, referral source, session duration Google Analytics, internal analytics Cookie Data Session identifiers, preference cookies, analytics cookies,
marketing pixels Cookies, local storage, tracking pixels Location Data Approximate geographic location (country/city level derived from IP address) IP geolocation

4.3 Data Processed on Behalf of Enterprise Clients (Processor Role) When our enterprise clients use Ziila, intellaCX, intellaMX, or intellaVX, we may Process the following categories of data strictly as a Data Processor, under the client’s instructions and pursuant to a Data Processing Agreement (“DPA”): • Voice and Audio Data: Call recordings, voice interactions, and audio files submitted for transcription, translation, or analysis. • Transcription Data: Text outputs generated from our ASR (Automatic Speech Recognition) engine across 25+ Arabic dialects. • Conversation Analytics Data: Sentiment scores, intent classifications, friction-point indicators, compliance flags, and performance metrics derived from call center interactions. • Usage Metadata: Call duration, dialect type, system performance metrics, and operational logs. • Media Content: Subtitles, translations, and localized media assets generated via intellaMX. Commitment on Proprietary Voice Data: intella does not use your proprietary voice data, call recordings, or audio assets to train our public base models or any shared model without your explicit, written consent. Your data remains yours. Any model improvement activities are conducted exclusively using de-identified, aggregated datasets or under specific contractual provisions agreed upon with the client in writing. Important: intella does not determine the purposes of Processing enterprise client data. Our enterprise clients are the Data Controllers for such data and are responsible for ensuring lawful collection, obtaining necessary consents, and providing notice to their end-users. Processing is governed by individual DPAs executed with each client. 5. Lawful Bases for Processing We rely on the following lawful bases under applicable data protection legislation: Lawful Basis Applicable Processing Activities

intella.me — Confidential | Page 3 intella | Privacy Policy Consent Marketing communications, cookie placement, LinkedIn Lead Gen Form submissions, newsletter
subscriptions Contractual Necessity Account creation, service delivery, product access, demo provisioning, support Legitimate Interests Website analytics, security
monitoring, fraud prevention, product improvement, direct marketing to existing clients Legal Obligation Regulatory compliance, tax records, responding to lawful requests from authorities (including SAMA audits)

Where we rely on Legitimate Interests, we have conducted balancing tests to ensure that our interests do not override your fundamental rights and freedoms. You may request details of these assessments by contacting us. 6. How We Use Your Personal Data 6.1 Website and Marketing Operations (Controller Role) • To respond to demo requests, contact form inquiries, and sales inquiries. • To process and manage LinkedIn Lead Generation Form submissions, including lead qualification, CRM integration, and sales follow-up. • To provide access to free trial accounts for intellaVX and intellaMX. • To send marketing communications, product updates, newsletters, event invitations, and promotional content (with your consent or where permitted under applicable law for existing clients). • To analyze website traffic, user behavior, and campaign performance using Google Analytics and similar tools. • To maintain website security, detect fraud, prevent unauthorized access, and ensure platform integrity. • To comply with legal obligations and respond to lawful requests from government authorities. 6.2 Enterprise Product Operations (Processor Role) • To perform high-accuracy Arabic speech-to-text transcription across 25+ dialects via intellaVX. • To deliver AI-powered voice agent interactions through Ziila for inbound/outbound call management and complex journey automation. • To generate conversation analytics, sentiment analysis, fraud detection, compliance monitoring, and performance scoring via intellaCX. intella.me — Confidential | Page 4 intella | Privacy Policy • To produce translations, subtitles, and localized media content via intellaMX. • To ensure compliance with regulatory audits, including SAMA requirements in Saudi Arabia, through auditable processing logs. • To maintain, improve, and troubleshoot our platform infrastructure (in accordance with DPA terms and only using de-identified or aggregated data where required). 7. Cookies and Tracking Technologies Our website uses cookies and similar technologies to enhance your browsing experience, analyze traffic, and support marketing efforts. Cookie Type Purpose Provider Duration Strictly Necessary Session management, security, load balancing intella (first-party) Session Analytics Traffic analysis, user behavior, page
performance Google Analytics Up to 26 months Marketing Ad attribution,
conversion tracking, retargeting LinkedIn Insight Tag, Google Ads Up to 24 months Functional Language preferences, user settings intella (first-party) 12 months

You may manage your cookie preferences through our cookie consent banner displayed upon your first visit. You may also configure your browser to reject cookies; however, disabling certain cookies may impair the functionality of our website. intella.me — Confidential | Page 5 intella | Privacy Policy 8. Data Sharing and Disclosure We do not sell your Personal Data. We may share Personal Data with the following categories of recipients, subject to appropriate safeguards: 8.1 Service Providers and Sub-Processors We engage trusted third-party service providers who process data on our behalf under written agreements requiring equivalent data protection standards. These include: • Cloud infrastructure providers (for hosting and data storage within approved jurisdictions). • CRM and marketing automation platforms (for lead management and communications). • Analytics providers (Google Analytics, for website performance analysis). • Payment processors (for subscription and billing management, where applicable). • IT security providers (for threat detection and platform integrity). 8.2 Business Partners We may share limited data with channel partners or resellers to facilitate service delivery, subject to confidentiality agreements. 8.3 Legal and Regulatory Disclosure We may disclose Personal Data where required by applicable law, regulation, legal process, or enforceable governmental request, including requests from authorities in the Arab Republic of Egypt, the Kingdom of Saudi Arabia (including SAMA and NDMO), and other jurisdictions where we operate. 8.4 Corporate Transactions In the event of a merger, acquisition, reorganization, or sale of assets, your Personal Data may be transferred as part of that transaction. We will provide notice before Personal Data is transferred and becomes subject to a different privacy policy. 9. International Data Transfers intella operates across multiple jurisdictions, including Egypt and the Kingdom of Saudi Arabia. Personal Data may be transferred to and processed in countries other than your country of residence. When we transfer Personal Data internationally, we implement the following safeguards: • Standard Contractual Clauses (SCCs) approved by the European Commission, where transfers involve EEA-originating data. • Adequacy assessments and binding contractual commitments consistent with the requirements of the Saudi PDPL, NDMO regulations, and the Egyptian EPDPL. • Data Processing Agreements with all sub-processors that mandate equivalent levels of data protection. intella.me — Confidential | Page 6 intella | Privacy Policy • Where enterprise clients require it, on-premise or private cloud deployment options that ensure data residency within specified jurisdictions, eliminating cross-border transfer entirely. 10. Data Retention We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our retention periods are as follows: Data Category Retention Period Rationale Lead generation data (LinkedIn forms, contact forms) 24 months from last interaction Sales cycle completion,
legitimate interest in business development Account data (trial and
registered users) Duration of account + 12
months post-termination Contractual obligation,
regulatory compliance Enterprise client data
(Processor role) As defined in the applicable DPA Client instruction, contractual obligation Website analytics data 26 months (Google Analytics default) Performance analysis,
legitimate interest Marketing consent records Duration of consent + 5 years Legal obligation to demonstrate consent Legal/compliance records As required by applicable law (typically 5–10 years) Legal obligation

Upon expiration of the applicable retention period, Personal Data is securely deleted or irreversibly anonymized. 11. Data Security We implement banking-grade technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to: • Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256 or equivalent). • Access Controls: Strict Role-Based Access Controls (RBAC), multi-factor authentication (MFA), and least-privilege principles ensure only authorized personnel can access system architecture and data. • Infrastructure Security: Firewalls, intrusion detection/prevention systems, regular vulnerability assessments, and penetration testing. • Penetration Testing: Our systems undergo regular third-party security audits to ensure resilience against cyber threats. • Employee Training: Regular data protection and information security awareness training for all personnel. intella.me — Confidential | Page 7 intella | Privacy Policy • Incident Response: Documented incident response plan with defined procedures for breach detection, containment, investigation, notification, and remediation. • Vendor Management: Due diligence and contractual security requirements for all sub processors and service providers. • Sovereign Deployment: On-premise and private cloud deployment options available for enterprise clients requiring full data sovereignty and local residency. 12. Your Rights Depending on your jurisdiction and applicable law, you may exercise the following rights with respect to your Personal Data: 12.1 Rights Under GDPR (EEA Residents) • Right of Access: Obtain confirmation of whether we process your data and request a copy. • Right to Rectification: Request correction of inaccurate or incomplete Personal Data. • Right to Erasure (“Right to Be Forgotten”): Request deletion of your Personal Data, subject to legal exceptions. • Right to Restriction of Processing: Request that we limit Processing in certain circumstances. • Right to Data Portability: Receive your Personal Data in a structured, commonly used, machine-readable format. • Right to Object: Object to Processing based on legitimate interests or for direct marketing purposes. • Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of processing performed prior to withdrawal. • Right to Lodge a Complaint: File a complaint with a supervisory authority in your jurisdiction. 12.2 Rights Under Saudi PDPL • Right to be informed about the purpose and legal basis for processing. • Right to access, correct, update, or request destruction of your Personal Data. • Right to withdraw consent where processing is consent-based. • Right to request restricted processing in certain circumstances. 12.3 Rights Under Egyptian EPDPL • Right to access, correct, amend, or delete your Personal Data. • Right to withdraw consent at any time. • Right to be informed about the identity of the controller and the purpose of processing. • Right to lodge a complaint with the Egyptian Data Protection Center. intella.me — Confidential | Page 8 intella | Privacy Policy 12.4 Rights Under CCPA/CPRA (California Residents) • Right to Know: Request disclosure of categories and specific pieces of Personal Information collected. • Right to Delete: Request deletion of Personal Information, subject to legal exceptions. • Right to Correct: Request correction of inaccurate Personal Information. • Right to Opt-Out of Sale/Sharing: We do not sell Personal Information. You may opt out of sharing for cross-context behavioral advertising. • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. 12.5 How to Exercise Your Rights To exercise any of the above rights, please submit a request to: Email: privacy@intella.me Subject Line: Data Subject Request — [Your Full Name] We will verify your identity before processing any request. We aim to respond within 30 days, or within any shorter period required by applicable law. If we require additional time, we will inform you of the reason and the expected timeline. 13. Children’s Privacy Our Services are not directed at individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect Personal Data from children. If we become aware that we have collected Personal Data from a child without verified parental consent, we will take steps to
delete such information promptly. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@intella.me. 14. Third-Party Links and Services Our website and Services may contain links to third-party websites, platforms, or services (including LinkedIn, YouTube, and social media platforms). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party service before providing your Personal Data. 15. Automated Decision-Making and Profiling Our enterprise products (Ziila, intellaCX) employ artificial intelligence and machine learning algorithms for purposes such as sentiment analysis, intent recognition, fraud detection, and conversation scoring. These technologies operate as tools within our enterprise clients’ operations and are governed by the clients’ own policies and applicable regulations. intella.me — Confidential | Page 9 intella | Privacy Policy With respect to our direct interactions with you (website visitors and leads), we do not engage in solely automated decision-making that produces legal effects or similarly significant effects on you. Any lead scoring or segmentation we perform is supplemented by human review. 16. Do Not Track Signals Our website currently does not respond to “Do Not Track” (DNT) browser signals. However, you may manage your tracking preferences through our cookie consent mechanism and browser settings. 17. Changes to This Privacy Policy We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will post the revised policy on this page with an updated “Last Updated” date. For material changes, we will provide prominent notice on our website or, where required, seek your renewed consent. We encourage you to review this policy periodically. 18. Data Protection Officer For any questions, concerns, or requests related to this Privacy Policy or our data protection practices, please contact our Data Protection Officer: Data Protection Officer intella Email: privacy@intella.me 19. Governing Law and Jurisdiction This Privacy Policy shall be governed by and construed in accordance with the laws of the Arab Republic of Egypt, without regard to its conflict of laws provisions. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts of Cairo, Arab Republic of Egypt, unless otherwise required by applicable mandatory law granting jurisdiction to the courts of another jurisdiction. For data subjects in the European Economic Area, this policy is supplemented by applicable GDPR provisions, and you retain the right to lodge complaints with your local supervisory authority. For data subjects in the Kingdom of Saudi Arabia, this policy is supplemented by the PDPL and its implementing regulations, as well as applicable NDMO standards. intella.me — Confidential | Page 10 intella | Privacy Policy © 2021–2026 intella. All rights reserved. intella.me | privacy@intella.me

Ready to make Arabic your AI’s first language?

intella logo

Founded in 2021 to bridge the AI gap for Arabic, intella is dedicated to building technology that understands the rich cultural and linguistic nuances of our world. We don't adapt; we build from the ground up.

Instagram
linkedin
Youtube
Privacy Policy | Sovereign Data & Compliance | intella