Privacy Policy

Al Gurg & Al Matrooshi Advocates & Legal Consultants

Effective Date: April 2026

1. Introduction

Al Gurg & Al Matrooshi Advocates & Legal Consultants ("GMALC", "we", "us") is committed to protecting the privacy and personal data of our clients, website visitors, and platform users. This Privacy Policy explains how we collect, use, store, and protect your information in compliance with UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law — "PDPL").

2. Data We Collect

Personal Information: Name, email address, phone number, Emirates ID (for client onboarding), nationality, and address — collected during consultations, onboarding, or contact form submissions.

Case Information: Legal documents, case facts, court filings, and correspondence uploaded to the Mizan platform for analysis.

Usage Data: Login timestamps, pages visited, features used, and device information — collected automatically for platform improvement and security monitoring.

AI Interaction Data: Questions submitted to Mizan Consult and Mizan Chat are processed by AI to generate legal analysis. Document text is extracted for analysis purposes.

3. How We Use Your Data

  • Providing legal services and representation
  • Generating AI-assisted legal analysis via the Mizan platform
  • Communicating case updates and appointment confirmations
  • Client identity verification and conflict-of-interest checks
  • Platform security, fraud prevention, and audit logging
  • Improving our services and Mizan's analytical capabilities

4. AI Processing & Third-Party Services

The Mizan platform uses Anthropic's AI technology to process legal queries and documents. When you submit a question or upload a document:

  • Document text is sent to Anthropic's API for analysis
  • Anthropic's commercial API terms prohibit use of input data for model training
  • Document content is processed in-memory and is not permanently stored on AI servers
  • We use Supabase (cloud database) for secure data storage within our platform

5. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Server-side authentication with zero credentials in client-side code
  • Role-based access controls (staff vs. client data isolation)
  • Audit logging of all authentication events and data access
  • Regular security reviews and vulnerability assessments

6. Your Rights (UAE PDPL)

Under UAE Federal Decree-Law No. 45 of 2021, you have the right to:

  • Access your personal data held by us
  • Rectify inaccurate or incomplete data
  • Delete your personal data (subject to legal retention requirements)
  • Restrict processing of your data in certain circumstances
  • Port your data to another service provider
  • Object to processing for direct marketing purposes

To exercise these rights, contact us at info@gmalc.ae or call 04 354 2000.

7. Data Retention

We retain personal data for as long as necessary to provide our services and comply with legal obligations. Case files are retained for a minimum of 7 years as required by UAE law. You may request deletion of non-essential data at any time.

8. Attorney-Client Privilege

All information shared within the attorney-client relationship is protected by professional privilege under UAE Federal Law No. 23 of 1991 (Advocacy Law), Article 37. This protection extends to all communications through the Mizan platform.

9. Cookies

We use essential cookies and local storage to maintain your session and language preferences. We do not use tracking cookies, advertising cookies, or third-party analytics. Your browsing activity is not shared with external parties.

10. Contact

For privacy inquiries: info@gmalc.ae · 04 354 2000
24th Floor, Burjuman Business Tower, Dubai, UAE