PRPM Solutions (“PRPM”, “we”, “our”, “us”) is an AI-automation and digital-solutions company headquartered in Amman, Jordan, serving clients worldwide. We design, build and operate AI-powered workflows, web applications and related professional services.
2. Why This Policy Matters
This Policy explains what personal data we collect, why we collect it, how we use it, and the choices you have. It is drafted to meet:
EU General Data Protection Regulation (GDPR) and the EU AI Act transparency duties for general-purpose AI models Privacy MattersReuters
California Consumer Privacy Act & CPRA amendments (collectively “CCPA”) cppa.ca.govTrustArc
If a local rule affords you stronger rights, we apply the stronger rule.
3. Information We Collect
CategoryExamplesSourceContact & Account Dataname, business email, phone, postal address, job title, login credentialsProvided by youService Usage DataIP address, device/-browser details, log files, interaction events, cookiesAutomatedContent & Uploadsdatasets, prompts, documents, code or images you submit to use our AI toolsProvided by youPayment & Billinginvoice details, payment method, tax IDs (if you subscribe to paid plans)Provided by you / payment processorAI Model Telemetrymodel queries, response metadata, safety filter results (pseudonymised)Automated
We do not intentionally collect sensitive personal data (e.g., health, biometric, religious beliefs). If you store such data in our systems you are responsible for having a lawful basis to do so.
4. How We Use Your Data (“Processing Purposes”)
PurposeLegal Basis<sup>1</sup>Provide, secure & maintain our platform and APIsContract performanceConfigure, train or fine-tune AI models for you (never shared across clients)Contract / Legitimate interestImprove and audit model quality and safety (aggregated & de-identified)Legitimate interestBilling, account management & customer supportContract / Legal obligationMarketing our own products (no third-party ads; opt-out anytime)Consent (where required)Comply with PDPL, GDPR, EU AI Act and CCPA requests & auditsLegal obligation
<sup>1</sup> Articles 6–7 GDPR, Art. 10 Jordan PDPL 2023, Cal. Civil Code §1798.100 et seq.
5. Cookies & Similar Tech
We use essential cookies for log-in and security and optional analytics cookies to understand feature adoption. You can adjust preferences in the in-app Privacy Settings or block cookies in your browser. Turning off cookies may impair functionality.
6. Data Sharing
We share personal data only when necessary:
Service providers (cloud hosting, email delivery, analytics) under confidentiality agreements.
Payment processors for billing compliance.
Regulators or law-enforcement when legally compelled (e.g., PDPL Art. 17, GDPR Art. 23). We never sell personal data or allow ad-tech tracking.
7. International Transfers
Our primary servers are in the EU and the UAE. When we move data outside Jordan or the EEA we rely on:
Every project gets a Model Card describing training data sources, limitations and intended use.
High-risk AI use-cases (as listed in EU AI Act Annex III) require explicit Data Protection Impact Assessments and human-in-the-loop oversight.
We log all model prompts & outputs for 30 days to monitor misuse; logs are then irreversibly pseudonymised.
Clients may opt-out of letting their prompts feed future generic model training—this does not affect fine-tuning done solely for them.
9. Data Retention
We keep data only as long as needed for the purpose collected, then delete or anonymise it:
Account data: while you have an active workspace + 2 years.
Contract & billing records: 7 years (statutory).
Support tickets: 3 years.
AI logs: 30 days (see §8).
10. Your Rights
Depending on where you live you may have the right to:
Access a copy of your data
Correct inaccurate data
Erase data (“right to be forgotten”)
Restrict or object to certain processing
Data portability
Opt-out of automated decision-making that produces legal or similarly significant effects
Opt-out of “sale” or “sharing” (CCPA)
Submit any request via [email protected]. We will verify your identity and respond within 30 days (GDPR/PDPL) or 45 days (CCPA).
11. Children’s Privacy
Our services are not directed to children under 16. We do not knowingly process children’s data. If we become aware of such data, we will delete it.
12. Security
We employ ISO 27001-aligned controls: encryption in transit & at rest, role-based access, routine penetration testing, and incident-response protocols. No system is 100 % secure; please report any suspected vulnerability to [email protected].
13. Changes to This Policy
We will post any updates here and, if changes are material, notify you by email or in-app message 30 days before they take effect.
If you believe we have not handled your concern satisfactorily, you may lodge a complaint with the Jordanian Data Protection Commission, your local EU/EEA supervisory authority, or the California Privacy Protection Agency as applicable.
By using PRPM Solutions you acknowledge you have read and understood this Privacy Policy.
