Get Demo

Security & Privacy Policy

1. Introduction

This policy describes how Mismar AI - FZCO ("Company," "we," "our") protects and manages Client data within the Mismar.ai platform.

This Security & Privacy Policy applies to all Clients of Mismar.ai. It outlines our commitments regarding data protection, system security, and privacy practices.

2. Data Ownership & Privacy

2.1 Ownership

Clients retain full ownership of all data entered into the system. The Company acts solely as a data processor, handling Client data only as instructed and in compliance with UAE Federal Decree-Law No. 45 of 2021.

2.2 Data Access & Control

  • Clients may access, modify, export, or delete their data at any time via admin controls

  • Databases can be deleted upon request

  • Clients are responsible for ensuring their data complies with applicable regulations

2.3 Data Retention

  • Upon termination, Clients have a 30-day grace period to export data

  • After 30 days, data is permanently deleted to protect Client privacy

3. Database Security

3.1 Data Isolation

  • Each Client's data is stored in a dedicated database with no sharing of data between Clients

  • Access control rules enforce complete isolation between databases on the same cluster

3.2 Encryption

  • All data in transit: Protected with 256-bit SSL encryption (HTTPS)

  • All data at rest: Encrypted with AES-256 (production and backups)

  • Internal server communications: End-to-end encryption

  • SSL certificates: 2048-bit modulus with full SHA-2 certificate chains

4. Password Security

  • Passwords protected with PBKDF2+SHA512 encryption (salted and stretched)

  • Company staff cannot access or retrieve Client passwords. Login credentials transmitted securely over HTTPS

  • Configurable rate limiting and cooldown for failed login attempts

  • Configurable minimum password length enforcement

  • Optional CAPTCHA for brute-force protection

5. Access Controls

5.1 Client Access

  • Clients control user permissions via admin settings

  • Role-based access control available

5.2 Staff Access

  • Company support staff use dedicated staff credentials (not Client passwords)

  • Access limited to settings relevant to support issues

  • All staff access is logged and auditable

  • Staff have signed NDAs protecting Client data confidentiality

For detailed information, refer to the OWASP Top Vulnerabilities guidelines at owasp.org.

6. Physical Security

Our servers are hosted in trusted data centers (e.g., OVH, Google Cloud) meeting the following criteria:

  • Restricted perimeter with authorized personnel access only

  • Physical access control via security badges or biometric authentication

  • 24/7 security camera monitoring

  • 24/7 on-site security personnel

7. Network Security

7.1 DDoS Protection

Data center providers maintain large network capacities with automatic and manual DDoS mitigation systems that detect and divert attack traffic at network edges.

7.2 Threat Prevention

  • Firewalls and intrusion prevention systems detect and block threats

  • Brute-force password attack protection

  • Configurable rate limiting and CAPTCHA options

8. Software Security

The platform is built on frameworks designed to prevent common security vulnerabilities:

  • SQL Injection: Prevented via ORM framework that abstracts query building

  • XSS (Cross-Site Scripting): Automatic escaping of all rendered expressions

  • CSRF (Cross-Site Request Forgery): Built-in protection requiring security tokens

  • Remote File Inclusion: No exposed functions; custom expressions run in sandboxed environments

  • Insecure Direct Object Reference: Access control enforced at data layer, not UI level

  • URL Access Restrictions: Security does not rely on hidden URLs; all requests validated

For detailed information, refer to the OWASP Top Vulnerabilities guidelines at owasp.org.

9. Backup & Disaster Recovery

9.1 Backup Schedule

14 full database backups maintained on Amazon S3:

  • Daily backups: Last 7 days

  • Weekly backups: Last 4 weeks

  • Monthly backups: Last 3 months

Backups can be stored on Client-owned online servers, either upon request or on a periodic basis. Full access to retrieve backups can be provided post-implementation whenever needed.

9.2 Backup Features

  • Each backup contains a complete database snapshot

  • Manual backups available upon request

  • Backups can be sent to Client-owned cloud or on-premise servers

  • Backup restoration available upon request

10. Monitoring

  • 24/7 automated system monitoring

  • Immediate alerts for performance degradation

  • Servers continuously patched against latest SSL vulnerabilities

11. Policy Updates

This policy may be updated to reflect legal, technical, or operational changes. The latest version would be available here on our website and upon request.

Mismar.ai is committed to advancing the construction industry by improving the lives of people working in construction, driving technology innovation, and building a global community of groundbreakers.
Discover the power to connect everyone and everything on one platform.
Office 1011, Dtec
04 372 4077
A5 Building, Dubai Digital Park
Dubai Silicon Oasis
Dubai, UAE
2026 | Mismar AI - FZCO | All Rights Reserved
Privacy Policy
|
Terms & Conditions