Skip to main content

Heatguard Privacy Policy

Effective date: September 12, 2025
Heatguard LLC and its affiliates in the Gulf Cooperation Council provide AI-driven safety and compliance services for outdoor and industrial work. This Privacy Policy explains how we handle personal data in the United Arab Emirates and across the GCC, in line with applicable national data protection laws.

(1) Who we are and scope

This Policy applies to our websites, mobile apps, dashboards, APIs, and tele triage services. “You” means workers, supervisors, administrators, and visitors who use or interact with Heatguard.

(2) Roles and responsibility

Heatguard acts as a data controller for the Services it provides directly. When an employer deploys Heatguard for its workforce, the employer is also a controller. Heatguard may act as a processor to the employer for certain modules. We rely on written agreements to define roles and obligations.

(3) Data we collect

  • Identity and profile: name, employee or site ID, role, contact details.
  • Work context: site, crew, shift schedule, incident and near-miss logs, training status.
  • Vitals and safety signals: temperature readings, heart rate, hydration prompts, symptoms reported, break events, fatigue flags.
  • Location and device data: GPS when safety monitoring is active, device identifiers, app version, crash and diagnostic logs.
  • Tele triage: call recordings where permitted, triage notes, care recommendations.
  • Usage and analytics: feature use, response times, performance metrics, consent records.
 We do not collect more than needed. Some data may be sensitive health data. We process it with higher safeguards.

(4) How we use data

  • Deliver heat and fatigue monitoring, alerts, and break guidance.
  • Power AI risk scoring, pattern detection, and recommendations.
  • Enable nurse tele triage and support emergency response.
  • Generate compliance, safety, and insurance reports.
  • Improve accuracy through testing and quality assurance using de-identified or aggregated data.
  • Meet legal and regulatory requirements in the UAE and other GCC states.

(5) Legal bases

We rely on one or more of the following:
  • Contract necessity to provide the Services to your employer.
  • Consent for optional features like continuous location, health signals, or call recording where required.
  • Legitimate interests to improve safety, prevent fraud and abuse, and secure our systems.
  • Vital interests in emergencies to protect life or health.
  • Legal obligation where a regulator or law requires reporting.

(6) Regional hosting and transfers

  • Data is hosted in regional data centers. Data stays in region choices for GCC where possible.
  • If data must leave the GCC, we use approved safeguards such as contractual protections and transfer risk assessments.
  • We keep records of data flows and apply least-transfer principles.

(7) Security

  • Encryption in transit and at rest.
  • Role-based access with least privilege.
  • Masked worker identities where an employer enables that mode.
  • Fine-grained consent for vitals and location.
  • Annual third-party security audits, ongoing vulnerability testing, and continuous monitoring.
  • Vendor security reviews and data processing agreements.

(8) Retention

We keep personal data only as long as needed for the purpose collected, to comply with law, or to resolve disputes. When the period ends, we delete or anonymize the data. Retention periods can vary by country and employer policy.

(9) Sharing and disclosure

We share data only as needed:
  • Medical and tele triage partners to provide care and advice.
  • Insurance partners to prepare and submit claims, with employer approval.
  • Government authorities where reporting is required by applicable law.
  • Service providers such as hosting, analytics, and messaging under strict contracts.
 We do not sell personal data.

(10) Your choices and rights

Subject to local law, you may have the right to:
  • Access your data and get a copy.
  • Correct inaccurate data.
  • Delete data in specific cases.
  • Restrict or object to certain processing.
  • Withdraw consent for non-essential processing. Port data where technically feasible.
 To make a request, email privacy@heatguard.ae. We will verify your identity and respond within the time limits set by local law. You may also contact your national data protection authority.

(11) Cookies and SDKs

We use cookies and mobile SDKs for session management, security, analytics, and feature performance. You can manage non-essential cookies in your browser or in-app settings where available.

(12) Children

Our Services are for adults in the workplace. We do not knowingly process data of individuals under the legal working age.

(13) Automated decisions and AI

Our AI produces risk scores and recommendations. A human can review and override alerts. You can ask for an explanation of key factors that drove a decision where required by law.

(14) International operations

Heatguard operates in multiple GCC states. When local law requires a different approach, we follow the stricter rule.

(15) Changes to this Policy

We may update this Policy to reflect changes in law or our Services. We will post the new version with the effective date. Your continued use means you accept the updated Policy.

(16) Contact us

Heatguard LLC

Dubai, United Arab Emirates

Email: privacy@heatguard.ae

For legal requests: legal@heatguard.ae