Trust & Security

Privacy Center

Detailed documentation on how HawkNest protects student data, manages AI transparency, and complies with global data protection regulations.

Last updated: 20 April 2026

Data Protection Principles

Integrity & Confidentiality

We protect all personal data against unauthorized access, loss, or damage using industry-standard encryption and access controls.

Purpose Limitation

Data is collected only for specified, explicit purposes related to educational guidance and career planning.

Data Minimisation

We collect only the minimum data necessary to deliver personalised guidance and improve the platform.

Accuracy

We take reasonable steps to ensure personal data is accurate, complete, and kept up to date.

UAE data residency. All personal data is stored and processed within the United Arab Emirates (AWS me-central-1), with AI workloads on Microsoft Azure OpenAI Service (Enterprise), also hosted in the UAE. We do not transfer personal data outside the UAE in the ordinary course of operations.

Retention & Deletion Policies

Active Accounts

Data retained while account is active and student is enrolled. Regular reviews ensure data remains relevant.

Analytics & Backups

Analytics and usage data is retained up to 24 months, then aggregated or anonymised. Disaster-recovery backups rotate on a 35-day cycle.

Hard Deletion

Upon request or after retention period, all personal data is permanently deleted from active systems within 30 days.

Read full Data Retention Policy →

AI Transparency

Automated Decision-Making

HawkNest does not make autonomous admissions decisions. Our AI supports guidance by providing recommendations, career matches, and pathway suggestions that students and counsellors review together.

No Foundation Model Training

Student data, user prompts, and assessment responses are never used to train, fine-tune, or improve any third-party or foundation AI model. AI subprocessors are contractually restricted from doing so. Service improvements use only anonymised, aggregated, or synthetic data.

Read Responsible AI Policy →

Compliance Mapping

RequirementApplicable LawStatus
Lawful basis for processing
UAE PDPL
 Compliant
Data subject rights (access, rectification, erasure, portability)
UAE PDPL
 Compliant
Cross-border transfer safeguards
UAE PDPL
 Compliant
Data breach notification
UAE PDPL
 Compliant
Data Protection Officer
UAE PDPL
 Compliant
Parental/guardian consent for minors
UAE PDPLUAE CDS Law
 Compliant
Age verification & gating (13+)
UAE CDS Law
 Compliant
Highest-privacy defaults for users under 18
UAE CDS Law
 Compliant
AI content filters & age-appropriate safeguards
UAE CDS Law
 Compliant
Safeguarding incident reporting (24 hr)
UAE CDS Law
 Compliant

UAE PDPL = Federal Decree-Law No. 45 of 2021. UAE CDS Law = Child Digital Safety Law, Federal Decree-Law No. 3 of 2024.

Contact Our Data Protection Officer

For privacy inquiries, data access requests, or concerns about how we handle your data, please contact our Data Protection Officer.

Email: support@hawknest.ai

We aim to respond within 5 business days.

Legal Documents

Privacy Policy

How we collect, use, and protect your personal data.

Read document →

Terms of Service

The agreement governing use of the HawkNest platform.

Read document →

Acceptable Use Policy

Rules and expectations for using HawkNest responsibly.

Read document →

Cookie Policy

How we use cookies and similar tracking technologies.

Read document →

Data Retention & Deletion

How long we keep data and how we delete it.

Read document →

Responsible AI Policy

Our commitments to ethical and transparent AI use.

Read document →

Children's Safety & Safeguarding

How we safeguard minors using HawkNest.

Read document →