Privacy Notice (UAE)

IT Doggy ("we", "us", or "our") is offered to users in the United Arab Emirates (UAE) by Tesseract FinTech Limited. For users in the UAE, Tesseract FinTech Limited acts as the Controller of your Personal Data. We provide an AI-powered virtual developer service designed to complement your existing development team, connecting your GitHub repositories and Linear workspace to automated code-generation agents.

This Privacy Notice explains what Personal Data we collect, how we use it, and the rights you have. It is issued in accordance with the DIFC Data Protection Law (DIFC Law No. 5 of 2020) and its associated regulations.

We collect the following categories of Personal Data, both directly from you and indirectly from the third-party platforms you choose to connect:

• Authentication Data — your GitHub account identifier and profile details, received from GitHub when you sign in.
• Integration Data — GitHub App installation identifiers, Linear workspace and team identifiers, and webhook events, received from GitHub and Linear.
• Configuration Data — onboarding status, team-to-repository mappings, and agentic preferences that you set in the portal.
• Transient Processing Data — Linear issue content and related repository context held in memory during task execution and not persisted.

Where Personal Data is obtained from a source other than you directly (for example, from GitHub or Linear), we rely on the authorisation you grant to those platforms when connecting them to IT Doggy.

IT Doggy is intended for use by software development professionals and is not directed at children. We do not knowingly collect Personal Data from children.

• Service operation — Authenticating you, managing integrations, and routing requests to the correct repositories and teams. Legal basis: performance of a contract with you.
• AI code generation — Sending issue context to AI providers so agents can analyse requirements and generate code on your behalf. Legal basis: performance of a contract with you.
• Integration management — Connecting your GitHub and Linear accounts and keeping mappings up to date. Legal basis: performance of a contract with you.
• Error diagnostics — Logging sanitised error messages (with secrets redacted) to diagnose and fix issues. Legal basis: our legitimate interests in maintaining a secure and reliable service.

IT Doggy does not ordinarily rely solely on automated decision-making when processing your Personal Data. The AI agents generate code suggestions in response to issues you assign to them; they do not make decisions that produce legal or similarly significant effects concerning you.

We share data with the following third-party services solely to operate IT Doggy:

• GitHub — OAuth authentication, GitHub App installation, and repository access for code operations.
• Linear — OAuth authentication, webhook events, and issue management.
• Hosting and Cloud Platforms — Authentication, hosting, cloud compute, cloud database, and cloud logging.
• AI model providers — Issue context is sent to AI provider APIs for code generation.

In addition, we may disclose Personal Data to competent authorities, regulators, or other parties where we are required to do so to comply with applicable law, regulation, court order, or other legal process.

The third-party providers listed above operate in jurisdictions outside the UAE. As a result, your Personal Data may be transferred to, stored in, or processed in countries other than the UAE.

Where transfers are made to a jurisdiction that has not been assessed by the DIFC Commissioner of Data Protection as providing an adequate level of protection, we rely on appropriate safeguards permitted under Articles 26 and 27 of the DIFC Data Protection Law, including standard contractual clauses, recognised certification schemes, or your explicit consent where applicable.

Your account and configuration data are retained for as long as your account is active. Transient processing data (e.g. issue content sent to AI agents) is held only in memory during execution and is not persisted.

When you delete your account or remove team mappings via the dashboard, associated data is removed through cascading deletes in our database.

Under the DIFC Data Protection Law, you have the following rights in respect of your Personal Data:

• Access — Request confirmation of whether we process your Personal Data and obtain a copy of it.
• Rectification — Request correction of inaccurate or incomplete Personal Data.
• Erasure — Request deletion of your Personal Data where the conditions in Article 34 of the DIFC Data Protection Law apply (for example, where the data is no longer necessary for the purposes for which it was collected). You can delete your account and associated data through the dashboard at any time.
• Restriction of processing — Request that we limit our processing of your Personal Data in certain circumstances.
• Data portability — Receive your Personal Data in a structured, commonly used and machine-readable format.
• Objection — Object to processing of your Personal Data carried out on the basis of our legitimate interests.
• Withdraw consent — Where processing is based on your consent, withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Lodge a complaint — Lodge a complaint with the DIFC Commissioner of Data Protection if you believe our processing of your Personal Data does not comply with the DIFC Data Protection Law.

To exercise any of these rights, please contact us using the details at the bottom of this page. We will respond within one month of receiving your request, in accordance with the DIFC Data Protection Law. Where a request is particularly complex or where we have received a number of requests, this period may be extended as permitted by the law, and we will inform you of any such extension.

We will not discriminate against you for exercising any of these rights.

If a Personal Data Breach occurs that is likely to result in a high risk to your rights, we will notify you without undue delay, in accordance with Article 40 of the DIFC Data Protection Law. Where required, we will also report the breach to the DIFC Commissioner of Data Protection.

Our notification will describe the nature of the breach, its likely consequences, the measures we have taken or propose to take, and the contact point from which you can obtain further information.

IT Doggy does not use tracking or advertising cookies. We use cookies and local storage only for essential functionality to operate the service and maintain user sessions.

If you have questions about this Privacy Notice or wish to exercise your rights under the DIFC Data Protection Law, please contact Tesseract FinTech Limited through one of the following channels:

• Email: dp@tesseractfin.tech
• Written request: Tesseract FinTech Limited, Dubai AI Campus, Level 3, Innovation One, DIFC, Dubai, UAE

You may also contact the DIFC Commissioner of Data Protection at:

• Email: commissioner@dp.difc.ae
• Address: Dubai International Financial Centre Authority, Level 14, The Gate Building, Dubai, UAE
• Phone: +971 4 362 2222