Privacy Notice

How Threshold handles your data.

Last updated 24 May 2026

Who we are

Threshold is a boutique AI governance firm registered in the Dubai International Financial Centre. The data controller is Mustafa Ali, the founder. For all data-related queries, contact hello@thresholdfirm.com.

What we collect

Threshold collects personal data in two situations: when you complete the contact form, and when you complete the AI Readiness Diagnostic. In both cases, the data is provided directly by you.

Contact form. Your name, role, institution, institutional email address, and the message you write describing what you are trying to address.

Diagnostic responses. Your name, role, institution, institutional email address, and the responses you give across the institutional context questions, the six maturity dimensions, and any optional notes. The PDF report generated at completion is also transmitted to Threshold.

We do not use cookies, analytics, or any third-party trackers. We do not collect technical information about your device beyond what is automatically logged by our hosting provider for security purposes.

Diagnostic responses, in particular

The diagnostic is designed as a pre-session preparation tool. Your responses help Threshold understand your institution's current position before any conversation, so that any session we run together is grounded in your reality rather than generic content.

Your diagnostic responses are not shared with anyone outside Threshold. They are not aggregated, benchmarked, sold, or used for marketing. If you choose not to proceed with a session, your responses are deleted from our systems within 90 days of completion. You can request deletion at any time before that.

Why we collect it

We collect this data so that we can respond to your enquiry, prepare a meaningful working session if you choose to book one, and remain in correspondence with you about AI governance matters relevant to your institution. The legal basis under UAE Federal Decree-Law 45 of 2021 (PDPL), and equivalent provisions in other GCC jurisdictions, is your explicit consent at the point of submission combined with our legitimate interest in serving institutional clients.

Where it is stored

Form submissions are stored by Netlify Forms, the managed form-submission service Threshold uses to receive enquiries. Diagnostic PDFs are also stored by Netlify Forms. Email correspondence is held in Threshold's Microsoft 365 mailbox. No data is shared with third parties beyond these processing services. No data is sold, rented, or used for advertising.

How long we keep it

Contact form submissions are retained for up to 24 months from the date of last meaningful correspondence, then permanently deleted. Diagnostic responses are retained for 90 days if no session is booked, or for the duration of the engagement plus 24 months if a session goes ahead. You can request earlier deletion at any time.

Your rights

Under the UAE PDPL and equivalent GCC laws, you have the right to: access the data we hold about you, request correction of inaccurate data, request deletion of your data, object to specific uses, and withdraw consent at any time. To exercise any of these rights, write to hello@thresholdfirm.com and we will respond within thirty days.

Cross-border transfers

Threshold operates from the DIFC, Dubai. Netlify operates servers in multiple international jurisdictions. Microsoft 365 mail data is held according to its standard regional data residency. For healthcare institutions whose data is subject to UAE federal medical-data rules prohibiting transfer outside the country, please note that the diagnostic is designed for institutional self-assessment and should not be used to transmit patient-identifying medical data. The responses captured are about your institution's governance posture, not patient records.

Changes to this notice

If we make material changes to how we handle your data, we will update this notice and change the "Last updated" date above. For substantive changes affecting existing relationships, we will also notify you by email.

Questions

For any question about this notice, your data, or how Threshold operates, write to hello@thresholdfirm.com.