01. Compliance Architecture

This manifest outlines the security safeguards and telemetry constraints deployed across the afsa.ae Agentic Commerce ecosystem. In strict adherence to Federal Decree-Law No. 45 of 2021 on Personal Data Protection (UAE PDPL), we implement a zero-trust default stance for all data storage, transmission, and processing activities.

02. Hardened Infrastructure

All system metrics, partner credentials, and client database logs are encapsulated within a hardened technical perimeter:

• Encryption at Rest: Profile data is secured using AES-256 standard encryption on Google Firebase Cloud storage.
• Session Isolation: Active session tokens are verified via remote Google service JWKS keys at the edge middleware, preventing session hijacking or cross-site forgery.
• Transport Security: All client-to-server and agentic-dispatch APIs are strictly routed over HTTPS utilizing TLS 1.3 protocol.

03. Telemetry and Scopes

We process data solely to execute transactional logic. No telemetry is shared with external ad platforms or unverified sub-processors. Data retention is bounded by active utility:

• Active Sessions: Handled using temporary 24-hour cycle session cookies.
• Identity Data: WhatsApp numbers and full names collected during registration are scoped strictly to partner coordination, logistics notifications, and support tickets.

04. Audit & Verification Rights

In accordance with Section 13 (Rights of the Data Subject) of the UAE PDPL, you hold full authority over your data. You may request access to, correction of, or permanent deletion of your stored records. For inquiry cycles or to file a deletion request, coordinate with our Data Protection Officer at privacy@afsa.ae.