| ← Back to Home

Privacy Policy

Your privacy is important to us. This policy explains how PerformAi collects, uses, and protects your personal information.

Last Updated: May 9, 2026

Table of Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. Data Storage & Security
  5. Data Sharing & Third Parties
  6. AI & Automated Data Processing
  7. Cookies & Tracking Technologies
  8. Data Retention
  9. Your Rights & Choices
  10. International Data Transfers
  11. Children's Privacy
  12. Changes to This Policy
  13. Contact Us

01. Introduction

Welcome to PerformAi ("we," "our," or "us"). PerformAi is an enterprise AI-powered performance management and strategy execution platform developed and operated by ICSS Technology. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform, including the Strategy Execution Hub (SEH), Performance Intelligence Hub (PIH), and AI Intelligence Hub (AIH).

By accessing or using the PerformAi platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the platform.

Scope: This policy applies to all users of the PerformAi platform, including administrators, managers, employees, and any other authorized personnel within your organization who access the platform.

02. Information We Collect

We collect information that you provide directly to us, information collected automatically through your use of the platform, and information from your organization's systems.

2.1 Information You Provide

  • Account Information: Name, email address, job title, department, employee ID, and profile photo
  • Organizational Data: Organization structure, reporting lines, team assignments, and role designations
  • Performance Data: Objectives, KPIs, performance reviews, feedback submissions, career development plans, and self-assessments
  • Strategic Data: Strategic plans, themes, initiatives, risk assessments, and progress check-ins
  • Communication Data: Comments, notes, review narratives, and feedback provided within the platform

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent on the platform, and interaction patterns
  • Device Information: Browser type, operating system, device type, screen resolution, and IP address
  • Log Data: Access times, error logs, and system performance metrics
  • Session Data: Login timestamps, session duration, and authentication events

2.3 Information from Integrated Systems

  • HR Systems: Employee records, organizational hierarchy, and employment details when integrated with your HRIS
  • Data Sources: External data connected through the Data Sources module for KPI tracking and analytics
  • Single Sign-On (SSO): Authentication tokens and identity attributes from your identity provider

03. How We Use Your Information

We use the information we collect for the following purposes:

PurposeDescription
Platform OperationsTo provide, maintain, and improve the PerformAi platform and its features
Strategy ExecutionTo enable strategic planning, objective cascading, initiative tracking, and risk management within SEH
Performance ManagementTo facilitate performance reviews, 360° feedback, career development, and KPI tracking within PIH
AI AnalyticsTo generate AI-powered insights, predictions, recommendations, and strategic analysis within AIH
Reporting & DashboardsTo create executive dashboards, progress reports, and organizational analytics
CommunicationTo send notifications, reminders, and system updates related to your use of the platform
SecurityTo detect, prevent, and respond to security incidents, fraud, and unauthorized access
ComplianceTo comply with legal obligations and respond to lawful requests from authorities

04. Data Storage & Security

We implement industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction.

4.1 Technical Safeguards

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) ensures users only access data relevant to their role and permissions
  • Authentication: Multi-factor authentication (MFA), SSO integration, and session management
  • Infrastructure: Enterprise-grade cloud infrastructure with SOC 2 Type II compliance
  • Monitoring: 24/7 security monitoring, intrusion detection, and automated threat response

4.2 Organizational Safeguards

  • Regular security audits and penetration testing
  • Employee security training and background checks
  • Incident response procedures and breach notification protocols
  • Data processing agreements with all sub-processors

Data Residency: Your organization can choose the geographic region for data storage. We offer hosting in multiple regions to comply with local data residency requirements.

05. Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

5.1 Within Your Organization

Your data is shared within your organization based on the reporting lines, role permissions, and access controls configured by your organization's administrators. For example:

  • Managers can view their direct reports' objectives, KPIs, and performance reviews
  • HR administrators can access employee performance data for review cycles
  • Strategy owners can view initiative progress and risk assessments

5.2 Service Providers

We engage trusted third-party service providers who assist in operating the platform, subject to strict data processing agreements:

  • Cloud infrastructure providers (hosting and storage)
  • AI/ML service providers (for AI Hub analytics processing)
  • Email and notification delivery services
  • Security and monitoring services

5.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of PerformAi, our users, or others.

06. AI & Automated Data Processing

The PerformAi platform uses artificial intelligence and machine learning to provide enhanced analytics and insights through the AI Intelligence Hub (AIH).

6.1 How AI Processes Your Data

  • AI Plan Analysis: Analyzes strategic plan data to generate executive summaries, risk predictions, progress forecasts, and actionable recommendations
  • Performance Predictions: Uses historical performance data to forecast trends and identify potential issues
  • Smart Recommendations: Generates suggestions for objective alignment, resource allocation, and risk mitigation
  • Anomaly Detection: Identifies unusual patterns in KPI data and performance metrics

6.2 AI Data Principles

  • Transparency: AI-generated insights are clearly labeled with confidence scores (e.g., 90% confidence)
  • No Autonomous Decisions: AI provides recommendations only — all decisions remain with human users
  • Data Isolation: Your organization's data is never used to train models for other organizations
  • Explainability: AI analysis includes reasoning and data sources for all recommendations

Important: AI-generated analysis is advisory in nature. PerformAi does not make automated decisions that produce legal or similarly significant effects on individuals without human oversight.

07. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience on the platform.

Cookie TypePurposeDuration
EssentialAuthentication, session management, and securitySession / 24 hours
FunctionalUser preferences, theme settings, and language1 year
AnalyticsPlatform usage patterns and feature adoption metrics90 days
PerformancePage load times, error tracking, and system health30 days

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may affect platform functionality.

08. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law or your organization's data retention policies.

8.1 Retention Periods

  • Active Account Data: Retained for the duration of your organization's subscription
  • Performance Reviews: Retained according to your organization's configured retention policy (default: 7 years)
  • Strategic Plans: Retained for the plan duration plus 3 years for historical analysis
  • Audit Logs: Retained for 3 years for security and compliance purposes
  • Usage Analytics: Aggregated and anonymized after 12 months

8.2 Data Deletion

Upon termination of your organization's subscription, we will delete or anonymize all personal data within 90 days, unless retention is required by applicable law. Your organization's administrator can request earlier deletion through the Admin Control panel.

09. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data (subject to legal obligations)
  • Right to Restrict Processing: Request limitation of how we process your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Non-Discrimination: Exercise your rights without receiving discriminatory treatment

How to Exercise Your Rights: Contact your organization's platform administrator or reach out to our Data Protection Officer at the contact details below. We will respond to verified requests within 30 days.

10. International Data Transfers

If your data is transferred to countries outside your jurisdiction, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by relevant authorities
  • Data Processing Agreements with all international sub-processors
  • Adequacy decisions where applicable
  • Binding Corporate Rules for intra-group transfers

We conduct transfer impact assessments to ensure that your data receives an equivalent level of protection regardless of where it is processed.

11. Children's Privacy

PerformAi is an enterprise platform designed for use by organizations and their employees. We do not knowingly collect personal information from individuals under the age of 16. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will notify your organization's administrators via email
  • A prominent notice will be displayed on the platform dashboard
  • The "Last Updated" date at the top of this policy will be revised
  • For significant changes, we may require re-acknowledgment of the updated policy

We encourage you to review this policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Data Protection & Privacy Inquiries

🏢Company: ICSS Technology
👤Data Protection Officer: Mahmoud AlFayoumi, General Manager
✉️Email: m.alfayoumi@icsstech.io
🌐Platform: performai.icsstech.io

Response Time: We aim to respond to all privacy-related inquiries within 5 business days and to formal data subject requests within 30 days as required by applicable law.