Aurex Intelligence Logo
AurexIntelligence

Privacy Policy

Effective Date: June 12, 2026

Last Updated: June 12, 2026

Company: Aurex Intelligence Ltd

Registered Address: Fairview Building, KK 622 St, Kigali, Rwanda

Contact: dpo@aurex-int.com

1. Introduction

Aurex Intelligence (“we,” “us,” or “our”) is a premier AI and technology consultancy specialising in AI Strategy, Custom Machine Learning (ML) Development, Data Engineering, Intelligent Process Automation, and sector‑specific solutions for Government, Fintech, Healthcare, Agriculture, and SMEs. We collectively bring decades of experience delivering transformative digital solutions across East Africa, international organisations, and global technology markets spanning four continents and over two million end users.

We are committed to protecting the privacy, security, and integrity of the personal and corporate data entrusted to us by our clients, partners, end‑users, and website visitors. This Privacy Policy outlines how we collect, use, process, and safeguard data in strict compliance with the Republic of Rwanda’s Law N° 058/2021 of 13/10/2021 relating to the protection of personal data and privacy, alongside relevant sector‑specific regulations (e.g., National Bank of Rwanda guidelines, healthcare confidentiality laws, and international data protection standards).

2. Scope of Application

This policy applies to:
  • Clients & Partners: Government agencies, parastatals, financial institutions, healthcare providers, agricultural enterprises, and SMEs.
  • End‑Users: Individuals interacting with the digital solutions, platforms, or applications developed, managed, or automated by Aurex Intelligence.
  • Website Visitors: Users accessing our corporate website, portals, or marketing materials.
  • Employees & Contractors: Personnel engaged in the delivery of our services.

3. Types of Data We Collect and Process

Depending on the engagement and the specific CORE area of service, we may process the following categories of data:
  • Personal Identification Data: Names, contact details, national IDs, professional titles, and authentication credentials.
  • Business & Corporate Data: Company registration details, financial records, organizational charts, and operational data.
  • Technical & Usage Data: IP addresses, device information, browser types, system logs, API usage metrics, and telemetry data.
  • Sensitive Personal Data: Processed only under a strict legal basis and enhanced security. This includes health/medical data (for Healthcare innovation projects), biometric data, and financial transaction data (for Fintech and banking solutions).
  • AI & ML Training Data: Aggregated, anonymized, or pseudonymized datasets used to train, validate, or improve custom machine learning models, strictly governed by client data-sharing agreements.

4. Legal Basis for Processing

In accordance with Rwandan data protection law, we process data based on one or more of the following legal grounds:
  1. Explicit Consent: Obtained directly from the data subject for specific purposes (especially required for sensitive data).
  2. Contractual Necessity: Required to fulfill our obligations under a service agreement, Software‑as‑a‑Service (SaaS) contract, or consulting engagement.
  3. Legal Obligation: To comply with statutory requirements, including tax laws, anti‑money laundering (AML) regulations, or directives from regulatory bodies.
  4. Legitimate Interest: For network security, fraud prevention, and internal administrative purposes, provided it does not override the fundamental rights and freedoms of the data subject.

5. How We Use Your Data

We utilize collected data strictly for the following purposes:
  • Delivering, maintaining, and improving our AI, software engineering, and automation solutions.
  • Conducting data analytics and generating insights as contracted by our clients.
  • Ensuring system security, preventing unauthorized access, and conducting vulnerability assessments.
  • Communicating with clients regarding project updates, support, and billing.
  • Complying with audits, regulatory reporting, and legal requests from competent authorities.

Note on AI Development: Aurex Intelligence does not use client‑specific, confidential, or personally identifiable information (PII) to train public, foundational AI models. Custom ML models are developed in isolated, secure environments, and data used for training is strictly anonymized or pseudonymized unless explicit, written consent is provided by the data controller (our client).

6. Data Security and Server Infrastructure Protection

Given our work with banks, governments, and healthcare providers, Aurex Intelligence implements enterprise‑grade, defense‑in‑depth security measures across all our server environments and digital infrastructure, including:
  • Encryption: All data stored on our servers and transmitted across our networks is heavily encrypted, utilizing industry‑standard protocols for data in transit (e.g., TLS 1.2/1.3) and data at rest (e.g., AES‑256).
  • Server Isolation & Architecture: Client data is strictly segregated. Depending on the sensitivity of the data and client requirements, we utilize logical isolation (dedicated virtual environments) or physical isolation (dedicated bare‑metal servers) to ensure no cross‑contamination of data between different clients or projects.
  • Access Control: Strict Role‑Based Access Control (RBAC) and Multi‑Factor Authentication (MFA) are enforced for all personnel accessing our server environments, administrative panels, and client databases.
  • Incident Response: A formalized Data Breach Notification Protocol is in place. In strict compliance with Articles 43 and 44 of Rwanda’s Law N° 058/2021, we will notify the relevant regulatory authorities and affected clients within 48 hours of becoming aware of a qualifying data breach or unauthorized server intrusion, alongside immediate steps to mitigate the impact.

7. Data Storage, Server Locations, and Localization

Aurex Intelligence utilizes secure, enterprise‑grade server infrastructure to host, process, and store data. The specific physical or cloud‑based locations of these servers are determined by the contractual requirements of our clients and the applicable data sovereignty laws of the jurisdiction in which the data originates.
  • Data Localization: For clients subject to strict data localization mandates under Rwandan law (such as specific government ministries, parastatals, and financial institutions regulated by the National Bank of Rwanda), personal and sensitive data is hosted exclusively on servers physically located within the Republic of Rwanda.
  • International Server Environments: For engagements where local hosting is not legally mandated, data may be hosted on secure, internationally certified server environments. In such cases, the servers are located in jurisdictions that provide adequate data protection, or we implement strict legal and technical safeguards to ensure the data remains protected to the standard required by Rwandan law.

8. Data Sharing and Third‑Party Server Processors

We do not sell, rent, or trade personal data. We may share data with authorized third parties only under the following circumstances:
  • Authorized Sub‑processors: We may utilize trusted third‑party server hosting and cloud infrastructure providers to assist in processing and storing data. All such third‑party server providers are bound by strict Data Processing Agreements (DPAs) and are contractually obligated to maintain security standards equivalent to or greater than our own, and to comply with all applicable data protection laws.
  • Legal Requirements: When compelled by a valid court order, subpoena, or lawful request from competent regulatory or law enforcement bodies.
  • Corporate Transactions: In the event of a merger, acquisition, or asset sale, subject to strict confidentiality and data protection undertakings.

9. Cross‑Border Data Transfers

If a project requires transferring personal data outside the Republic of Rwanda, Aurex Intelligence ensures strict compliance with Chapter V of Law N° 058/2021 by ensuring:
  1. The destination country provides an adequate level of data protection as recognized by Rwandan authorities, OR
  2. We implement appropriate safeguards, such as approved Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs), and obtain necessary authorizations from the relevant regulatory body prior to the transfer.

10. Data Retention

We retain personal and corporate data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by applicable laws (e.g., financial records retained for the statutory period required by Rwandan tax and banking regulations). Upon contract termination or expiration, data is securely deleted or returned to the client, accompanied by a Certificate of Destruction upon request.

11. Rights of the Data Subject

Under Rwandan law, individuals have the right to:
  • Be Informed: Know how their data is being processed.
  • Access: Request a copy of their personal data held by us.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure (“Right to be Forgotten”): Request deletion of their data, subject to legal retention requirements.
  • Restriction & Objection: Object to or restrict the processing of their data under certain conditions.
  • Data Portability: Receive their data in a structured, commonly used, and machine‑readable format.

To exercise these rights, please contact our Data Protection Officer (DPO). We will respond to verified requests within thirty (30) days, as mandated by law.

12. Cookies and Tracking Technologies

Our corporate website uses essential cookies to ensure proper functionality and analytics cookies (with user consent) to improve user experience. Users can manage cookie preferences via their browser settings.

13. Children’s Privacy

Our services are primarily directed at enterprises, governments, and adults. We do not knowingly collect personal data from children under the age of 18. If we become aware that such data has been collected, we will take immediate steps to delete it.

14. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, new technologies, or updates to Rwandan and international data protection laws. Significant changes will be communicated to our clients via email or a prominent notice on our website.

15. Contact Information and Regulatory Authority

For any questions, concerns, or requests regarding this Privacy Policy or your data, please contact our designated Data Protection Officer (DPO):

Aurex Intelligence

Attention: Data Protection Officer

Email: dpo@aurex-int.com

Phone: +250 799 530 503

Physical Address: Fairview Building, KK 622 St, Kigali, Rwanda

In the event of an unresolved complaint, data subjects have the right to lodge a formal complaint with the National Cyber Security Authority (NCSA) / Data Protection Office, the designated regulatory authority for data protection in the Republic of Rwanda.