Trust Center

Dembri's compliance, privacy, and AI governance posture, in public.

Procurement teams, partners, and regulators can reference this page to understand how Dembri runs. Every claim links to source documentation. Updated as our compliance evidence grows.

Last updated: 1 June 2026

Registered

Identity

DIFC Commercial License CL13580 — active to Jun 2027.

Documented

Privacy

PDPL + DIFC DP Law No. 5/2020 aligned controls.

Aligned

AI Governance

ISO/IEC 42001 Annex A controls implemented.

Disclosed

Identity & Incorporation

Legal entityDembri Technologies Ltd

DIFC registered number13580

Commercial licenseCL13580 — active, expires 10 Jun 2027

License typeDIFC Commercial License (software / data / AI — non-financial)

JurisdictionDIFC, Dubai — Dubai AI Campus, Innovation Hub · DIFC Courts

Registered addressIH-00-01-03-OF-05, Level 3, Innovation One, DIFC, Dubai

Founder / directorAsif Nagarkatti (sole director & shareholder)

Primary contactasif.n@dembri.com

Dembri Technologies Ltd is incorporated in the Dubai International Financial Centre under the Companies Law (DIFC Law No. 5 of 2018), registered number 13580, incorporated 11 June 2026. Identity, license, and registration are public records verifiable through the DIFC Registrar of Companies (difc.ae/operating/document-verification).

Privacy & Data Protection

Applicable laws

• UAE Personal Data Protection Law — Federal Decree-Law No. 45 of 2021
• DIFC Data Protection Law No. 5 of 2020 (applies as a DIFC-incorporated entity)
• EU GDPR (for EU-resident users)

Controls in place

• AES-256 encryption at rest, TLS 1.3 in transit
• Private file storage with signed, time-limited URLs (no public file links)
• Documented lawful bases per processing purpose (contract, legitimate interest, consent)
• Documented retention periods per data category
• Data subject rights honoured: access, deletion, portability, automated-decision review (PDPL Article 18)
• Subprocessors disclosed; data-flow mapped per subprocessor

Read full Privacy Policy AI Transparency Disclosure

AI Governance

Framework

ISO/IEC 42001:2023 AI Management System

Posture

Aligned — not formally certified

Aligned with

UAE Cabinet 2026 Agentic AI Framework

Crosswalked to

NIST AI Risk Management Framework

Controls implemented

• AI system registry: 8 systems tracked (internal + customer-facing)
• Per-system impact assessments (Low / Medium / High tiering)
• Mandatory human-in-the-loop on high-impact systems
• AI vendor risk assessments annually
• Quarterly internal audit cadence (next review: August 2026)
• Public AI transparency disclosure
• Incident response procedure documented

Read full AI Governance posture

Subprocessors

Every third party that processes Dembri data is listed below with purpose and Data Processing Agreement (DPA) status. We do not allow any vendor to train models on Dembri customer data.

AI Providers

Anthropic (Claude)

LLM inference for compliance assistant

DPA ✓

OpenAI (GPT)

LLM inference for document extraction

DPA ✓

Google (Gemini)

LLM inference for personalisation + reasoning

DPA ✓

Infrastructure

Vercel

Application hosting, edge network

DPA ✓

Supabase

Primary database, file storage, authentication

DPA ✓

Communication

Resend

Transactional + outreach email delivery

DPA ✓

Zoho

Inbound email hosting (asif.n@dembri.com)

DPA ✓

Research & Tools

Firecrawl

Web scraping for regulation monitoring

DPA ✓

Procurement & Diligence

Need a deeper review for your procurement process?

We respond to security questionnaires, custom DPAs, and architecture-level diligence requests. Typical turnaround is under 24 hours.

asif.n@dembri.com

Trust Center

Dembri's compliance, privacy, and AI governance posture, in public.

Procurement teams, partners, and regulators can reference this page to understand how Dembri runs. Every claim links to source documentation. Updated as our compliance evidence grows.

Last updated: 1 June 2026

Registered

Identity

DIFC Commercial License CL13580 — active to Jun 2027.

Documented

Privacy

PDPL + DIFC DP Law No. 5/2020 aligned controls.

Aligned

AI Governance

ISO/IEC 42001 Annex A controls implemented.

Disclosed

Subprocessors

All vendors documented with DPA status.

Identity & Incorporation

Legal entityDembri Technologies Ltd

DIFC registered number13580

Commercial licenseCL13580 — active, expires 10 Jun 2027

License typeDIFC Commercial License (software / data / AI — non-financial)

JurisdictionDIFC, Dubai — Dubai AI Campus, Innovation Hub · DIFC Courts

Registered addressIH-00-01-03-OF-05, Level 3, Innovation One, DIFC, Dubai

Founder / directorAsif Nagarkatti (sole director & shareholder)

Primary contactasif.n@dembri.com

Privacy & Data Protection

Applicable laws

• UAE Personal Data Protection Law — Federal Decree-Law No. 45 of 2021
• DIFC Data Protection Law No. 5 of 2020 (applies as a DIFC-incorporated entity)
• EU GDPR (for EU-resident users)

Controls in place

• AES-256 encryption at rest, TLS 1.3 in transit
• Private file storage with signed, time-limited URLs (no public file links)
• Documented lawful bases per processing purpose (contract, legitimate interest, consent)
• Documented retention periods per data category
• Data subject rights honoured: access, deletion, portability, automated-decision review (PDPL Article 18)
• Subprocessors disclosed; data-flow mapped per subprocessor

Read full Privacy Policy AI Transparency Disclosure

AI Governance

Framework

ISO/IEC 42001:2023 AI Management System

Posture

Aligned — not formally certified

Aligned with

UAE Cabinet 2026 Agentic AI Framework

Crosswalked to

NIST AI Risk Management Framework

Controls implemented

• AI system registry: 8 systems tracked (internal + customer-facing)
• Per-system impact assessments (Low / Medium / High tiering)
• Mandatory human-in-the-loop on high-impact systems
• AI vendor risk assessments annually
• Quarterly internal audit cadence (next review: August 2026)
• Public AI transparency disclosure
• Incident response procedure documented

Read full AI Governance posture

Subprocessors

Every third party that processes Dembri data is listed below with purpose and Data Processing Agreement (DPA) status. We do not allow any vendor to train models on Dembri customer data.

AI Providers

Anthropic (Claude)

LLM inference for compliance assistant

DPA ✓

OpenAI (GPT)

LLM inference for document extraction

DPA ✓

Google (Gemini)

LLM inference for personalisation + reasoning

DPA ✓

Infrastructure

Vercel

Application hosting, edge network

DPA ✓

Supabase

Primary database, file storage, authentication

DPA ✓

Communication

Resend

Transactional + outreach email delivery

DPA ✓

Zoho

Inbound email hosting (asif.n@dembri.com)

DPA ✓

Research & Tools

Firecrawl

Web scraping for regulation monitoring

DPA ✓

Procurement & Diligence

Need a deeper review for your procurement process?

We respond to security questionnaires, custom DPAs, and architecture-level diligence requests. Typical turnaround is under 24 hours.

asif.n@dembri.com