Trust Center

Dembri's compliance, privacy, and AI governance posture, in public.

Procurement teams, partners, and regulators can reference this page to understand how Dembri runs. Every claim links to source documentation. Updated as our compliance evidence grows.

Last updated: 1 June 2026

In Registration

Identity

DIFC AI License — issuance expected June 2026.

Documented

Privacy

PDPL + DIFC DP Law No. 5/2020 aligned controls.

Aligned

AI Governance

ISO/IEC 42001 Annex A controls implemented.

Disclosed

Subprocessors

All vendors documented with DPA status.

Identity & Incorporation

Legal entityDembri (incorporating June 2026)
JurisdictionDIFC, Dubai — AI Innovation Hub
License typeDIFC AI License (Tech License)
Trade license statusPending issuance
Registered addressDIFC, Dubai, United Arab Emirates
FounderAsif Nagarkatti
Primary contactasif.n@dembri.com

Dembri operates under founder accountability prior to incorporation. Once the DIFC trade licence is issued, this section will be updated with the licence number and registered company name.

Privacy & Data Protection

Applicable laws

  • • UAE Personal Data Protection Law — Federal Decree-Law No. 45 of 2021
  • • DIFC Data Protection Law No. 5 of 2020 (post-incorporation)
  • • EU GDPR (for EU-resident users)

Controls in place

  • • AES-256 encryption at rest, TLS 1.3 in transit
  • • Private file storage with signed, time-limited URLs (no public file links)
  • • Documented lawful bases per processing purpose (contract, legitimate interest, consent)
  • • Documented retention periods per data category
  • • Data subject rights honoured: access, deletion, portability, automated-decision review (PDPL Article 18)
  • • Subprocessors disclosed; data-flow mapped per subprocessor
Read full Privacy Policy AI Transparency Disclosure

AI Governance

Framework

ISO/IEC 42001:2023 AI Management System

Posture

Aligned — not formally certified

Aligned with

UAE Cabinet 2026 Agentic AI Framework

Crosswalked to

NIST AI Risk Management Framework

Controls implemented

  • • AI system registry: 8 systems tracked (internal + customer-facing)
  • • Per-system impact assessments (Low / Medium / High tiering)
  • • Mandatory human-in-the-loop on high-impact systems
  • • AI vendor risk assessments annually
  • • Quarterly internal audit cadence (next review: August 2026)
  • • Public AI transparency disclosure
  • • Incident response procedure documented
Read full AI Governance posture

Subprocessors

Every third party that processes Dembri data is listed below with purpose and Data Processing Agreement (DPA) status. We do not allow any vendor to train models on Dembri customer data.

AI Providers

Anthropic (Claude)
LLM inference for compliance assistant
DPA ✓
OpenAI (GPT)
LLM inference for document extraction
DPA ✓
Google (Gemini)
LLM inference for personalisation + reasoning
DPA ✓

Infrastructure

Vercel
Application hosting, edge network
DPA ✓
Supabase
Primary database, file storage, authentication
DPA ✓

Communication

Resend
Transactional + outreach email delivery
DPA ✓
Zoho
Inbound email hosting (asif.n@dembri.com)
DPA ✓

Research & Tools

Firecrawl
Web scraping for regulation monitoring
DPA pending
Explorium (Vibe Prospecting)
B2B prospect data enrichment
DPA pending
Procurement & Diligence

Need a deeper review for your procurement process?

We respond to security questionnaires, custom DPAs, and architecture-level diligence requests. Typical turnaround is under 24 hours.

asif.n@dembri.com