LEGAL & COMPLIANCE

Privacy & Governance Policy

Effective: 1 January 2026 · Last updated: March 2026 · Contact: info@fdimonitor.org

Global FDI Monitor is committed to protecting the privacy and data rights of all users. This policy governs how we collect, use, protect, and process data. By accessing the platform, you agree to this policy.

1. Data Protection & User Privacy

Area	Policy
Business Emails	Stored securely using AES-256 encryption. Used only for platform access, newsletter distribution, and account communications. Never shared with third parties.
Personal Data	Only business email and name collected at registration. No personal identification, financial, or sensitive data stored beyond what is strictly necessary for platform access.
Data Retention	User data retained for active account duration. Upon account closure, all personal data deleted within 30 days per GDPR Article 17 (Right to Erasure).
GDPR Compliance	Full GDPR compliance for EU users. Users may request data export or deletion at any time. Cookie consent banner implemented. Data Processing Agreement available for institutional users.
UAE Data Protection	UAE Federal Decree-Law No. 45 of 2021 compliance. Platform operates from UAE jurisdiction with EU-standard data protections applied globally.

2. Screenshot & Copy Protection

Area	Policy
Screenshots	Screenshot capture is disabled on dashboard pages via JavaScript event interception and CSS user-select controls. Content automatically watermarked with user ID and timestamp.
Copy Protection	Text selection disabled on premium intelligence content. Right-click context menus disabled on sensitive data visualizations.
Watermarks	All charts, visualizations, and exported documents display semi-transparent watermark: user email, organisation, timestamp, and unique session ID. Embedded in PDF exports.
Developer Tools	Platform monitors unusual access patterns consistent with data extraction. Systematic extraction without API authorization constitutes breach of terms and may result in account suspension.

3. Content Protection

Area	Policy
Data Export	Only structured PDF reports available for export. Raw data export (JSON, CSV, Excel) restricted to Enterprise tier with executed data licensing agreements.
PDF Reports	All reports branded with platform logo, user ID, organisation, timestamp, and unique document ID. Reports contain confidentiality disclaimer footer.
API Access	Restricted to Institutional and Enterprise tiers. Rate limiting: 100 req/min (Institutional), 1,000 req/min (Enterprise). API keys non-transferable.
Intellectual Property	All SCI scores, GFR calculations, SCI composites, signal intelligence, and methodology frameworks are proprietary IP of Global FDI Monitor.

4. Platform Governance

Area	Policy
User Roles	Three access tiers: (1) Trial — 7 days OR 2 reports OR 3 searches (whichever first); (2) Subscriber — Professional or Institutional paid tier; (3) Admin — Platform administrator (melsaadany@fdimonitor.org only).
Content Ownership	All data, signals, scores, analytics, and content remain IP of Global FDI Monitor. Users retain rights to custom report outputs and annotations.
Third-Party Sharing	No user data, usage patterns, or account information shared with third parties. Platform does not sell user data. No advertising networks have access.
Audit Trail	All user actions logged: login events, report generation, data access, signal queries, API calls, admin actions. Logs retained 90 days then permanently deleted.
No Advertising	Platform contains no advertising. Revenue derives exclusively from subscriptions, enterprise licensing, and custom intelligence mandates.

5. Security Measures

Area	Policy
Authentication	JWT tokens with 24-hour expiry. OAuth 2.0 options: Google Workspace and LinkedIn. 2FA mandatory for Admin, recommended for Institutional/Enterprise.
Encryption	TLS 1.3 for all data in transit. AES-256 for data at rest. Azure Key Vault for secrets. API keys encrypted and never logged in plain text.
Sessions	Auto-logout after 30 minutes of inactivity. Max 2 concurrent sessions per account. Suspicious concurrent activity triggers security alert.
Infrastructure	Azure DDoS Protection Standard. Microsoft Sentinel SIEM. Automated CVE scanning via Dependabot. Quarterly penetration testing.
Incident Response	Security incidents notified to affected users within 72 hours per GDPR Article 33. Platform administrator notified immediately.

6. Disclaimers & Legal

Area	Policy
Investment Advice	Global FDI Monitor does not provide investment, financial, or legal advice. All intelligence is for informational purposes only. Users must conduct independent due diligence. Platform accepts no liability for investment outcomes.
Data Accuracy	Intelligence sourced from 1,000+ verified institutional sources and validated via SCI protocol. Data is not guaranteed complete, current, or error-free. Verify critical data with primary sources.
Copyright	(c) 2026 Global FDI Monitor. All rights reserved. Unauthorized reproduction, distribution, or commercial use prohibited.
Governing Law	Governed by UAE law. Disputes subject to Dubai courts. DIFC Courts jurisdiction available for institutional clients.
Policy Updates	May be updated at any time. Material changes notified 30 days in advance. Continued use constitutes acceptance.

7. User Rights

Right of Access

Request full export of all personal data within 30 days.

Right to Rectification

Correct inaccurate data via account settings.

Right to Erasure

Request complete account and data deletion within 30 days.

Right to Portability

Export personal data in machine-readable format on request.

Right to Object

Opt out of all marketing via account settings or email.

Right to Restrict

Request restriction of processing during data accuracy investigation.

To exercise any right, contact info@fdimonitor.org with subject "Data Rights Request". Acknowledged within 48 hours, fulfilled within 30 days.

Questions about this policy?

Contact info@fdimonitor.org