How we handle your data.

This site is operated by Talon Global FZ-LLC, a consultancy practice registered in the UAE Freezone (IFZA), Dubai. The data controller is Darren Watts, founder. There is no data processor of record other than the email infrastructure named in §05.

If you have a question about this policy, write to darren@talon.ae. Replies inside one working day, Dubai time.

The minimum required to do the work, and not a byte more. Two categories:

• Brief formName, company, and one line of context. Submitted via the form on the Contact page. We do not collect your email address — replies go through the channel you contact us on.
• Talon waitlistEmail address only. Used once, to tell you when access opens.
• Inbound emailIf you write to darren@talon.ae directly, we hold the contents of your message and any attachments for as long as the engagement is live, and per §06 thereafter.
• Server logsStandard request logs at the hosting layer (IP, user-agent, request path, timestamp). Retained 30 days for security and abuse triage. Not joined to any other dataset.

We do not run client-side analytics, fingerprinting, session replay, or advertising pixels. We do not buy or enrich data from third parties.

Three reasons, all named in advance:

• Reply to youThe brief form exists so we can come back with a considered response inside one working day.
• Tell you onceThe Talon waitlist exists so we can send a single email when access opens. There is no follow-up sequence.
• Run the practiceIf we engage, we hold the records that any compliance-grade engagement requires — scope, deliverables, correspondence, invoices.

We process your personal data on one of three bases, depending on the interaction:

• ConsentThe Talon waitlist email — you give it to us, we use it once, you can withdraw at any time per §07.
• Legitimate interestsReplying to inbound briefs and inbound email. The interest is operating a consultancy that responds to enquiries; the interest does not override your fundamental rights.
• Contract / legal obligationIf you become a client, processing is necessary to perform the engagement and to meet our retention obligations under UAE and applicable UK regulation.

Three named processors. No others. We do not sell, rent, or syndicate your data.

• EmailResend (resend.com) handles transactional email from the website to darren@talon.ae. Data in transit is TLS-encrypted; Resend retains delivery logs per its own policy.
• HostingVercel (vercel.com) hosts the static website and runs the form server actions. Server logs as described in §02.
• InboxThe receiving inbox is operated by the founder under standard business email infrastructure.

Data may be processed in the EU, UK, US or UAE depending on which processor handles a given request. Transfers rely on standard contractual clauses where applicable.

• Brief formIf we don't engage: deleted within 90 days of the last reply. If we engage: rolled into the engagement record.
• WaitlistHeld until the launch email is sent, then deleted within 30 days. Earlier on request.
• Engagement recordsSix years from the close of the engagement, in line with UK statutory limitation and standard professional-services practice.
• Server logs30 days, then purged automatically.

You have the rights you would expect under UK GDPR and equivalent UAE protections: access, rectification, erasure, restriction, objection, portability, and withdrawal of consent. To exercise any of them, write to darren@talon.ae. We respond inside one working day; substantive action follows within 30 days.

You can also lodge a complaint with the supervisory authority in your jurisdiction. We will tell you which one applies if you ask.

This website sets no cookies at v1. There is no advertising tracker, no analytics tag, no session-replay script, no fingerprinting library. If that changes, this section will name the cookie, its purpose, and its expiry — and a banner will ask before any non-essential cookie is set.

Data in transit is TLS 1.2+ everywhere. Form submissions traverse Vercel and Resend over encrypted channels. Engagement records are held in encrypted-at-rest storage; access is limited to the founder and named delegates. We do not process payment-card data on this site.

If we ever suffer a breach affecting your data, we will tell you within 72 hours of becoming aware, and the nature of the breach, the data affected, and the steps we are taking — in plain English, with no PR varnish.

Material changes get a new version number, a new effective date, and an email to anyone we hold a current address for. Cosmetic changes (typos, clearer wording) are made silently. The current version is shown at the top of this page.

For anything in this policy: darren@talon.ae. Direct line. Read by Darren. Replies within one working day, Dubai time.