قانوني
Privacy Policy — Amaan (أمان)
آخر تحديث 2026-06-24
الترجمة العربية قيد الإعداد
هذا المستند متاح حالياً باللغة الإنجليزية فقط. جارٍ إعداد ترجمة عربية احترافية.
This Privacy Policy explains how [COMPANY LEGAL NAME] ("Amaan", "we", "us") collects, uses, discloses, and protects personal data when you use the Amaan platform at [DOMAIN] (the "Service"). We act as a data controller for account data and, where we process tax and business data on your instructions, as a data processor on your behalf.
We process personal data in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and its implementing regulations.
1. Who we are
[COMPANY LEGAL NAME], [LICENSE / REGISTRATION NO.], [REGISTERED ADDRESS, UAE]. Contact: [PRIVACY CONTACT EMAIL]. Data Protection Officer / contact: [DPO NAME / EMAIL].
2. What data we collect
- Account data: name, email, phone, password (hashed), role, preferred language.
- Company & tax data: company name, Tax Registration Number (TRN), trade licence details, free-zone status, financial year, revenue, VAT and Corporate Tax records, transactions, returns, deadlines, penalties, QFZP data, and audit information.
- Documents: invoices, bank statements, and other files you upload, plus AI-extracted data from them.
- Sensitive identifiers: certain fields (e.g. counterparty names/TRNs) that may constitute personal data are encrypted at rest (AES-256-GCM).
- Payment data: billing details processed by our payment processor (we do not store full card numbers).
- Usage & technical data: log data, device/browser information, IP address, and product analytics needed to operate and secure the Service.
3. Legal bases for processing (PDPL Art. 4)
We rely on one or more of: your consent; performance of our contract with you; compliance with a legal obligation; and our legitimate interests in operating, securing, and improving the Service, balanced against your rights.
4. How we use your data
To provide and operate the Service; calculate VAT/Corporate Tax and penalties; generate filings, audit files (FAF), and e-invoices; send deadline reminders and notifications (email/WhatsApp/in-app); process payments; provide support; ensure security and prevent fraud; comply with law; and improve the Service.
5. AI features
Some features use AI models to classify transactions, analyse uploaded documents, and answer tax questions. Relevant data is sent to our AI sub-processor (see §7) solely to return a result to you. We do [not permit / specify] the use of your data to train third-party models. [Confirm exact terms with the AI provider and state them here.]
6. Sharing & disclosure
We share personal data only with the sub-processors in §7, with authorities where legally required, and in connection with a corporate transaction (with safeguards). We do not sell personal data.
7. Sub-processors
We use the following providers to deliver the Service (verify and keep current):
- Vercel — application hosting
- Supabase — database, authentication, file storage
- Stripe — payment processing
- Anthropic — AI processing (transaction classification, document analysis, advisor)
- Resend — transactional email
- Meta Platforms — WhatsApp Cloud API notifications
- Upstash — rate limiting
- Sentry — error monitoring
8. International transfers
Some sub-processors process data outside the UAE. Where we transfer personal data abroad, we do so in accordance with PDPL cross-border transfer rules and put appropriate safeguards in place. [State hosting regions and safeguards once finalised.]
9. Data retention
We retain personal data for as long as your account is active and as needed to provide the Service. Tax and accounting records are retained to meet UAE statutory record-keeping obligations (e.g. FTA retention periods of up to 5+ years), and certain records (e.g. tax transactions, audit logs) cannot be deleted before those periods expire. After the applicable period we delete or anonymise the data.
10. Security
We use technical and organisational measures including encryption in transit (TLS) and at rest, row-level access isolation between tenants, role-based access control, audit logging, and rate limiting. No system is perfectly secure, but we work to protect your data and will notify you and the competent authority of a qualifying personal-data breach as required by the PDPL.
11. Your rights (PDPL)
Subject to the PDPL, you have the right to: access your data; request correction; request deletion; restrict or object to processing; request data portability; and withdraw consent at any time (without affecting prior lawful processing). To exercise these rights, contact [PRIVACY CONTACT EMAIL]. You may also complain to the UAE Data Office.
12. Children
The Service is not directed to anyone under 18 and we do not knowingly collect their data.
13. Changes
We may update this Policy and will post the new version with a revised "Last updated" date; material changes will be notified as required.
14. Contact
[COMPANY LEGAL NAME] — [PRIVACY CONTACT EMAIL] — [REGISTERED ADDRESS].
Sources informing this draft: UAE Federal Decree-Law No. 45 of 2021 (PDPL), effective 2 January 2022. This draft is not a substitute for legal advice.