Privacy Policy
Last Updated: April 2026
This Privacy Policy complies with UAE Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data (PDPL).
Welcome to Emirate ERP. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our software-as-a-service (SaaS) platform.
1. Data Controller & Data Protection Officer
Data Controller: Emirate ERP Technology LLC, registered in Dubai, United Arab Emirates.
📧 Data Protection Officer (DPO)
Email: dpo@emirateerp.com
Response time: Within 30 days of receiving your request (PDPL Art. 14)
Postal: Emirate ERP, P.O. Box XXXXX, Dubai, UAE
If you are not satisfied with our DPO's response, you have the right to lodge a complaint with the UAE Data Office, the competent authority under the PDPL.
2. What Information Do We Collect?
We collect personal information that you voluntarily provide to us when you register on the Emirate ERPServices, express an interest in obtaining information about us or our products, or contact us.
2.1 Personal Data
- Name, email address, phone number, company name
- UAE Tax Registration Number (TRN)
- Trade License number and Emirates ID (if provided)
- Account credentials (passwords are hashed and never stored in plain text)
2.2 Financial Data
- Accounting entries, invoices, and bills you create within the platform
- Bank account details (IBAN) for payment processing and WPS
- Tax return data generated through our VAT and Corporate Tax modules
2.3 Automatically Collected Data
- IP address, browser type, and operating system
- Usage analytics (pages visited, feature usage — anonymized)
- Session cookies and authentication tokens
3. How Do We Use Your Information?
We process your personal information for these purposes in reliance on the following lawful bases under PDPL Article 5:
- Contractual Necessity (Art. 5(2)): To provide core accounting, invoicing, and tax compliance services.
- Legal Obligation (Art. 5(3)): To comply with UAE tax laws (FTA filings, audit file retention).
- Legitimate Interest (Art. 5(5)): To improve our platform, prevent fraud, and ensure security.
- Consent (Art. 5(1)): To train our AI OCR models using anonymized receipt data (opt-in only).
4. Your Data Rights Under PDPL
Under the UAE Personal Data Protection Law, you have the following rights:
| Right | PDPL Article | How to Exercise |
|---|---|---|
| Right of Access | Art. 13 | Export your data from Settings > Data Privacy |
| Right to Rectification | Art. 14 | Edit your profile or contact DPO |
| Right to Erasure | Art. 15 | Delete account from Settings > Data Privacy |
| Right to Data Portability | Art. 16 | Download data in JSON format |
| Right to Object | Art. 17 | Toggle off consents in Settings > Data Privacy |
| Right to Withdraw Consent | Art. 7 | Manage consent toggles anytime |
5. Data Retention
We retain your data only for as long as necessary to fulfill the purposes outlined in this policy:
- Financial & Tax Records: 5 years from the end of the relevant tax year, as required by UAE Commercial Companies Law and FTA regulations.
- Payroll & WPS Records: 5 years, as required by UAE Labour Law.
- Audit Logs: 5 years, for anti-fraud and regulatory compliance.
- Account Profile Data: Duration of your account plus 90 days after deletion request.
- Cookies: Maximum 12 months from placement. See our Cookie Policy.
After the retention period expires, data is either permanently deleted or irreversibly anonymized.
6. Data Residency & Cross-Border Transfers
In compliance with PDPL Article 22, your data is stored within UAE-adjacent cloud infrastructure. We do not transfer your personal data to jurisdictions outside the UAE without:
- Your explicit consent, or
- Adequate data protection safeguards recognized by the UAE Data Office, or
- A legal obligation requiring such transfer.
Our database infrastructure uses AES-256 encryption at rest and TLS 1.3 encryption in transit. All backups are geo-restricted to the Middle East region.
7. Data Security
We implement industry-standard security measures to protect your data:
- AES-256 encryption for data at rest
- TLS 1.3 for all data in transit
- Row-Level Security (RLS) ensuring complete tenant isolation
- Immutable, cryptographically-signed audit logs
- Two-factor authentication available for all accounts
- Regular penetration testing and vulnerability assessments
8. Data Breach Notification
In the event of a personal data breach, we will notify the UAE Data Office within 72 hours of becoming aware of the breach, in accordance with PDPL requirements. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly via email without undue delay.
9. Children's Privacy
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date above. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:
Data Protection Officer: dpo@emirateerp.com
General Inquiries: support@emirateerp.com
Postal Address: Emirate ERP Technology LLC, Dubai, UAE
Supervisory Authority: UAE Data Office — dataoffice@uaegovernment.ae