Emirate ERP

UAE Accounting
TRUST CENTRE

Your Data. Our Responsibility.

Full transparency on how we protect your financial data. No vague promises — specific controls, real certifications, and honest timelines.

Security Certifications

SOC 2 Type II
In Audit — Q3 2026
ISO 27001
Assessment Phase — Q4 2026
UAE PDPL Compliant
Active
GDPR Aligned
Active

Data Residency

Your data is stored in the UAE

All primary data resides in the Middle East region. No data leaves the UAE without your explicit consent.

Region
AWS me-central-1 (UAE)
Provider
Supabase Hosted

Encryption

Data at rest
AES-256-GCM
Industry-standard symmetric encryption applied to your database, file uploads, and all backups.
Data in transit
TLS 1.3
All connections use the latest transport encryption. Older TLS versions are rejected.
Passwords
bcrypt + salt
One-way hashing ensures passwords are never stored in plaintext. Even our engineers cannot read them.
Salary data
Field-level encryption
Employee salaries and sensitive compensation data are encrypted at the field level with separate keys.

Access Controls

Role-based access control (RBAC)
7 granular roles — Owner, Admin, Accountant, Auditor, Sales, HR, Viewer. Each role sees only what they need.
Two-factor authentication (2FA)
TOTP-based 2FA via Google Authenticator, Authy, or 1Password. Required for Owner accounts on Enterprise.
Session timeout
Configurable auto-logout after inactivity (15 minutes to 8 hours). Protects unattended workstations.
IP allowlist
Restrict access to specific IP addresses or ranges. Ideal for office-only access policies.
Tamper-proof audit log
Every action logged with user, timestamp, IP, and before/after values. Append-only — no one can delete entries.
Login history
Track every successful and failed login with device, browser, and IP. Export to CSV anytime.

Uptime & SLA

99.9%
Uptime Commitment
Our infrastructure is designed for high availability. Service credits apply if we miss this target.
4 hrs
P1 Response Time
Critical incidents (complete service outage) receive a response within 4 hours, 24/7.

Data Export — Leave Anytime

Leave anytime. One click. All your data.

Export every byte of your financial data in CSV, JSON, or PDF format. No lock-in, no waiting period. We delete your tenant from production within 30 days of cancellation.

CSVJSONPDF

Sub-processors

SupabaseDatabase & Authentication
Location: UAE (me-central-1)
VercelCDN & Edge Network
Location: Global
OpenAIOCR & AI Features
Location: USOpt-in only — disabled by default

This list is updated when sub-processors change. Last reviewed: April 2026.

Contact

Data Protection Officer

For PDPL requests, data subject access requests, or privacy inquiries.

dpo@emirateerp.com
Security Team

To report vulnerabilities, request our security questionnaire, or discuss compliance requirements.

security@emirateerp.com

Ready to move your finances to a platform you can trust?

Also read our Security, Privacy Policy, and Terms of Service.

Emirate ERP AI

Sales Advisor · Online

👋 Hi! I'm the Emirate ERP AI — your personal guide to the UAE's most complete ERP platform. Before we dive in, what's your full name?

✦ Emirate ERP Sales AI