DXBComply (also branded as DXBComply) is a UAE compliance SaaS that helps businesses track trade license renewals, compliance deadlines, and government document expiries.
We handle your data carefully because we know how sensitive compliance information is. This policy explains exactly what we collect, why we collect it, who we share it with, and what rights you have over your data.
For any data-related questions, email: ainagarkatti@gmail.com
We only collect data that is necessary to run the service.
| Data | Why We Collect It |
|---|---|
| Full name | To identify you as a user and personalise your account |
| Email address | To send account notifications, renewal alerts, and login links. Also used as your login identifier. |
| Company name | To associate your compliance records with your business entity |
| WhatsApp number | To send renewal reminders and compliance alerts via WhatsApp |
| Emirates ID numbers | To track identity document expiries so you don't miss renewal deadlines |
| Trade license numbers | To track license renewal dates and send timely reminders |
| Document expiry dates | Core function of the service — we store the expiry dates you enter or extract from uploaded documents |
| Uploaded document files | You may upload PDFs or images of trade licenses, visas, Emirates IDs, and other compliance documents |
| Data Type | Retention Period |
|---|---|
| Account information (name, email, company, WhatsApp number) | Until you delete your account |
| Compliance data (license numbers, Emirates IDs, expiry dates) | Until you delete your account |
| Uploaded documents | Until you delete them or delete your account |
| Payment records | 5 years (UAE tax law requirement) — stored by Stripe, not by us |
| Usage analytics | 12 months, then anonymised |
When you delete your account, all your personal data and uploaded documents are permanently deleted within 30 days. Backup copies are purged within 60 days.
Your data is stored on Supabase, hosted in Frankfurt, Germany (EU region).
Data residency: your data resides in Frankfurt, Germany. It does not leave the EU economic area except when processed by our third-party tools listed in Section 6, which may process data in other regions.
We use the following services to run DXBComply. Each one has its own privacy and security measures. By creating an account you explicitly consent to these transfers under Article 22 of the UAE PDPL.
| Service | What It Does | Where |
|---|---|---|
| Supabase | Stores all your data (database + file storage) | Frankfurt, Germany |
| Resend | Sends email notifications (renewal reminders, account emails) | US / EU |
| Meta WhatsApp Cloud API | Sends WhatsApp renewal reminders (when this channel is enabled on your account) | US / EU / Ireland |
| Stripe | Processes subscription payments | US / EU |
| Anthropic (Claude) | Powers AI features (document analysis, smart reminders) | United States |
The UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) gives you the following rights:
Right to Know
Ask us what data we hold about you at any time. We'll send a full copy within 5 business days.
Right to Access
Log into your dashboard to see all your data directly. For a machine-readable export (JSON/CSV), email us.
Right to Correct
Edit most of your data directly in the dashboard. For anything stuck, email us and we'll fix it within 2 business days.
Right to Delete
Delete your account from dashboard settings. This permanently removes your profile, all compliance data, all uploaded documents, and all expiry tracking records.
Right to Restrict Processing
If you believe your data is incorrect or being processed unlawfully, ask us to pause processing while we investigate.
Right to Data Portability
Request a copy of your data in CSV or JSON format within 5 business days.
Right to Object
If we're processing your data for a purpose you didn't agree to, you can object and we'll stop.
To exercise any right: ainagarkatti@gmail.com — we respond within 5 business days and may ask you to verify your identity.
| Measure | What It Means |
|---|---|
| Encryption in transit | All data sent between your browser and our servers is encrypted with TLS 1.3 |
| Encryption at rest | Your data is encrypted on Supabase's servers |
| Access controls | Only you and authorised team members can access your data, with role-based permissions |
| Regular backups | Your data is backed up daily. Backups are encrypted and stored separately. |
| No third-party tracking | We don't use analytics scripts from Google, Facebook, or other ad networks |
We use only essential cookies:
We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Blocking all cookies will prevent you from logging in.
If we change this privacy policy, we will:
Significant changes (new data collection, new third-party processors) will require your explicit consent. Minor changes take effect immediately.
| Processing Activity | Legal Basis |
|---|---|
| Account creation and management | Your consent (you signed up and agreed to this policy) |
| Renewal reminders | Contractual necessity (this is the core service you signed up for) |
| AI document analysis | Your consent (you choose which documents to analyse) |
| Payment processing | Contractual necessity (we can't provide the service without payment) |
| Legal compliance (tax records) | Legal obligation (UAE tax law requires us to retain certain records) |
DXBComply is a business-to-business service. We do not knowingly collect data from anyone under 18. If you believe a minor has provided us with personal data, email ainagarkatti@gmail.com and we'll delete it immediately.
Your data is stored in Frankfurt, Germany (Supabase EU region). Some third-party processors (Anthropic, Resend, Stripe, Twilio) may process data in other countries, including the United States.
Where these countries have data protection laws that differ from UAE PDPL, we rely on:
In line with UAE PDPL Article 10, DXBComply has appointed a Data Protection Officer (DPO) responsible for monitoring our PDPL compliance, advising on data protection impact, acting as the contact point for the UAE Data Office, and handling all data-subject requests.
DPO: Asif Nagarkatti, Founder & CEO
Email: dpo@dxbcomply.ae (or ainagarkatti@gmail.com)
Response time: Within 5 business days for general queries; within 72 hours for suspected data breaches.
Language: English or Arabic
If you believe your personal data has been mishandled or breached, contact the DPO immediately. We're also happy to explain anything in this policy in simpler terms — just ask.