Privacy Policy
Your privacy matters to us. This policy explains how we collect, use, store, and protect your personal and financial data in compliance with UAE law.
Table of Contents
Section 1
Introduction
This Privacy Policy (“Policy”) describes how Jasmine Entertainment FZE, a free zone establishment incorporated and registered in the Sharjah Publishing City Free Zone, United Arab Emirates, with its registered office at Publishing City, Business Center, Sharjah, UAE (“Company,” “we,” “us,” or “our”), collects, uses, stores, shares, and protects your information when you use the Daftar platform available at getdaftar.ae (the “Platform” or “Service”).
By using the Platform, you consent to the collection, use, and processing of your information as described in this Policy. If you do not agree with this Policy, please do not use the Platform.
Section 2
Information We Collect
We collect the following categories of information in connection with the Service:
2.1 Personal Information
Account information: Name, email address, phone number, and authentication credentials (managed through Clerk)
Identity verification: Information you provide to verify your identity when creating an account or contacting support
Communication data: Records of your communications with us, including support requests and feedback
2.2 Organizational Information
Business details: Company name, trade license number, legal entity type, and industry sector
Tax information: Tax Registration Number (TRN), VAT registration status, and fiscal year configuration
Address information: Registered business address, emirate of operation, and free zone affiliation
Contact directory: Names, emails, phone numbers, and addresses of your business contacts stored in the Platform
2.3 Financial Information
Invoice data: Invoice numbers, amounts, line items, VAT calculations, payment terms, and customer information
Receipt data: Scanned images, extracted vendor names, amounts, dates, categories, and VAT details
Transaction data: Bank transaction records, categorizations, reconciliation status, and payment details
Credit note data: Credit note details, reference invoices, and adjustment amounts
Reports: VAT return data, profit & loss statements, and other financial reports
Bank statements: Uploaded bank statement files and extracted transaction data
2.4 Technical Information
Device information: Device type, operating system, browser type and version
Log data: IP address, access timestamps, pages viewed, referring URLs, and actions taken
Usage data: Features used, frequency of use, and interaction patterns
2.5 AI Interaction Data
Chat conversations: Messages exchanged with the AI financial assistant
Document processing: Documents and images submitted for AI-powered extraction and analysis
Categorization inputs: Transaction descriptions and data submitted for AI categorization
Section 3
How We Use Your Information
We use your information for the following purposes, each supported by a lawful basis for processing under the UAE PDPL:
3.1 Service Provision
Contractual Necessity- Create and manage your account
- Provide bookkeeping, invoicing, and financial management features
- Generate e-invoices in UBL/PINT-AE XML format
- Facilitate e-invoice submission to the FTA through ASPs
- Process receipt scans and extract data using AI
- Import, categorize, and reconcile bank transactions
- Generate VAT returns, P&L reports, and other financial reports
- Power the AI financial chat assistant
- Send invoices and documents via email on your behalf
3.2 Service Improvement
Legitimate Interest- Analyze usage patterns and improve features and performance
- Improve the accuracy of AI models and extraction capabilities
- Identify and fix bugs, errors, and security vulnerabilities
- Develop new features and services
3.3 Communication
Contractual / Legitimate Interest- Send service-related notifications, billing and account alerts
- Respond to your support requests and inquiries
- Notify you of changes to the Service or policies
- Send product updates and feature announcements (opt-out available)
3.4 Legal and Regulatory Compliance
Legal Obligation- Comply with applicable UAE laws, regulations, and lawful requests
- Maintain records as required by tax and commercial law
- Enforce our Terms & Conditions and protect our legal rights
- Prevent fraud, money laundering, and other illegal activities
Section 4
AI Processing Disclosure
4.1 How AI Processes Your Data
Receipt & document extraction
Images are sent to AI models (Google Gemini and Anthropic Claude) for OCR and data extraction. Extracted data is returned and stored in our database.
Transaction categorization
Descriptions and amounts are processed by AI models (Claude Haiku and Gemini Flash) to suggest appropriate expense or revenue categories.
Financial chat assistant
Your messages, along with relevant financial context, are sent to Anthropic Claude Sonnet for processing. Conversation history is maintained within your session.
Reconciliation suggestions
Transaction and document data is analyzed using pattern detection to suggest matches between bank transactions and invoices or receipts.
4.2 AI Data Handling
4.3 Your Rights Regarding AI Processing
You have the right to: (a) be informed that your data is being processed by AI systems; (b) request human review of significant AI-generated decisions; (c) opt out of non-essential AI processing where technically feasible; and (d) request correction or deletion of AI-processed data as described in Section 10.
Section 5
Third-Party Service Providers
We share your information with the following third-party service providers, solely to the extent necessary for them to perform services on our behalf:
Clerk
User authentication and identity management
Cloudflare
Web hosting, CDN, and file storage (R2)
Anthropic (Claude)
AI chat, receipt extraction, categorization
Google (Gemini)
AI document extraction, categorization
Resend
Transactional email delivery
Railway
Database hosting (PostgreSQL)
ASP Providers
E-invoice submission to the FTA
Section 6
Data Storage and Security
6.1 Storage Location
Your data is stored on servers in secure data centers. Our primary database is hosted on Railway, and file storage is on Cloudflare R2. Some data may be stored in data centers outside the UAE (see Section 9 for international transfer details).
6.2 Security Measures
Encryption in transit
All data encrypted using TLS 1.2+ (HTTPS)
Encryption at rest
Sensitive data encrypted with industry-standard algorithms
Access controls
Multi-tenant isolation with per-organization access
Authentication security
MFA, session management, brute-force protection via Clerk
API security
Authenticated with shared secrets and org identifiers
Regular updates
Dependencies and infrastructure maintained against vulnerabilities
6.3 Incident Response
In the event of a data breach, we will: (a) notify the relevant UAE data protection authority within the required timeframe; (b) notify affected users without undue delay where there is high risk to their rights; and (c) take immediate steps to contain and remediate the breach.
Section 7
Data Retention
7.1 Retention Periods
Active account
Retained while your account is active
Financial records
Per Article 78, FDL 8/2017 and FTA requirements
Real estate records
For real estate-related transactions
Post-termination
Data export window after account termination
Technical logs
Server logs and access records
AI interaction data
Anonymized and aggregated for improvement
7.2 Legal Retention Obligations
We may retain your data longer where required by applicable UAE law, regulation, or court order, or where necessary for the establishment, exercise, or defense of legal claims.
Section 9
International Data Transfers
We use third-party providers whose servers may be outside the UAE. When your data is transferred internationally, we ensure appropriate safeguards per the UAE PDPL:
- Ensuring the receiving jurisdiction provides adequate data protection
- Implementing contractual clauses requiring equivalent protection standards
- Applying technical measures (encryption) to protect data during transfer
- Limiting data transferred to what is strictly necessary
Primary transfer jurisdictions
United States: Cloudflare, Anthropic, Railway, Clerk, Resend
US / EEA: Google
Section 10
Your Rights Under UAE PDPL
Under the UAE Federal Decree-Law No. 45 of 2021, you have the following rights:
Right to Access
Request access to the personal data we hold about you
Right to Rectification
Request correction of inaccurate or incomplete data
Right to Erasure
Request deletion, subject to legal retention requirements
Right to Restriction
Request restricted processing in certain circumstances
Right to Data Portability
Receive your data in a machine-readable format (CSV/JSON)
Right to Object
Object to processing based on legitimate interest
Right to Withdraw Consent
Withdraw consent at any time for consent-based processing
Right to Automated Decisions
Not be subject to decisions based solely on automated processing
10.1 Exercising Your Rights
To exercise any of the above rights, email us at support@getdaftar.ae with the subject line “PDPL Data Rights Request.” We will respond within 30 days. We may need to verify your identity before processing your request.
10.2 Complaints
If you believe your data protection rights have been violated, you may lodge a complaint with the UAE Data Office or contact us directly.
Section 11
Children's Privacy
The Platform is designed for business use and is not directed at children under 18. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided data to us, contact us at support@getdaftar.ae and we will take steps to delete it.
Section 12
Government and Regulatory Disclosure
We may disclose your data to government authorities where:
- Required by applicable UAE law, regulation, or court order
- Necessary to comply with a legal obligation or lawful government request
- Necessary to prevent or detect fraud, money laundering, or criminal activity (per FDL 20/2018 on Anti-Money Laundering)
- Necessary for the establishment, exercise, or defense of legal claims
Where the Platform submits e-invoices to the FTA on your behalf (through an ASP), e-invoice data (TRN, invoice details, VAT information) will be shared with the FTA as part of the legally mandated e-invoicing process.
Section 13
Business Transfers
In the event of a merger, acquisition, asset sale, or restructuring, your data may be transferred to the successor entity. We will notify you and ensure the successor is bound by privacy obligations no less protective than this Policy.
Section 14
Do Not Track Signals
As there is currently no universal standard for interpreting “Do Not Track” (DNT) signals, the Platform does not currently respond to DNT browser signals. We will revisit this as industry standards evolve.
Section 15
Changes to This Policy
We may update this Policy from time to time. When we make material changes:
- We will update the “Last updated” date at the top
- We will post a notice on the Platform
- For significant changes, we will send email notification at least 15 days before changes take effect
Continued use of the Platform after the effective date constitutes acceptance. We encourage you to review this Policy periodically.
Section 16
Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Jasmine Entertainment FZE
Data Protection Contact
Publishing City, Business Center
Sharjah, United Arab Emirates
For data protection inquiries, include “PDPL Inquiry” in the subject line to ensure your request reaches the appropriate team.
Terms & Conditions
Read the full terms governing your use of the Daftar platform.