1. Introduction

At GrowX Global FZ-LLC (“GrowX Global”, “we”, “our”, “us”), we are committed to protecting your privacy and ensuring that your personal and financial data is handled responsibly, transparently, and securely.

This Privacy Policy explains how we collect, use, store, share, and protect your data when you use our mobile application, web platform, APIs, or other services that connect you with licensed financial institutions under the Central Bank of the UAE (CBUAE) Open Finance Framework.

Our Privacy Policy complies with:

• UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021 – PDPL)
• CBUAE Consumer Protection Regulation and Standards (2022)
• CBUAE Open Finance Framework v2.0 (Data Security & Consent Management)

By using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please stop using our services immediately.

2. About GrowX Global

GrowX Global FZ-LLC is a UAE-registered financial technology company (Trade License No. [Insert]) operating as a Third Party Provider (TPP) under the CBUAE Open Finance Framework.

We provide the following regulated open finance services:

• Account Information Services (AISP): Securely access and consolidate your financial data from multiple banks.
• Payment Initiation Services (PISP): Allow you to initiate payments directly from your bank account.
• Confirmation of Funds (CoF): Enable merchants or partners to verify fund availability for approved transactions.

We act as a data controller when collecting your personal data directly and as a data processor when handling data obtained from your bank under your explicit consent.

3. What Data We Collect

3.1. Personal Information

• Full name, email address, and contact number
• Business name, trade license, and role (for SME users)
• Identity verification details, if required by law

3.2. Financial Information (with Consent)

• Linked bank account details (account ID, name, type, currency)
• Account balances, transactions, and payment instructions
• Funds confirmation responses

3.3. Technical Data

• Device and browser details
• IP address, login timestamps, and app usage logs
• Session identifiers, crash data, and analytics

3.4. Communication Data

• Support tickets, chat transcripts, and feedback

4. How We Use Your Data

We process your data lawfully and transparently for the following purposes:

We never use your data for advertising or resale, and we will never access your bank credentials.

5. How We Obtain and Manage Your Consent

You will be asked to explicitly authorize GrowX Global before any access to your financial data is made. Consent is collected digitally via the GrowX Global app or portal, where you will see:

• The type of data requested
• The purpose of use
• The consent duration
• How to withdraw your consent

You may revoke consent at any time by:

• Using the “Manage Consents” section in the GrowX Global app,
• Through your bank’s consent management portal, or
• Emailing us at consent@growx.global

Upon revocation, all tokens and access permissions are immediately invalidated.

6. Data Sharing and Disclosure

We do not sell, lease, or trade your personal or financial information. Data is shared only under the following circumstances:

1. With Your Authorized Bank(s) – to access data, initiate payments, or confirm funds via CBUAE-certified APIs.
2. With Regulators or Law Enforcement – to comply with legal or regulatory obligations.
3. With Approved Service Providers – all bound by PDPL-compliant data processing agreements.

We ensure all third-party processors maintain the same or higher level of data protection.

7. Data Retention and Deletion

We retain your data only as long as required to fulfill the purposes described in this Policy or as mandated by law.

After expiration, data is securely erased using AES-256 deletion protocols or anonymized.

8. Data Storage and Cross-Border Transfers

• All systems and data are hosted in secure, Tier-3 UAE data centers.
• Transfers outside the UAE occur only to jurisdictions with adequate protection.
• All transfers are encrypted and governed by PDPL Articles 22–24.

9. Data Security

• End-to-end encryption (TLS 1.2+ and AES-256)
• Strong Customer Authentication (SCA)
• Role-based access control
• API gateway with WAF and rate limiting
• Continuous monitoring and SIEM
• Regular penetration testing
• 24x7 incident response

In case of a data breach, we will notify both you and the CBUAE within 24 hours, as required by regulation.

10. Your Rights Under the PDPL

• Access
• Correction
• Deletion
• Restriction
• Portability
• Withdraw Consent
• Complain to UAE Data Office

Contact privacy@growx.global — response within 30 days as per PDPL Article 13.

11. Cookies and Tracking

• Secure user sessions
• Maintain login state
• Optimize performance and analytics

No third-party marketing cookies are used.

12. Data of Minors

Services are intended for users aged 18+. Data from minors is deleted upon discovery.

13. Data Breach Notification

• Incident containment and investigation
• Notify users and CBUAE within 24 hours
• Transparent remediation reporting

14. Third-Party Links

Our app or website may link to third-party sites. We are not responsible for their privacy practices.

15. Changes to This Policy

• Regulatory or technical updates
• Advance notice (30 days)
• Updated effective date on top of this document

16. Contact Information

• GrowX Global FZ-LLC
• 📍 [Insert Office Address, UAE]
• 📧 privacy@growx.global
• 📧 compliance@growx.global
• 📧 support@growx.global
• 🌐 https://www.growx.global
• 📞 +971 [Insert Contact Number]

17. Acknowledgment

By using GrowX Global’s services, you confirm that you have read and understood this Privacy Policy and consent to the collection and processing of your data.

GrowX Global FZ-LLC
Empowering Open Finance in the UAE securely and responsibly.