TERMS OF SERVICE
1. Introduction
Welcome to GrowX Global FZ-LLC (“GrowX Global”, “GrowX”, “we”, “our”, or “us”). GrowX Global operates as a Third Party Provider (TPP) under the Open Finance Framework issued by the Central Bank of the United Arab Emirates (CBUAE).
Through our Services, we enable individuals and small to medium-sized enterprises (SMEs) to securely access, aggregate, and manage financial data across different banks and to initiate payments directly from their accounts in a secure, consent-driven, and regulated environment.
We are committed to delivering transparent, compliant, and customer-centric services that align with the CBUAE’s Financial Infrastructure Transformation (FIT) Programme.
By accessing or using our Services, you agree to comply with and be legally bound by these Terms. If you do not agree, you must not use our Services.
2. About GrowX Global
2.1. Our Legal Standing
GrowX Global FZ-LLC is a financial technology company incorporated in the United Arab Emirates, holding a valid trade license issued by the Department of Economic Development under License Number [Insert License No.], with its registered office at [Insert Office Address].
- We do not store, hold, or control your funds.
- We do not open or manage your bank accounts.
- We do not provide credit or investment advice.
All transactions, data exchanges, and payment executions occur directly between you and your bank, under your explicit authorization.
2.3. Our Commitment
- CBUAE Consumer Protection Regulations (CPR)
- UAE Personal Data Protection Law (Federal Decree Law No. 45 of 2021)
- Financial Infrastructure Transformation Programme
- ISO/IEC 27001:2022 Information Security Standards
3. Eligibility
3.1. User Eligibility
- Be a natural person aged 18 or above or a legal business entity duly registered under UAE law.
- Have a valid bank account with a CBUAE-licensed financial institution participating in the Open Finance ecosystem.
- Be legally capable of entering binding agreements under UAE law.
- Use the Services for lawful purposes only, in accordance with applicable UAE regulations.
GrowX may require identity or business verification before enabling access to certain services or APIs.
4. User Consent and Authorization
4.1. Explicit User Consent
GrowX Global will only access or process your financial information after obtaining your explicit, informed, and unambiguous consent.
- Retrieving account information (AISP)
- Initiating payments (PISP)
- Confirming funds availability (CoF)
Consent is collected electronically through our secure portal in both English and Arabic.
4.2. Scope of Consent
- Accounts to which you grant access
- Data types to be shared (balances, transactions, beneficiaries)
- Duration of access (typically ≤90 days for AISP)
- Purpose of data use
- Parties with whom data is shared (your bank and GrowX Global)
4.3. Authentication and Authorization
- Redirect to your bank’s secure authentication page
- Bank verifies your identity via MFA
- Bank issues secure token after authorization
4.4. Revocation of Consent
- Within GrowX Global app (Manage Consents)
- Through your bank’s consent dashboard
- By contacting consent@growxglobal.ae
5. Data Collection and Use
5.1. Purpose of Data Processing
- To enable secure account aggregation and payment initiation
- To confirm availability of funds
- To comply with regulatory obligations (AML/CFT, audits, reporting)
- To improve user experience and provide support
5.2. Categories of Data Collected
The following table summarizes the data categories we collect:
| Category | Examples | Retention Period |
|---|
| Personal Information | Name, email, mobile number, ID number | Up to 5 years (per CBUAE retention policy) |
| Financial Data | Account numbers, balances, transactions | Up to 5 years |
| Device & Access Data | IP address, device ID, login logs | Up to 2 years |
5.3. Lawful Basis of Processing
- Explicit Consent (Article 5(1)(a))
- Legal Obligation (Article 5(1)(c))
- Legitimate Interest (Article 5(1)(d))
5.4. Data Minimization and Retention
We collect only essential data and retain it only for the required duration. After expiry, data is securely deleted or anonymized.
5.5. Data Sharing and Disclosure
- Authorized Financial Institutions (CBUAE-certified APIs)
- Regulatory authorities when legally required
- Service providers bound by confidentiality agreements
5.6. Cross-Border Data Transfers
- Transfers only to jurisdictions with adequate data protection
- CBUAE-approved contractual safeguards
- Encryption in transit and at rest
6. Data Security
- AES-256 encryption at rest and TLS 1.3 in transit
- Multi-factor authentication (MFA)
- ISO/IEC 27001-compliant controls
- Continuous monitoring and vulnerability testing
7. User Responsibilities
- Provide accurate and updated information
- Protect login credentials
- Comply with UAE laws and these Terms
- Report unauthorized use immediately
8. Intellectual Property
All content, logos, software, and APIs of GrowX Global are protected under intellectual property laws. Unauthorized use is prohibited.
9. Limitation of Liability
GrowX Global is not liable for indirect or consequential damages. The total liability shall not exceed AED 1,000 or the amount paid for the Services in the preceding six months.
10. Suspension and Termination
We may suspend or terminate access for violations, legal requirements, or security reasons. Upon termination, your rights to the Services cease immediately.
11. Amendments to Terms
We may update these Terms periodically. Changes take effect upon posting on our platform. Continued use constitutes acceptance.
12. Governing Law and Contact
These Terms are governed by UAE law. Disputes are subject to the jurisdiction of Abu Dhabi Global Market (ADGM) courts.
- GrowX Global FZ-LLC
- Email: legal@growxglobal.ae
- Website: www.growxglobal.ae
