Privacy Policy

This Privacy Policy explains how DocuBay Corporate Services Provider L.L.C ("DocuBay", "we", "us") collects, uses, stores, shares, and protects information when you access or use our website(s), web application(s), portals, mobile experiences, and related services (collectively, the "Platform").

Where relevant, this Privacy Policy also explains how personal data may be processed in connection with services provided by third-party service providers ("Vendors") that are listed on, routed through, or coordinated via the Platform, including legal services provided by New Age Legal Consultancy FZE (and/or other legal service providers engaged as Vendors).

This Privacy Policy is intended to align with applicable UAE data protection requirements, including the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) ("UAE PDPL"), as applicable.

1. Who We Are (Controller / Platform Operator)

Platform Operator. The Platform is operated by DocuBay Corporate Services Provider L.L.C.

Service Delivery Model. Depending on the service:

• DocuBay may deliver certain corporate/government-related services directly (where covered by DocuBay's licensing scope).
• Many services are delivered by independent, third-party Vendors (e.g., audit/tax, legal translation, attestations, banking facilitation, insurance-related services, specialist legal services), who act within their own licensing and professional obligations.

Legal Services. Where legal services are offered through the Platform, such legal services may be delivered by New Age Legal Consultancy FZE (Trade License No. 441697401) and/or other licensed legal service Vendors (as applicable).

2. Scope of This Privacy Policy

This Privacy Policy applies to:

• Visitors of our websites (e.g., marketing website pages),
• Users of hub.docubay.ae (or any successor portals),
• Customers subscribing to DocuBay plans (e.g., Compliance Core/Pro),
• Individuals acting on behalf of a customer business (owners, directors, employees, authorised representatives),
• Individuals whose documents are uploaded to the Platform (e.g., employee passport/Emirates ID where relevant).

If you are a Vendor or applying to become a Vendor, your information may also be processed under this Privacy Policy and/or additional vendor onboarding terms.

3. Definitions

For this Privacy Policy:

• "Personal Data" means information relating to an identified or identifiable person (e.g., name, email, phone number, Emirates ID, passport details).
• "Sensitive Personal Data" (where applicable) includes higher-risk data types (e.g., identification documents, biometrics, certain financial data) as defined under applicable law.
• "Client" means a business customer and/or its authorised users using the Platform.
• "Vendor" means a third-party service provider listed on or providing services through the Platform.

4. What Information We Collect

We collect information in three main ways: (a) you provide it, (b) it is generated through your use, or (c) it is provided by third parties.

4.1 Information You Provide Directly

This may include:

• Account & profile data: name, email, mobile number, job title, company name, login credentials (or token-based login), user role/authorisation details.
• Business onboarding data: trade license details, company registry information, shareholder/manager information, UBO-related information (where relevant), authorised signatory details.
• Service request data: information you submit for an application or request (e.g., service category selected, notes, instructions, jurisdiction, deadlines).
• Document uploads (Document Vault): passports, Emirates IDs, visas, trade licenses, establishment cards, certificates, contracts, and other documents uploaded by you or on your behalf.
• Communications: emails, WhatsApp messages, call notes, support tickets, meeting booking details, and feedback.

4.2 Identity / Access Information (e.g., UAE PASS or OTP where used)

If the Platform supports UAE PASS or similar identity flows, we may receive confirmation attributes (e.g., verified name and identifiers) and technical tokens required to authenticate you, subject to the relevant identity provider's process and your consent where required.

4.3 Payments & Subscription Information

If you purchase subscriptions or pay fees through the Platform, we may process:

• subscription plan details,
• invoice and payment status,
• transaction references, timestamps, and receipts.

We typically do not store full card details ourselves; those are generally handled by regulated payment processors/payment gateways, who process such data under their own privacy and security obligations.

4.4 Usage, Device, and Log Data

When you use the Platform, we may collect:

• IP address, browser type, device identifiers, operating system,
• login timestamps and session security logs,
• feature usage, clicks, pages visited, and error logs (for stability/security).

4.5 Cookies and Similar Technologies

We may use cookies and similar technologies for:

• essential site functionality,
• analytics and performance measurement,
• security and fraud prevention,
• (where enabled) marketing/retargeting.

You can control cookies via your browser settings and, where available, our cookie preferences tool.

4.6 Information From Third Parties

Depending on your selected services and integrations, we may receive information from:

• Vendors (e.g., status updates, required documents, outcomes),
• government portals/authorities (where lawful and via authorised access),
• identity providers (e.g., verification attributes),
• payment providers (e.g., payment confirmation),
• analytics providers (for performance measurement).

5. Why We Use Your Information (Purposes)

We use Personal Data for the following purposes:

5.1 To Operate the Platform

Including creating accounts, managing access, enabling secure login, maintaining session logs, and providing core functionality.

5.2 To Provide Services and Coordinate Vendor Delivery

DocuBay's Platform helps route requests and coordinate delivery. This can include:

• organising and validating submissions,
• tracking service requests and statuses,
• coordinating between you and the relevant Vendor,
• facilitating document handling and secure sharing (where required).

5.3 To Provide DocuBay-Delivered Services (Where Applicable)

For service categories delivered directly by DocuBay (within its licensing scope), we use Personal Data to process those requests, coordinate submissions, and manage service completion.

5.4 To Manage Subscriptions, Billing, and Accounting

Including invoicing, receipts, collections, refunds (where applicable), and financial reconciliation.

5.5 To Maintain Security, Prevent Fraud, and Enforce Policies

Including access control, audit logs, monitoring suspicious activity, investigating misuse, and enforcing Platform rules.

5.6 To Communicate With You

Including onboarding messages, service updates, appointment coordination, document expiry reminders, and support responses.

5.7 To Improve and Develop the Platform

Including analytics, troubleshooting, internal reporting, and product improvements.

5.8 Marketing (Where Permitted)

If you opt in (or where lawful), we may contact you with updates about Platform features, service categories, and offers. You can opt out at any time.

6. Legal Basis for Processing (High-Level)

Where required under applicable law, we rely on one or more of the following bases:

• Performance of a contract (to provide the Platform and coordinate requested services),
• Legitimate interests (e.g., security, fraud prevention, improving services),
• Compliance with legal obligations (e.g., recordkeeping, tax),
• Consent (e.g., optional marketing, certain identity flows, certain sensitive processing).

(Exact legal basis can vary depending on the service category and the data type involved.)

7. Sharing of Information (Who We Share With)

We share Personal Data only as needed, including:

7.1 Vendors (Third-Party Service Providers)

When you request a service, we may share relevant information and documents with the assigned Vendor so they can deliver the service. Vendors process such data under their own obligations and may be independent data controllers for their part of the processing.

7.2 Legal Services Provider (New Age Legal Consultancy FZE) and Other Legal Vendors

Where you request legal services, relevant information may be shared with the applicable licensed legal service provider(s) so they can deliver the requested service.

7.3 Payment Providers

We share necessary transaction information with payment processors to process payments securely.

7.4 Technology and Infrastructure Providers

Hosting, storage, email delivery, customer support tools, analytics, and security providers—only to the extent required to operate the Platform.

7.5 Government Authorities / Regulators (When Required)

Where services require submissions to authorities or where we are legally required to disclose information (e.g., lawful requests), we may share information as required by applicable law.

8. Cross-Border Transfers

Your data may be processed in the UAE and may, depending on our service providers or Vendor locations, be transferred to other countries. Where cross-border transfers occur, we take reasonable steps to ensure appropriate safeguards consistent with applicable law.

9. Data Retention

We retain Personal Data only for as long as necessary to:

• provide the Platform and services,
• comply with legal/tax/accounting obligations,
• resolve disputes and enforce agreements,
• maintain security/audit trails.

Retention periods may vary by service type, document type, and legal obligations. Where possible, we de-identify or securely delete data when it is no longer required.

10. Data Security

We maintain reasonable administrative, technical, and organisational safeguards designed to protect Personal Data. These may include access controls, role-based permissions, logging, encryption in transit and/or at rest (where applicable), and internal policies governing authorised access.

No system is perfectly secure; however, we work to prevent unauthorised access, loss, misuse, or disclosure.

11. Your Rights and Choices

Subject to applicable law, you may have rights to:

• request access to Personal Data we hold about you,
• request correction of inaccurate data,
• request deletion (where lawful and feasible),
• object to or restrict certain processing,
• withdraw consent (where processing is based on consent),
• opt out of marketing communications.

To submit a request, contact us using the details in Section 14.

12. Third-Party Sites and Vendor Processes

The Platform may link to third-party sites or involve Vendor-operated processes. This Privacy Policy does not control third-party privacy practices. We recommend reviewing the relevant Vendor's privacy notices where applicable.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on the Platform and update the "Last Updated" date. If changes are material, we may provide additional notice through the Platform or by email.

14. Contact Us