Location icon

Bayswater Tower, Business Bay, Dubai

Phone icon

+971 4 5768705

DocuBay Logo

Services

Dropdown arrow
License Icon

License & Compliance Management

Arrow Right
HR Icon

Workforce & Employment

Arrow Right
Permits Icon

Permits & Approvals

Arrow Right
Insurance Icon

Insurance & Risk Management

Arrow Right
Legal Icon

Legal Services

Arrow Right
Tax Icon

Audit, Tax & Accounting

Arrow Right
Company Icon

Company Formation

Arrow Right
← Back to Legal

Security

Last Updated: 03 May 2026

DocuBay is trusted by businesses across the UAE to manage licences, compliance workflows, identity documents, and corporate services. Protecting the data our customers entrust to us is fundamental to everything we build.

Infrastructure

  • Hosted on Amazon Web Services (AWS) in the Middle East (Bahrain) region
  • Data encrypted at rest (AES-256) and in transit (TLS 1.2+)
  • Database backups with automated daily snapshots and multi-AZ redundancy
  • File storage on S3 with versioning enabled
  • Infrastructure monitoring via CloudWatch, Route53 health checks, and Sentry error tracking

Authentication & Access Control

  • Secure, HttpOnly cookie-based authentication
  • Two-factor authentication (TOTP) available for all accounts
  • Role-based access control (RBAC) with granular permissions
  • Session management with configurable idle timeout
  • Account lockout after repeated failed login attempts
  • Security event logging for all authentication actions

Application Security

  • Development practices aligned with OWASP Top 10 and SANS 25
  • Regular penetration testing by independent security firms
  • Automated dependency vulnerability scanning
  • Security event logging and real-time monitoring
  • Documented incident response procedures with defined roles and escalation paths

Data Protection

  • Privacy practices aligned with the UAE Personal Data Protection Law (PDPL)
  • Privacy Policy with defined data retention schedules and data subject rights procedures
  • Data Processing Addendum (DPA) available for enterprise customers
  • Documented data retention and deletion procedures
  • Employee and contractor data access limited to authorised personnel on a need-to-know basis
  • Cross-border transfer safeguards including standard contractual clauses where applicable

Payment Security

All payment card processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. DocuBay does not store, process, or transmit cardholder data. Card details are entered directly into Stripe's secure payment forms and never pass through DocuBay servers.

Compliance

StandardStatus
UAE PDPLAligned
SOC 2 Type IIn Progress
ISO 27001Planned
PCI DSSCard processing delegated to Stripe (Level 1 certified)

Business Continuity

  • Multi-AZ database deployment for high availability
  • Automated daily backups with point-in-time recovery
  • Documented incident response runbook with on-call rotation
  • Infrastructure-as-code for rapid environment recovery

Reporting Vulnerabilities

If you discover a security vulnerability, please report it to security@docubay.ae. We appreciate responsible disclosure and will work with you to understand and address the issue promptly.

Enterprise Security Documentation

For enterprise procurement, vendor onboarding, or security reviews, the following documents are available from our legal page:

  • Security and Data Handling Overview
  • Subprocessors List
  • Data Processing Addendum (DPA)

For additional questions, contact security@docubay.ae.