Privacy Policy
Last Updated: October 13, 2025
Table of Contents
1. Information We Collect
1.1 Information You Provide
We collect information that you directly provide to us when you:
| Category | Examples of Data Collected |
|---|---|
| Account Registration | Name, email address, phone number, password, company name, job title, employee ID |
| Company Information | Company name, TRN, trade license, business type, industry, address, contact details |
| Financial Data | Transaction records, invoices, receipts, tax calculations, payment information |
| Documents | Tax certificates, financial statements, supporting documents, attachments |
| Communications | Support requests, feedback, emails, chat messages |
1.2 Automatically Collected Information
When you use our Service, we automatically collect:
- Device Information: IP address, browser type, device type, operating system
- Usage Data: Pages visited, features used, time spent, click patterns
- Location Data: General geographic location based on IP address
- Log Data: Access times, error logs, performance data
1.3 Information from Third Parties
We may receive information from:
- Payment processors for billing and subscription management
- Analytics providers for service improvement
- Identity verification services for account security
2. How We Use Your Information
We use your information for the following purposes:
2.1 Service Provision
- Create and manage your account
- Process and store your financial data
- Perform tax calculations and generate reports
- Provide document management and storage
- Enable collaboration features
- Process payments and manage subscriptions
2.2 Service Improvement
- Analyze usage patterns and trends
- Develop new features and functionality
- Improve user experience and interface
- Fix bugs and technical issues
- Conduct research and testing
2.3 Communication
- Send service-related notifications and updates
- Respond to support requests and inquiries
- Provide compliance alerts and reminders
- Send administrative messages
- Send marketing communications (with your consent)
2.4 Security and Compliance
- Detect and prevent fraud and abuse
- Protect against security threats
- Comply with legal obligations
- Enforce our Terms of Service
- Maintain audit trails for compliance
Data Minimization
We only collect and process data that is necessary for the purposes described in this policy. We do not sell your personal information to third parties.
3. Data Sharing and Disclosure
3.1 When We Share Your Information
We may share your information in the following circumstances:
- Service Providers: Third-party vendors who assist in providing our services (hosting, payment processing, analytics)
- Business Transfers: In connection with mergers, acquisitions, or asset sales
- Legal Requirements: When required by law, court order, or legal process
- Protection of Rights: To protect our rights, property, or safety, or that of others
- With Your Consent: When you explicitly authorize us to share your information
3.2 We Do NOT Share
- We do not sell your personal information
- We do not share your data for third-party marketing
- We do not provide your data to advertisers
3.3 Data Processors
Our service providers are contractually bound to:
- Process data only according to our instructions
- Maintain appropriate security measures
- Delete or return data when services end
- Comply with applicable data protection laws
4. Data Security
We implement comprehensive security measures to protect your data:
4.1 Technical Safeguards
- Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
- Access Controls: Role-based access control with multi-factor authentication
- Secure Infrastructure: Hosting in secure, certified data centers in the UAE
- Network Security: Firewalls, intrusion detection, and prevention systems
- Regular Backups: Automated daily backups with encryption
4.2 Organizational Safeguards
- Employee training on data protection and security
- Strict access policies and need-to-know basis
- Regular security audits and assessments
- Incident response and breach notification procedures
- Confidentiality agreements with all staff
4.3 Application Security
- Regular security testing and vulnerability assessments
- Secure coding practices and code reviews
- Protection against common vulnerabilities (SQL injection, XSS, CSRF)
- Regular software updates and security patches
Your Responsibility
While we implement strong security measures, you are responsible for maintaining the security of your account credentials. Use strong passwords, enable two-factor authentication, and never share your login information.
5. Data Retention
5.1 Retention Periods
We retain your information for as long as necessary to:
- Provide our services while your account is active
- Comply with legal and regulatory requirements (minimum 5 years for financial records in UAE)
- Resolve disputes and enforce agreements
- Maintain audit trails for compliance purposes
5.2 Data Deletion
After your account is terminated:
- We retain data for 90 days to allow for account recovery
- After 90 days, we permanently delete personal information
- Some data may be retained longer as required by UAE law
- Anonymous, aggregated data may be retained indefinitely
5.3 Backup Retention
Data in backups is retained for up to 90 days and then permanently deleted according to our backup rotation schedule.
6. Your Rights and Choices
You have the following rights regarding your personal information:
6.1 Access and Portability
- Access: Request a copy of your personal data
- Download: Export your data in a machine-readable format
- Portability: Transfer your data to another service provider
6.2 Correction and Update
- Update your account information at any time
- Correct inaccurate or incomplete data
- Request corrections through your account settings
6.3 Deletion
- Request deletion of your account and data
- Delete specific documents or records
- Note: Some data may be retained as required by law
6.4 Communication Preferences
- Opt-out of marketing emails (unsubscribe link in emails)
- Manage notification preferences in account settings
- Note: You cannot opt-out of service-related communications
6.5 How to Exercise Your Rights
To exercise any of these rights:
- Use the self-service options in your account settings
- Contact our support team at privacy@taxesfort.com
- We will respond to your request within 30 days
7. Cookies and Tracking Technologies
7.1 What Are Cookies?
Cookies are small text files stored on your device that help us provide and improve our services.
7.2 Types of Cookies We Use
| Cookie Type | Purpose |
|---|---|
| Essential Cookies | Required for basic functionality (login, security, session management) |
| Performance Cookies | Collect anonymous usage data to improve service performance |
| Functional Cookies | Remember your preferences and settings |
| Analytics Cookies | Help us understand how users interact with our service |
7.3 Managing Cookies
You can control cookies through:
- Your browser settings (most browsers allow you to block or delete cookies)
- Our cookie preferences tool (if available)
- Note: Disabling essential cookies may affect service functionality
7.4 Other Tracking Technologies
We may also use:
- Web beacons and pixels for email tracking
- Local storage for application functionality
- Analytics tools to understand usage patterns
8. Third-Party Services
8.1 Service Providers
We use trusted third-party service providers for:
- Cloud Hosting: Secure data storage and infrastructure
- Payment Processing: Secure payment and subscription management
- Email Services: Transactional and marketing emails
- Analytics: Usage analysis and service improvement
- Customer Support: Support ticket management
8.2 Third-Party Links
Our Service may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to review their privacy policies.
8.3 API Integrations
If you connect third-party services to your TaxesFort account:
- Review the third party's privacy policy
- Understand what data will be shared
- You can revoke integration permissions at any time
9. International Data Transfers
9.1 Data Location
Your data is primarily stored and processed in data centers located in the United Arab Emirates.
9.2 Cross-Border Transfers
In some cases, we may transfer data to service providers in other countries. When we do:
- We ensure appropriate safeguards are in place
- We use standard contractual clauses
- We comply with UAE data protection requirements
- We ensure adequate protection for your data
10. Children's Privacy
Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children.
If you believe we have collected information from a child under 18, please contact us immediately at privacy@taxesfort.com and we will delete such information.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make changes:
- We will post the updated policy on this page
- We will update the "Last Updated" date
- We will notify you by email for material changes
- We may display a notice in the Service
We encourage you to review this Privacy Policy periodically. Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Privacy & Data Protection
Email: privacy@taxesfort.com
Data Protection Officer: dpo@taxesfort.com
Phone: +971 55 234 3040
Address: United Arab Emirates
Response Time: We aim to respond to all inquiries within 5 business days
Effective Date: This Privacy Policy is effective as of October 13, 2025.
Compliance: This Privacy Policy is designed to comply with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and other applicable data protection regulations.