Privacy Policy

1. Who we are

ZFM SOLUTIONS - FZCO ("ZFM", "we", "us", "our") is a Free Zone Company incorporated under the laws of the United Arab Emirates, with its registered office at IFZA Business Park, DDP, Premises Number 44754-001, Dubai Silicon Oasis, Dubai, United Arab Emirates. We act as the data controller for personal information described in this Policy. You can reach our data protection contact at privacy@zfm.solutions.

2. Scope of this Policy

This Policy applies to personal information we collect through our website at zfm.solutions, our platform and dashboards, and customer support channels. It does not apply to third-party services accessed through our platform; those are governed by the respective third party's privacy policies.

3. What information we collect

3.1 Information you give us

• Account information (name, email address, password, company name, role)
• Billing information (billing address, tax identification, payment method details processed by our payment processors)
• Identity verification information collected during AML / KYC onboarding
• Communication and support messages

3.2 Information collected automatically

• Device and browser information (type, version, language, screen size)
• IP address and approximate geographic location
• Usage data including pages visited, features used, performance metrics
• Cookies and similar technologies (see our Cookie Notice)

3.3 Information from third parties

• OAuth credentials when you connect third-party services to the platform
• Data from payment processors and AML/KYC providers
• Communications metadata when you integrate communication tools

4. How we use your information

• To operate the service. Account creation, authentication, workflow execution, billing.
• To support customers. Responding to enquiries, troubleshooting, account management.
• To improve the platform. Aggregate usage analytics, feature development, performance optimisation.
• To communicate. Service notifications, security alerts, product updates (where permitted).
• To comply with legal obligations. Including tax, AML / KYC, accounting and audit requirements.
• To protect rights and safety. Fraud prevention, security incident response, enforcement of our Terms.

5. Legal bases for processing

Where the EU GDPR, UK GDPR, or UAE Personal Data Protection Law applies, we rely on the following legal bases:

• Contract. To provide the service to you and to perform our obligations under our Terms.
• Legitimate interests. To operate, secure and improve our platform, balanced against your rights.
• Consent. For optional analytics, marketing communications, and non-essential cookies — withdrawable at any time.
• Legal obligation. To comply with applicable laws and regulations.

6. Who we share information with

We do not sell personal information. We share it only with:

• Subprocessors. Cloud hosting providers (AWS), payment processors (including Stripe and Payoneer), email infrastructure providers, and customer support tools — all bound by written data processing agreements.
• Integration partners. Only when you explicitly authorise a connection, and only the data necessary to perform the integration.
• Authorities. When required by law, court order or to enforce our Terms.
• Successors. In the event of a merger, acquisition or asset sale, subject to equivalent protection.

7. International transfers

We transfer personal data internationally for operational purposes. Where personal data is transferred out of the EEA, UK or other regulated jurisdictions, we rely on Standard Contractual Clauses, adequacy decisions, or other lawful mechanisms.

8. Data retention

We retain personal information for as long as necessary to provide the service and comply with legal obligations:

• Account data: for the duration of your account, plus 30 days after closure
• Billing and tax records: 7 years (in line with UAE statutory requirements)
• AML / KYC records: 5 years from the end of the customer relationship
• Aggregate analytics: up to 26 months in identifiable form, indefinitely once anonymised

9. Your rights

Subject to applicable law, you have the right to:

• Access the personal information we hold about you
• Correct inaccurate information
• Request deletion (subject to legal retention obligations)
• Object to or restrict certain processing
• Receive your data in a portable format
• Withdraw consent at any time
• Lodge a complaint with your local data protection authority

To exercise these rights, email privacy@zfm.solutions. We respond within 30 days.

10. Security

We implement appropriate technical and organisational measures including encryption in transit (TLS 1.3) and at rest (AES-256), least-privilege access controls, regular security review and incident response procedures. No system is impenetrable; we will notify you and the relevant authority of any personal data breach affecting you, as required by applicable law.

11. Children

Our service is intended for businesses. We do not knowingly collect information from individuals under the age of 16.

12. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated via email to account holders. The "Last updated" date at the top reflects the most recent revision.

13. Contact