Last updated: 8 May 2026 · Compliant with UAE Federal Decree-Law No. 45 of 2021 (PDPL) and Central Bank of the UAE consumer-protection regulations.
آخر تحديث: ٨ مايو ٢٠٢٦ · متوافقة مع المرسوم بقانون اتحادي رقم ٤٥ لسنة ٢٠٢١ (PDPL) ولوائح حماية المستهلك الصادرة عن مصرف الإمارات المركزي. النص القانوني الكامل بالإنجليزية أدناه؛ ترجمته الرسمية متاحة عند الطلب من privacy@bezaty.com.
1. Who we are
Bezaty ("we", "us", "our") is a Sharia-compliant digital banking experience operated in the United Arab Emirates. The data controller is Bezaty. Contact: privacy@bezaty.com.
2. Data we collect
Identity: full name, Emirates ID number, phone number.
Financial: account number, IBAN, balance, transaction history.
Technical: device info, IP address, session timestamps for security.
Optional: business name (VIP plan), VAT records you create.
3. Why we process it (lawful basis)
Performance of contract — operating your account, executing transfers, charging the 2% commission and 5% VAT.
Legal obligation — UAE AML/CFT laws (Federal Decree-Law No. 20 of 2018), VAT compliance (Federal Decree-Law No. 8 of 2017), and Central Bank reporting.
Legitimate interests — fraud detection, service improvement, audit logging.
Consent — marketing communications (you may withdraw at any time).
4. Sharing
We do not sell personal data. We share it only with: regulators (Central Bank of the UAE, Federal Tax Authority), licensed payment processors, and service providers bound by confidentiality. Cross-border transfers comply with PDPL Article 22.
5. Retention
Account and transaction records are retained for at least 5 years after account closure as required by UAE AML law. Audit logs are retained for 2 years. Marketing data is deleted on opt-out.
6. Your rights under PDPL
You have the right to: access your data, correct it, request deletion (subject to legal retention), restrict or object to processing, request portability, and withdraw consent. Submit requests to privacy@bezaty.com — we respond within 30 days.
7. Security
Data is encrypted in transit (TLS 1.2+) and at rest. Row-level security restricts each account to its own records. Administrative access is logged in an immutable audit trail and limited to authorised personnel only.
8. Admin oversight
For fraud prevention and regulatory compliance, authorised Bezaty administrators may view account balances and transaction history. Every such access is logged with the administrator's identity, timestamp and target account, and is auditable on demand.
9. Children
Bezaty is for users aged 18+. Family/child sub-accounts (where offered) operate under the legal guardian's account and consent.
10. Complaints
If you believe we have mishandled your data, contact privacy@bezaty.com. You may also file a complaint with the UAE Data Office (https://u.ae/en/about-the-uae/data-office).
11. Changes
We may update this policy. Material changes will be notified in-app at least 14 days before they take effect.