Privacy Policy

1. Introduction

This Privacy Policy explains how Cloud Consulting LLC-FZ (“Company”, “we”, “our”, or “us”) collects, uses, processes, stores, and protects personal data when you access or use the DocFlow electronic invoicing platform (the “Platform”), including the DocFlow website (https://www.docflow.ae/), as well as any related web or mobile applications and services.


This Privacy Policy describes how personal data is processed in connection with the use of the Platform and the Services.


By signing up for, accessing, or using the Platform or the Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. By using the Services or registering for an account, you consent to the collection, use, disclosure, retention, transfer, and protection of your personal data as described in this Privacy Policy.


If you choose not to provide certain information required for the operation of the Platform, you may not be able to access or use certain features of the Services.


We respect your privacy and are committed to protecting your personal data. The Company does not sell, rent, or disclose personal data to third parties without your explicit consent.

2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • individuals who access or use the Platform as Authorized Users;

  • individuals whose personal data may be included in documents, records, or other information uploaded to or processed through the Platform by Clients, including contact details of representatives or employees;


This Privacy Policy applies only to services provided by the Company and does not apply to third-party websites or services that may be linked from the Platform.

3. Categories of Personal Data Collected

3.1 Account and Contact Information

When you access, register on, or use the Platform, we may collect certain categories of personal data, including account information and contact details, such as your name, email address, phone number, company name, job title or role, login credentials, and contact information.

This information is processed solely for the purpose of providing the Services.


3.2 Technical and Usage Information

We may automatically collect technical information relating to the use of the Platform, such as IP address, browser type and version, device identifiers, access timestamps and session activity, and system diagnostic information.

Technical and usage information may be collected automatically when users access or interact with the Platform.

4. Purposes of Processing and Data Retention

We retain your Personal data as long as it is necessary and relevant in accordance with provision of applicable data protection laws.

Personal data processed through the Platform may be retained for purposes including:


  • Providing and operating the Services, including enabling Authorized Users to access and use the Platform and facilitating the creation, processing, and management of electronic invoices and related transaction documentation.

  • Account management and authentication, including verifying user identity during account registration, login, and password reset processes.

  • Processing transactions and communications, including sending service-related communications such as invoices, notifications, confirmations, and administrative messages via email or other communication channels associated with the user’s account.

  • Clients support, including responding to inquiries, providing technical assistance, and resolving issues relating to the Platform or the Services.

  • Improving and developing the Services, including maintaining and enhancing the functionality, reliability, and performance of the Platform and developing new features.

  • Security and fraud prevention, including detecting, preventing, and addressing fraud, unauthorized access, misuse of the Platform, or other prohibited or unlawful activities.

  • Monitoring and internal operations, including troubleshooting software issues, performing data analysis, testing system functionality, and monitoring platform usage and activity trends.

  • Compliance with legal obligations, including complying with applicable laws, regulatory requirements, or lawful requests from authorities.

  • Service communications, including sending updates, service notifications, and other communications relating to the operation or administration of the Platform, where permitted under applicable law.


Where applicable, personal data may also be processed for location-based functionality or technical service features required for the proper operation of the Platform.


All personal data collected and processed through the Platform is handled in accordance with this Privacy Policy and applicable data protection laws.

5. Legal Basis for Processing

Personal data may be processed on one or more of the following legal bases:

  • performance of a contract or to take steps at your request to enter into a contract;

  • compliance with legal obligations;

  • legitimate interests in operating, securing, and improving the Platform;

  • based on your consent;


Processing is carried out in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and applicable regulations.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track the activity on our Platform and hold certain information.


Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Platform.


You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Platform.

7. Disclosure of Personal Data

We may disclose personal data where necessary in connection with the provision and operation of the Platform and the Services, including disclosure to trusted third-party service providers that support the operation of the Platform.

Such service providers may include providers of:

  • cloud infrastructure and hosting services

  • data storage and backup services

  • security monitoring services

  • analytics and diagnostic tools

  • technical support services.


These service providers may access personal data only to the extent necessary to perform services on our behalf and are subject to appropriate contractual, confidentiality, and data protection obligations.


We may also disclose personal data where necessary:

  • to comply with legal obligations or lawful requests from competent authorities;

  • to protect our rights, property, or legitimate interests;

  • to investigate suspected unlawful activity, fraud, or violations of applicable terms or policies;

  • to protect the safety of users, Clients, or the public.


We do not sell or rent personal data to third parties.

8. International Data Transfers

Personal data may be transferred to or stored in data centers located outside the United Arab Emirates where necessary for the operation of the Platform or the use of cloud infrastructure services.


Where such transfers occur, the Company takes reasonable steps to ensure that appropriate safeguards are implemented to protect personal data.

9. Data Security

We maintain the integrity and security of your Personal data. We use industry-standard protocols as well as  regulations to protect your Personal data and procedures inline with international standard security standards to ensure that the information provided by you is reasonably secure.


  1. We seek to store your Personal data in secure operating environments that are not accessible to the general public. We also ensure that the security measures are in place to protect against the loss, unauthorized access, misuse or alteration of your Personal data by our employees or third parties, however, no data transmission over the Internet or data storage environment can be guaranteed to be 100% secure, so we cannot give an absolute assurance that the information you provide to us will be secure at all times. If you believe your account has been abused, please contact us  info@docflow.ae


  2. We will not be held responsible for events arising from unauthorized access to your Personal data. We will rely on you to tell us if you experience any unusual events that may indicate a breach in your information security. We will then seek to investigate whether the security breach was related to the data transmissions from our Services and let you know what steps can be taken to rectify the problem. Further action, such as reporting incidents to the police or other relevant authorities, may also be required.

10. Data Subject Rights

Where applicable, these rights may include the right to:

  • Access your personal data – request confirmation as to whether we process your personal data and request a copy of the personal data we hold about you;

  • Correct your personal data – request that we correct or update personal data that is inaccurate, incomplete, or out of date;

  • Erase your personal data – request that we erase your personal data where it is no longer necessary for the purposes for which it was originally collected or processed, subject to applicable legal obligations;

  • Restrict processing – request that we temporarily or permanently restrict the processing of some or all of your personal data under certain circumstances;

  • Object to processing – object to the processing of your personal data where such processing is based on our legitimate interests or is carried out for direct marketing purposes;

  • Data portability – request to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and, where technically feasible, request that such data be transmitted to another organization;

  • Withdraw consent – withdraw your consent at any time where the processing of your personal data is based on your consent. Please note that we may continue to process your personal data where another lawful basis for processing applies.


To exercise any of these rights, please contact us at info@docflow.ae.


Before responding to your request, we may request additional information to verify your identity. Subject to applicable legal requirements, exceptions, or overriding obligations, we will make reasonable efforts to respond to your request within a reasonable time.

11. Compliance with UAE Digital and Data Protection Laws

We are committed to conducting our operations in compliance with the applicable digital, cybersecurity, and data protection laws of the United Arab Emirates.


In particular, we adhere to the requirements of applicable legislation governing electronic transactions, cybersecurity, and the protection of personal data, including:

  • applicable UAE laws governing electronic transactions and digital trust services, which recognise the legal validity of electronic records and digital signatures used in online transactions;

  • Federal Decree-Law No. 34 of 2021 on Combatting Rumours and Cybercrimes, which establishes protections against unlawful access to information systems, electronic fraud, and other cyber-related offences;

  • UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and its implementing regulations, which regulate the lawful collection, processing, storage, and transfer of personal data.


We implement appropriate technical and organizational measures designed to safeguard personal data and ensure that personal data is processed in accordance with applicable legal requirements.

12. Employee Access to data

We maintain strict controls over access to personal data processed through the Platform.


Access to such data is restricted to authorized personnel and, where necessary, to personnel of trusted service providers supporting the operation of the Services. Access is granted only where reasonably necessary for purposes such as:

  • providing and maintaining the Services

  • customer support and technical assistance

  • system administration and platform maintenance

  • maintaining system security and preventing unauthorized access

  • complying with applicable legal or regulatory obligations.


All personnel with potential access to personal data are subject to confidentiality obligations and are granted access only to the extent necessary to perform their duties.

13. Third-Party Links

The Platform may contain links to third-party websites. The Company is not responsible for the privacy practices or content of such websites and encourages users to review their privacy policies.

14. Children’s Privacy

The Platform is intended for business use and is not directed to individuals under the age of 18. The Company does not knowingly collect personal data from children.

15. Changes to this Privacy Policy

The Company may update this Privacy Policy from time to time.


Updated versions will be published on this page and will become effective upon publication.


Users are encouraged to review this Privacy Policy periodically.

16. Contact Information

If you have any questions regarding this Privacy Policy or the processing of personal data, please contact:  info@docflow.ae

Where Anyone can be an Accountant.

We Make E-Invoicing Easy.

Menu

How It Works

Features

Pricing

Contact

Legal

Terms & Conditions

Privacy Policy

© 2026 by DocFlow. All rights reserved.