- Osome UEA
- Privacy Policy
Osome UAE — Privacy & Cookie Policy
Effective date: 26 September 2025
Your privacy matters to us. This Policy explains what personal data we collect, how we use it, the choices and rights you have under UAE law, and how to contact us.
At a glance: The Privacy Policy is explicitly designed to operate in line with the UAE Personal Data Protection Law (PDPL), which applies to on-shore UAE entities and organizations processing UAE residents' data. It demonstrates a strong commitment to transparency, lawful processing, data accuracy and security controls, all core tenets of the PDPL.
1.Who we are
“Osome UAE”, “we”, “our”, or “us” refers to the Osome part of this entity operating in the United Arab Emirates. Our registered company details for the UAE appear on your invoice / Service Contract and on our website footer. For any privacy related questions or concerns, you can contact us at: dpo@osome.com.
Electronic consents, notices and agreements with Osome are legally valid under the UAE Electronic Transactions and Trust Services Law (ETTS).
2.Scope of this Policy
This Policy applies to:
- visitors to osome.com and users of our mobile app;
- customers and their authorized users;
- individuals who contact us (e.g., support, sales, events).
If you are located in a UAE financial free zone (e.g., DIFC or ADGM), we will apply this Policy plus any mandatory free-zone requirements, as those zones have their own data protection regimes.
3.Personal data we collect
We collect only what we need for the purposes below:
- Identity & contact: name, email, phone, address, nationality, ID/passport details (for KYC).
- Business profile: company details, role, shareholder/director data provided to us by you.
- Account & usage: account IDs, logs, device/app info, interactions with features and support.
- Billing & payments: billing contacts, invoicing details, limited payment metadata from our payment processor (we don’t store full card data).
- Connected integrations (optional): when you connect bank feeds, commerce and SaaS platforms, we retrieve the data you authorize (e.g., transactions, payout files, order lists) to deliver bookkeeping and related services.
- Communications & marketing: preferences, feedback, survey responses, content you share with us.
PDPL expects controllers to explain what data they process, why, who it’s shared with (in/outside the UAE) and transfer protections which is done through this Policy and in-product notices.
4.Why we use your data (purposes)
- Provide and improve services (bookkeeping, accounting, incorporation/secretarial support - if available, account administration, troubleshooting, analytics).
- Contract & billing (orders, renewals, payments, VAT invoices).
- Compliance (KYC/AML checks; record-keeping).
- Security (fraud prevention, incident response, service integrity).
- Communications (service notices, product updates, training guides).
- Marketing (only with appropriate consent/opt-out; see §10).
- Legal (enforce terms, handle claims, comply with lawful requests).
PDPL requires fair, transparent, lawful processing, purpose limitation, data minimization, accuracy, and security controls.
5.Our legal bases (PDPL)
We process personal data only when we have a lawful basis, such as:
- Consent (e.g., connecting an integration; receiving marketing).
- Contract (to deliver services you ordered).
- Legal obligation (tax, accounting, AML/KYC).
- Public interest/ judicial procedures where applicable.
- Legitimate interests balanced with your rights (e.g., service security, service improvement).
The PDPL recognizes processing on consent and other specified bases; it also requires transparency about cross-border sharing and safeguards.
6.Special categories & children
We do not intentionally collect children’s data or offer services to individuals under 18. If you believe a minor provided data, contact us to request deletion.
Some sectoral rules (e.g., health, banking) impose additional restrictions; where we incidentally handle such data (e.g., receipts), we apply heightened care and comply with relevant UAE rules.
7.Cookies & similar technologies
We use cookies/SDKs to operate our site/app, remember settings, improve features and—where permitted—measure performance and personalize content. You can control cookies via your browser/app settings; disabling some may affect functionality.
(UAE Consumer Protection rules prohibit misuse of consumer data for unsolicited marketing.)
8.Integrations & third-party sources
If you choose to connect an integration (bank, marketplace, payment gateway, SaaS), you authorize us and/or our integrator to securely retrieve the data needed to provide the service and display it back to you. You can disconnect integrations at any time in the product.
We also receive data from payment processors (e.g., status/metadata), analytics providers and communication tools, each acting under a contract as our processor or independent controller.
PDPL requires appropriate contracts with processors and transparency about sharing and transfers.
9.Who we share data with
- Service providers / processors (cloud hosting, integrations, customer support, analytics, payment processing) under confidentiality and data-protection terms.
- Professional advisors (auditors, legal counsel).
- Authorities where required by law.
- Corporate transactions (merger, acquisition) with protections.
We do not sell personal data. PDPL requires controllers to keep data secure and disclose sharing/transfer protections.
10.Marketing choices
We’ll send product news or offers only with your consent or where otherwise lawful; you can opt out anytime via email footer or in-app settings. We’ll continue sending service/transactional messages (e.g., invoices, security alerts).
UAE consumer rules prohibit using consumer data for marketing without compliance safeguards.
11.International data transfers
We may transfer personal data outside the UAE (e.g., to group entities or processors) with one of these safeguards:
- transfer to a jurisdiction the UAE Data Office deems to provide adequate protection;
- contractual safeguards (e.g., data transfer clauses), plus technical/organizational controls;
- explicit consent or other PDPL-recognized derogations where appropriate.
PDPL restricts cross-border transfers and anticipates adequacy lists and other mechanisms; sector rules (e.g., health) may impose extra limits.
12.Security
We use industry-standard technical and organizational measures (encryption in transit, access controls, monitoring, backups, secure development and vendor reviews) to protect personal data against unauthorized access, use, or disclosure.
The PDPL requires controllers and processors to keep personal data secure and to notify the UAE Data Office—and, where applicable, affected individuals—as soon as practicable and in accordance with legal requirements if a personal data breach occurs that may affect the privacy, confidentiality, or security of personal data.
13.Data retention
We retain personal data for the duration necessary to fulfill the purposes for which it was collected. This retention period is determined by:
Active Service Provision: Keeping data required to deliver our Services.
Mandatory Legal Compliance: Keeping data required to comply with law (which is based on the lawful basis of Legal Obligation), such as mandatory tax, accounting, and AML/KYC record-keeping obligations.
Following the expiry of the active service duration and mandatory legal retention periods:
We cease processing the personal data for the original purpose of service delivery. We transfer this data to a secured and restricted archival status. This continued retention is based for purposes such as historical record-keeping, defense against legal claims and to facilitate efficient account reactivation should a customer choose to return to Osome.
14.Your rights under UAE PDPL
Subject to limits in the law, you can:
- Access your personal data and key information about processing;
- Correct inaccurate data;
- Delete data in specified circumstances;
- Restrict/stop certain processing;
- Object to processing (including automated decisions/profiling) where applicable;
- Port your data where technically feasible;
- Withdraw consent at any time (this won’t affect prior lawful processing).
We’ll respond within one month by default (extendable in complex cases as allowed).
15.Exercising your rights
To make a request, email compliance@osome.com from the address linked to your account and describe your request. We may verify identity before acting on requests. If we act as a processor for a customer, we’ll direct you to that customer (the controller).
16.Complaints
If you believe we have not handled your data properly, please contact us first— we want to help you. You may also have the right to complain to the competent UAE authority designated under the PDPL. (As of recent guidance, the PDPL regulator and adequacy mechanisms are expected/continuing to evolve.)
17.Changes to this Policy
We may update this Policy to reflect changes in law or our practices. We’ll post updates here and, where appropriate, notify you via email or in-product. Continued use after the effective date means you accept the updated Policy.
18.Contact us
Email: dpo@osome.com
In-app: Login to https://my.osome.com/→ Chats → Start conversation
We’re using cookies! What does it mean?