Privacy Policy

Account information: Name, email address, phone number, company name, and billing information when you register or subscribe.

Business data: Any data you input into the Service including employee records, financial transactions, inventory data, customer records, and HR information. This data belongs to you and is processed on your behalf.

Usage data: IP addresses, browser type, pages visited, features used, and timestamps when you interact with the Service.

Payment data: Payment card details are processed and stored by Stripe, our payment processor. We store only the last 4 digits and card brand for display purposes.

Communications: Emails and support messages you send to us.

• To provide, operate, and maintain the Service.
• To process payments and manage your Subscription.
• To send transactional emails (receipts, password resets, payslips).
• To send service notifications including trial expiry alerts and payment reminders.
• To provide customer support and respond to enquiries.
• To monitor and improve the performance and security of the Service.
• To comply with legal obligations under UAE law.

We do not sell your data to third parties. We do not use your business data for advertising purposes.

We share your information only in the following circumstances:

• Service providers: We use trusted third parties including AWS (cloud hosting, Bahrain region), Stripe (payment processing), and Resend (transactional email). These providers are contractually bound to protect your data.
• Legal requirements: We may disclose information where required by UAE law, court order, or government authority.
• Business transfer: In the event of a merger or acquisition, your data may be transferred to the acquiring entity with the same privacy protections.

All business data is stored in AWS Bahrain (me-south-1), within the GCC region. Data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher.

We implement technical and organisational security measures including access controls, audit logging, regular security reviews, and employee security training.

• Active account data is retained for the duration of your Subscription.
• Upon account cancellation, data is retained for 30 days to allow export, after which it is permanently deleted.
• Billing records are retained for 7 years as required by UAE accounting regulations.
• Audit logs are retained for 2 years.

If you use the HR & Payroll module, the Service processes personal data of your employees including names, passport numbers, visa details, salary information, and attendance records. As the employer and data controller, you are responsible for ensuring you have a lawful basis for collecting and processing this data.

AMANA acts as a data processor for employee data, processing it only on your documented instructions and in accordance with our Data Processing Agreement.

Under applicable UAE data protection principles, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data (subject to legal retention requirements).
• Export your data using the built-in export features of the Service.
• Object to processing of your data.

To exercise any of these rights, contact us at privacy@amanaerp.com. We will respond within 10 business days.

The Service uses essential cookies required for authentication and security only. We do not use advertising or tracking cookies. Session cookies are deleted when you log out.

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18.

We will notify you of material changes by email at least 14 days before they take effect. The current version is always available at amanaerp.com/legal/privacy.

• Email: privacy@amanaerp.com
• Address: AMANA Technologies LLC, Dubai, UAE