Privacy Policy

This Privacy Policy explains how legal entity name ("we", "us", the "Provider") collects, uses, and protects personal data in connection with the "asas one" property-management platform at asasone.com. We process personal data in line with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "PDPL") and, where applicable, the EU General Data Protection Regulation ("GDPR") as a baseline standard. This Policy takes effect on effective date.

1. Data Controller

The data controller responsible for your personal data is legal entity name, registered in jurisdiction emirate, United Arab Emirates, with registered address at registered address.

For privacy matters and data-protection requests you may contact our data protection contact, dpo name, at support@asasone.com.

2. Categories of Personal Data We Collect

We collect: (a) account and identity data (such as name, organisation, role, and login credentials); (b) contact data (such as email address and phone number); (c) usage and technical data (such as IP address, device and browser information, log data, and pages accessed); and (d) customer-uploaded records, which may include tenant and property records and related personal data that you, as our customer, input into the Service.

Where you upload records containing the personal data of third parties (such as tenants), you act as the controller of that data and we act as your processor, processing it only on your instructions.

3. Purposes of Processing

We process personal data to: create and administer your account; provide, maintain, and secure the Service; respond to support requests; send transactional emails (such as verification and password-reset messages); operate billing where it becomes available; detect and prevent fraud, abuse, and security incidents; and comply with our legal obligations.

4. Legal Bases for Processing

Consistent with the PDPL and, where applicable, Article 6 of the GDPR, we rely on the following lawful bases: (a) performance of a contract, to provide the Service you have requested; (b) our legitimate interests, to secure, improve, and operate the Service in a balanced manner; (c) compliance with a legal obligation; and (d) your consent, where specifically requested. Where processing relies on consent, you may withdraw that consent at any time.

5. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, for the duration of your account, and thereafter as required to comply with legal, accounting, or reporting obligations.

Customer-uploaded records are retained for the life of your account and deleted or returned following termination, subject to our routine backup cycles, after which residual copies are purged within a reasonable period.

6. Data Subject Rights

Subject to applicable law, you have the right to access your personal data, to rectify inaccurate data, to request erasure, to receive your data in a portable machine-readable format, to object to certain processing, and to request restriction of processing.

To exercise any of these rights, contact us at support@asasone.com. We will respond within the timeframes required by applicable law. Where you are a tenant or third party whose data was uploaded by one of our customers, please direct your request to that customer (the controller), and we will support them as their processor.

7. Processors and Sub-Processors

We use a limited set of trusted service providers to operate the Service: (a) Amazon Web Services (AWS) Simple Email Service (SES) in the eu-central-1 (Frankfurt) region, for sending transactional email; (b) a self-hosted Mailcow mail server running on the Provider's own infrastructure, for mailbox and email handling; and (c) Stripe, for payment processing — this applies only in the future, once billing goes live, and is not active during the current early phase.

Each processor is engaged under terms requiring them to process personal data only on our instructions and to apply appropriate security measures.

8. Cross-Border Data Transfers

Some personal data may be processed outside the United Arab Emirates — specifically in the European Union (Frankfurt, eu-central-1) when transactional email is sent through AWS SES. This constitutes a UAE-to-EU transfer.

Where personal data is transferred across borders, we put appropriate safeguards in place consistent with the PDPL and GDPR, including contractual data-protection commitments (such as standard contractual clauses) with our processors. Note that some processors (for example, AWS) are headquartered outside the UAE and the EU, even when the data itself is stored within the EU.

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration, including access controls, encryption in transit, and infrastructure hardening. No method of transmission or storage is fully secure, and we cannot guarantee absolute security.

10. Children's Data

The Service is a business-to-business product not directed at children, and we do not knowingly collect personal data from individuals under the age of 18.

11. How to Exercise Your Rights and Lodge a Complaint

To exercise your rights or raise a privacy concern, contact our data protection contact dpo name at support@asasone.com. We aim to resolve concerns directly.

You also have the right to lodge a complaint with the competent supervisory authority — in the United Arab Emirates, the uae data office name, and, where applicable, the relevant supervisory authority in your jurisdiction.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Where changes are material, we will provide reasonable notice through the Service or by email. The "effective" date above indicates when the current version took effect.