Legal

Privacy Policy

Last updated 4 June 2026

This Policy explains how Floree FZ-LLC collects, uses, and protects personal data, in line with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and its implementing regulations. It covers data we handle as a controller (our own account, billing, and marketing data). For personal data of your customers that you process through Floree, you are the controller and Floree is your processor under the signed Data Processing Addendum (DPA).

1. Who we are

Floree FZ-LLC, Dubai, United Arab Emirates, is the controller of the personal data described in this Policy. Contact our data protection point: privacy@floree.ai.

2. Data we collect

  • Account data: name, business name, email, phone, role, login credentials.
  • Billing data: plan, invoices, payment-method metadata (card details are handled by Stripe, not stored by us).
  • Usage data: log data, device/browser info, IP address, feature usage and analytics.
  • Support & marketing data: messages you send us and your communication preferences.
  • Tenant customer data: processed on your behalf as your processor — governed by the DPA, not this Policy.

3. How and why we use it (lawful basis)

  • To provide and secure the Service — performance of our contract with you.
  • To bill and prevent fraud — contract and legitimate interests.
  • To improve the Service and support you — legitimate interests.
  • To send service and, where permitted, marketing messages — consent and/or legitimate interests; you can opt out at any time.
  • To meet legal obligations (e.g. tax, accounting) — legal obligation.

4. Sub-processors & sharing

  • Supabase (database & auth hosting) — EU region (Frankfurt).
  • Vercel (application hosting & delivery).
  • Stripe (payment processing).
  • OpenAI (AI features). We do not send tenant customers’ personal data to OpenAI as part of standard AI generation; prompts are limited to the minimum needed.

We do not sell personal data. We share data with sub-processors only to run the Service, under contractual confidentiality and security obligations, and with authorities where legally required.

5. International transfers

Data is primarily hosted in the EU (Frankfurt). Where personal data is transferred outside the UAE, we rely on an appropriate transfer mechanism (adequacy, standard contractual clauses, or your consent) consistent with the PDPL transfer regime.

6. Retention

We keep account data for the life of your subscription plus 30 days for export, then delete or anonymise it — except where law requires longer retention (e.g. VAT records for 5 years).

7. Your rights

Subject to the PDPL, you may request access, correction, deletion, restriction, portability, or object to certain processing, and withdraw consent. Email privacy@floree.ai; we respond within the period the law requires. You may also complain to the UAE Data Office.

8. Security

We use encryption in transit and at rest, row-level tenant isolation, access controls, and audit logging. No system is perfectly secure, but we work to protect your data and will notify you of a qualifying breach as required by law.

9. Changes

We will post updates here and, for material changes, notify you.

These policies are provided for transparency and are under final legal review. They do not constitute legal advice. Paying tenants’ signed MSA and DPA govern where applicable. For questions contact legal@floree.ai.

Privacy Policy — Floree · Floree