SpendX L.L.C-FZ PRIVACY POLICY
1. INTRODUCTION
1.1
SPEND-X L.L.C-FZ ("Spend-X", "we", "us", "our"), a limited liability company registered under UAE laws at Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E., operates www.spend-x.com ("Website") and cryptocurrency payment card Services ("Services").
1.2
This Privacy Policy describes how we collect, use, disclose, and protect personal data when you access our Website or Services. By using our Services, you consent to these practices and represent authority over personal data of any individual provided to us.
1.3
This Privacy Policy is compliant with UAE Federal Decree-Law No. 45/2021 on Personal Data Protection (PDPL), GDPR (EU residents), CCPA/CPRA (California residents), and Central Bank of UAE (CBUAE)/Securities and Commodities Authority (SCA) regulations. Updates posted on Website or emailed; continued use of Services constitutes acceptance of modified Privacy Policy.
2. PERSONAL DATA WE COLLECT
2.1 Personal Identification Data
- Full legal name, date of birth, nationality
- Residential address, email address, mobile phone number
- Passport/National ID number and copy
- Selfie and video verification for KYC purposes
2.2 Financial and KYC Data
- Source of funds documentation (bank statements, employment verification)
- Cryptocurrency wallet addresses
- Card transaction history and top-up amounts
2.3 Technical Data
- IP address, browser type/version, operating system
- Device identifiers, cookies, server logs
- Website usage analytics and interaction data
2.4 Transaction Data
- Payment and top-up details
- Merchant information
- Spending patterns and timestamps
2.5 Communication Data
- Support tickets, emails, and in-app chat messages
3. HOW WE COLLECT DATA
3.1 Direct Collection Methods
- Account registration and application forms
- KYC/AML verification process
- Transaction processing and card usage
- Customer support interactions
3.2 Automatic Collection
- Cookies and tracking technologies
- Server logs and analytics tools
3.3 Third-Party Sources
- Payment processors (Visa, Mastercard)
- KYC providers (Sumsub, Onfido)
- Fraud detection services
- Sanctions screening providers
4. COOKIES AND TRACKING TECHNOLOGIES
4.1 Cookie Types Used
- Essential Cookies: Required for Website functionality
- Analytics Cookies: Usage statistics (Google Analytics) - anonymized
- Marketing Cookies: Personalized advertising - opt-out available
4.2 Cookie Management
- Consent banner displayed on first visit
- User can control via browser settings
- Preferences page available for opt-out
- Do Not Track (DNT) signals supported
9. DATA RETENTION PERIODS
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| KYC Documents | 5 years after account closure | CBUAE requirement |
| Transaction Records | 10 years | AML/anti-terrorism financing laws |
| Support Tickets | 3 years after resolution | Business necessity |
| Analytics Data | 26 months | Anonymization protocols |
| Marketing Communications | Until consent withdrawal | User preference |
Data is deleted or anonymized at end of retention periods unless legally required to maintain.
YOUR DATA RIGHTS AND CHOICES
10.1 Data Subject Rights (UAE PDPL/GDPR):
- Right to Access: Obtain copy of your personal data
- Right to Rectification: Correct inaccurate information
- Right to Erasure: Request deletion ("right to be forgotten")
- Right to Restrict Processing: Limit how data is used
- Right to Data Portability: Receive data in structured format
- Right to Object: Oppose certain processing activities
- Right to Withdraw Consent: At any time, for consent-based processing
10.2 CCPA/CPRA Rights (California Residents):
- Right to Know: Disclosure of categories and specific personal information
- Right to Delete: Request deletion of collected data
- Right to Correct: Correct inaccurate information
- Right to Opt-Out: No sale or sharing of personal information
- Right to Non-Discrimination: Same service and pricing regardless of exercise of rights
How to Exercise Your Rights:
Email: privacy@spend-x.com
Subject Line: "DATA SUBJECT RIGHTS REQUEST"
Required: Full name, email, account details
Response Time: 30 days (may extend 60 days if complex)
Identity Verification: Required to process request
10.3 How to Exercise Your Rights:
Email: privacy@spend-x.com
Subject Line: "DATA SUBJECT RIGHTS REQUEST"
Required: Full name, email, account details
Response Time: 30 days (may extend 60 days if complex)
Identity Verification: Required to process request
10.4 Marketing Preferences:
11. CHILDREN'S PRIVACY AND MINORS
11.1 Our Services are intended for individuals 18 years of age or older only. We do not knowingly collect personal data from children or minors under 18.
11.2 If we learn that we have collected data from a minor, we will delete such information promptly and notify the parent/guardian.
11.3 Parents or guardians concerned about data collection should contact privacy@spend-x.com immediately.
12. THIRD-PARTY LINKS AND SERVICES
Our Website may contain links to third-party websites and services. We do not control, endorse, or have responsibility for the content, privacy practices, or security of external sites. We recommend reviewing third-party privacy policies separately before providing your information.
13. CHANGES TO THIS PRIVACY POLICY
13.1 Material Changes:
- 30 days advance notice via email and Website banner
- Material changes affect your rights or data use fundamentally
13.2 Minor Updates:
- Posted directly on Website
- Continued use of Services constitutes acceptance
13.3 Effective Date:
Changes become effective on the date specified in the update notice.
14. CONTACT INFORMATION
Spend-X Privacy Team
SPEND-X L.L.C-FZ
Meydan Grandstand, 6th floor
Meydan Road, Nad Al Sheba
Dubai, U.A.E.
Privacy Officer: privacy@spend-x.com
Customer Support: support@spend-x.com
15. UAE DATA PROTECTION COMPLIANCE
15.1 Spend-X is registered with the UAE Data Protection Authority and complies fully with Federal Decree-Law No. 45/2021.
15.3 Annual compliance audits conducted by independent third parties.
15.4 All data processing documented in our Data Processing Register per PDPL requirements.
Document Version: 1.1
Last Updated: December 9, 2025
Effective Date: December 9, 2025
Status: Production Ready
KEY COMPLIANCE FEATURES
UAE PDPL (Federal Decree-Law No. 45/2021):
- 5-year KYC retention after closure
- Data Protection Officer designated
- Annual audits required
GDPR (EU residents):
- Legal bases clearly stated
- Data subject rights documented
- International transfer safeguards
- 72-hour incident notification
CCPA/CPRA (California):
- All consumer rights explained
- No data sales policy
- Non-discrimination guarantee
CBUAE/SCA Compliance:
- AML/sanctions screening
- Transaction monitoring
- Regulatory reporting framework
Industry Best Practices (per RedotPay/Crypto.com):
Industry Best Practices (per RedotPay/Crypto.com):
- No data sales
- Transparent sharing policies
- Clear opt-out mechanisms
- 30-day response SLA
DISCLAIMER
This Privacy Policy is provided as a template and should be reviewed by qualified legal counsel licensed in the United Arab Emirates before publication. This document does not constitute legal advice.
FOR QUESTIONS OR CONCERNS:
Contact our Privacy Officer at privacy@spend-x.com
We are committed to protecting your personal data and respecting your privacy rights.
© 2025 SPEND-X L.L.C-FZ. All Rights Reserved.