FORFAIT
Sign inApply
Legal · v1.0 · draft

Privacy policy.

Draft — under counsel review

This policy is a working draft pending counsel sign-off. Members will be notified when the finalised version takes effect.

Last updated
To be set on counsel sign-off
Controller
Forfait Representation of Companies LLC
Jurisdiction
United Arab Emirates
Contact
mazen@forfait.me

§1Who we are

Forfait Representation of Companies LLC ("Forfait") is the data controller for personal data collected through forfait.me. We are an Abu Dhabi limited liability company. You can reach our data protection contact at mazen@forfait.me.

§2What we collect

We collect:

  • Account data: name, email, phone, password hash, member reference, role.
  • Identity & KYC data (Investor/Professional tiers only): passport / Emirates ID / equivalent national ID, proof of address, source-of-funds attestation, accreditation evidence where applicable.
  • Activity data: pages viewed, downloads, queries, audit-chain entries for actions you take.
  • Communications: emails, support tickets, and call notes when you contact us.
  • Payment data: billing entity, address, VAT number. Card numbers are processed by Stripe and never stored on our servers.
  • Technical data: IP address, browser user agent, session timestamps. Used for security and fraud prevention.

§3How we use it

We use personal data to:

  • Provide the Platform services for which you registered.
  • Review membership applications and process KYC.
  • Process payments and issue invoices.
  • Communicate with you about your account, mandates, and the marketplace.
  • Maintain the audit chain for governance and compliance purposes.
  • Detect, prevent, and investigate security incidents and fraud.
  • Comply with legal obligations including anti-money-laundering law.

§4Legal basis

We process personal data on the following bases:

  • Contract: to provide the Platform services you have subscribed to.
  • Legal obligation: for AML/KYC and accounting record-keeping.
  • Legitimate interest: for security monitoring, fraud prevention, and product improvement (subject to your rights described below).
  • Consent: for marketing communications you have opted into; withdrawable at any time.

§5Sharing

We share personal data with:

  • Service providers we rely on (cloud hosting, payment processing, email delivery, KYC vendors), under contractual confidentiality and data-processing terms.
  • Opportunity sponsors when you submit an access request for one of their listings — we share only what is needed for them to decide whether to grant materials.
  • Regulators and law enforcement where compelled by valid legal process.
  • Successors in interest in the event of a corporate transaction (merger, acquisition, restructuring), subject to equivalent privacy protections.
We do not sell personal data. We do not show third-party advertising on the Platform.

§6Retention

We retain account and audit-chain data for the duration of your membership and for a further seven years thereafter for compliance and dispute-resolution purposes. KYC documents are retained for the period required by UAE anti-money-laundering law. Marketing data is retained until you withdraw consent.

§7Data residency

By default, Platform data is hosted in cloud regions serving the UAE/GCC. Investor and Professional members may request specific data residency at onboarding (EU, US conditional); requests are subject to legal review. KYC documents are stored in regions consistent with UAE regulatory expectations.

§8Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request erasure, subject to our retention obligations.
  • Restrict or object to certain processing.
  • Receive a portable copy of data you have provided.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with a supervisory authority.
To exercise any of these rights, email mazen@forfait.me. We respond within 30 days.

§9Cookies & tracking

We use a minimal set of strictly necessary cookies for session management. We do not use third-party analytics, advertising trackers, or social-network pixels. We may use first-party analytics on aggregated, non-identifying usage data to improve the Platform.

§10Security

We apply industry-standard administrative, technical, and physical safeguards to protect personal data. These include encryption in transit and at rest, access controls scoped to role, audit-chain logging of sensitive actions, and routine security reviews. No system is perfectly secure; we will notify affected members of any material breach within 72 hours of discovery.

§11Children

The Platform is not directed to children under 18 and we do not knowingly collect data from them. If you believe a child has provided us personal data, contact us and we will delete it.

§12Changes

We will update this policy from time to time. Material changes will be notified to members at least 30 days before they take effect. The "last updated" date at the top reflects the current version.

§13Contact

For privacy questions, write to mazen@forfait.me or by post to Forfait Representation of Companies LLC, Abu Dhabi, United Arab Emirates.