Privacy Policy

1. Who we are

ADIBA LLC is the data controller responsible for the personal data described in this policy. We operate the ADIBA Banking Cloud suite, including ADIBA Open Banking and ADIBA Retail Engine, together with our marketing websites and customer console.

You can reach our data protection team at hello@adiba.app or by post at Office No. 4, Floor 9-902, QFC Tower 1, West Bay, Doha, Qatar.

2. Scope and our ISMS commitment

This policy applies to personal data we process through our websites, the ADIBA console, our APIs, and our commercial and support relationships. It does not apply to the data our customers process on their own end-users where the customer is the controller — in those cases we act as a data processor under a written data processing agreement.

We maintain an Information Security Management System (ISMS) built around recognised standards (such as ISO/IEC 27001 principles). Data protection is embedded in that ISMS through documented controls covering confidentiality, integrity, availability, access management, encryption, logging, vendor risk and incident response.

3. The data we collect

• Identity and contact data — name, business email, phone number, employer, job title.
• Account and authentication data — login identifiers, credentials and session/security metadata for the ADIBA console.
• Commercial data — the markets, products and use cases you tell us about, and the contents of your enquiries.
• Technical data — IP address, device and browser information, and diagnostic logs needed to keep our services secure and reliable.
• Usage data — how you interact with our websites and console, collected via cookies and similar technologies (see our Cookie Policy).

4. How we use personal data

We process personal data only where we have a lawful basis to do so, including:

• Performance of a contract — to provide, operate and support the ADIBA Suite and respond to your requests.
• Legitimate interests — to secure our platform, prevent fraud and abuse, understand product usage, and grow our business responsibly.
• Legal obligation — to meet accounting, regulatory, anti-money-laundering and other legal requirements.
• Consent — for optional marketing communications and non-essential cookies, which you can withdraw at any time.

5. Data security

Consistent with our ISMS, we apply technical and organisational measures appropriate to the risk, including encryption of data in transit and at rest, role-based access controls and least-privilege access, network segmentation, continuous monitoring and audit logging, regular vulnerability management and penetration testing, and documented secure development practices.

Access to personal data is restricted to authorised personnel who are bound by confidentiality obligations and security training.

6. Sharing and international transfers

We share personal data only with vetted sub-processors and service providers (such as cloud hosting, communications and analytics providers) under contracts that require appropriate safeguards, and with authorities where required by law.

Because ADIBA operates globally, personal data may be transferred to and processed in countries other than your own. Where we transfer data internationally, we rely on appropriate safeguards such as standard contractual clauses or equivalent legally recognised mechanisms.

7. Data retention

We keep personal data only for as long as necessary for the purposes set out in this policy, to comply with our legal and regulatory obligations, to resolve disputes and to enforce our agreements. Retention periods are defined in our ISMS records-management controls and reviewed periodically.

8. Your rights

Subject to applicable law, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request erasure of your data in certain circumstances.
• Object to or restrict certain processing.
• Request portability of data you provided to us.
• Withdraw consent where processing is based on consent.

9. How to exercise your rights

To exercise any of these rights, contact us at hello@adiba.app, marked for the attention of the Data Protection Officer. We will respond within the timeframes required by applicable law and may need to verify your identity before acting on a request.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by updating the date below, and where appropriate we will provide additional notice.