Privacy Policy

PRIVACY POLICY This Privacy Policy explains how Digital Minds Web Solutions LLC FZ (referred to as "we," "us," or "our") collects, uses, shares, and protects your personal data when you register for and use our online SaaS platform (the "Platform"). This policy applies to merchants and users of our Platform (referred to as "you" or "Merchant"). We are committed to protecting your privacy and handling your data in a transparent manner, in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR). 1. DATA WE COLLECT We collect various types of personal data to provide and improve our Platform: 1.1 Registration Data: When you register for an account, we collect information such as your name, email address, company name, business address, phone number, and other relevant company details. 1.2 Usage Data: We automatically collect information about your interaction with our Platform, including your IP address, browser type, operating system, login activity, pages viewed, features used, and the dates/times of your visits. This helps us understand how our Platform is used and improve its functionality. 1.3 Payment-Related Data: While we do not directly process payment card information, we may collect data related to your payment transactions, such as transaction amounts, dates, and payment status. This data is securely shared with our Payment Service Provider (PSP) to facilitate your transactions on the Platform. The PSP is responsible for processing your sensitive payment card details. 2. HOW WE USE YOUR DATA We use the collected data for the following purposes: 2.1 To Provide and Maintain Our Platform: To operate, maintain, and provide you with access to your merchant account dashboard and all features of our SaaS platform. 2.2 To Communicate with You: To send you service-related notifications, updates, security alerts, and support messages. We may also send you marketing communications if you have opted in to receive them. 2.3 For Security and Fraud Prevention: To protect our Platform and users from fraud, unauthorized access, and other security threats. 2.4 For Legal Compliance: To comply with applicable laws, regulations, and legal processes, such as tax and accounting requirements. 3. LEGAL BASIS FOR PROCESSING We process your personal data based on the following legal grounds:

3.1 Contractual Necessity: Processing is necessary for the performance of the contract between you and us, specifically to provide you with access to and use of our Platform. 3.2 Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax laws, anti-money laundering regulations). 3.3 Legitimate Interests: Processing is necessary for our legitimate interests, such as improving our services, ensuring the security of our Platform, and preventing fraud, provided these interests do not override your fundamental rights and freedoms. 3.4 Consent: In certain cases, we may rely on your explicit consent for specific processing activities, such as sending marketing communications. You have the right to withdraw your consent at any time. 4. COOKIES AND TRACKING TECHNOLOGIES We use cookies and similar tracking technologies (e.g., web beacons, pixels) to enhance your experience on our Platform, analyze usage patterns, and remember your preferences. You can manage your cookie preferences through your browser settings. For more detailed information, please refer to our website. 5. HOW WE SHARE YOUR DATA We may share your personal data with the following categories of recipients: 5.1 Payment Service Providers (PSPs): We securely share payment-related data with our trusted PSPs to process transactions and manage payments on your behalf. Our PSPs are contractually obligated to protect your data and comply with relevant data protection standards. 5.2 Third-Party Service Providers: We engage third-party service providers to perform functions on our behalf, such as hosting, data analytics, customer support, and email delivery. These providers only have access to the personal data necessary to perform their functions and are bound by contractual obligations to protect your data. 5.3 Legal Authorities: We may disclose your data if required by law, court order, or governmental regulation, or if we believe such action is necessary to comply with legal obligations, protect our rights or property, or ensure the safety of our users or the public. 6. DATA SECURITY We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, firewalls, secure servers, and access controls. While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure.

7. DATA RETENTION We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period is determined based on the type of data, the purpose of processing, and applicable legal obligations. 8. YOUR DATA PROTECTION RIGHTS Depending on your location and applicable data protection laws, you may have the following rights regarding your personal data: 8.1 Right to Access: You have the right to request a copy of the personal data we hold about you. 8.2 Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data. 8.3 Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data under certain circumstances. 8.4 Right to Restriction of Processing: You may request the restriction of processing your personal data under specific conditions. 8.5 Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, or to have it transmitted to another controller. 8.6 Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. 8.7 Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw your consent at any time. To exercise any of these rights, please contact us using the details provided in Section 11. 9. INTERNATIONAL DATA TRANSFERS Your personal data may be transferred to, and stored at, a destination outside of the European Economic Area (EEA) or United Arab Emirates. Where such transfers occur, we ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, to ensure your data receives an adequate level of protection. 10. CHANGES TO THIS POLICY We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be posted on our Platform with a revised "Last Updated" date. We will notify you of any significant changes through email or a prominent notice on our Platform.

11. CONTACT US If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: Email: support@yallapay.net Address: Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba Dubai, United Arab Emirates You also have the right to lodge a complaint with your local data protection supervisory authority. 12. MERCHANT AGREEMENT REFERENCE This Privacy Policy is an integral part of our Merchant Agreement. For further details on the terms and conditions governing your use of our Platform, please login merchant account and refer to the full https://console.yallapay.net/v1/documents/merchantagreement. Last Updated: 2025-10-15 Draft a clear and legally compliant “Privacy Policy” for an online SaaS platform that allows merchants to register and use an account dashboard/panel.