ROYALXPAY – PRIVACY POLICY

Last Updated: 02-01-2026

RoyalXPay (“RoyalXPay”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data in accordance with the laws and regulations of the United Arab Emirates, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“UAE PDPL”), its Executive Regulations, and other applicable financial, AML, and regulatory requirements.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data when you access or use the RoyalXPay mobile application, website, APIs, payment gateway services, and related services (collectively, the “Platform”).

By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy.

1. SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies to:

• Individual users (consumers)
• Business users, merchants, and corporate clients
• Senders, recipients, and authorised representatives
• Website visitors and application users

It covers all personal data processed by RoyalXPay in the course of providing its services.

2. DEFINITIONS

• Personal Data: Any data relating to an identified or identifiable natural person, as defined under UAE PDPL.
• Sensitive Personal Data: Data requiring enhanced protection, including biometric data, financial data, identification documents, and compliance-related records.
• Processing: Any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
• Data Subject: The individual to whom the Personal Data relates.

3. PERSONAL DATA WE COLLECT

We collect only the data necessary to provide our services, meet regulatory obligations, and ensure platform security.

3.1 Information You Provide Directly

• Full name
• Date of birth
• Nationality
• Gender (where required for regulatory purposes)
• Mobile number and email address
• Residential address
• Emirates ID, passport, visa, or other government-issued identification
• Selfie or biometric verification data (for identity verification)
• Business details (trade licence, TRN, ownership details, authorised signatories)
• Bank account details or payment instrument details
• Beneficiary details (name, bank, account number, country)
• Transaction-related information
• Communications with customer support

3.2 Information Collected Automatically

• IP address
• Device identifiers
• Browser type and operating system
• Login timestamps
• Transaction metadata
• App usage and interaction logs
• Cookies and similar tracking technologies (see Clause 10)

3.3 Information from Third Parties

• Licensed Payment Partners
• Banks and financial institutions
• KYC, AML, and sanctions screening providers
• UAE government entities and regulators
• Credit, fraud, and risk monitoring agencies
• Approved bill payment aggregators and service providers

4. PURPOSES OF DATA PROCESSING

• Account creation and user verification
• KYC, AML, CFT, and sanctions screening
• Processing remittance and payment transactions
• Bill payments, recharges, and digital services
• Payment gateway and merchant settlement services
• Fraud detection and prevention
• Compliance with UAE laws and regulatory obligations
• Customer support and dispute resolution
• System security and platform integrity
• Risk assessment and transaction monitoring
• Service improvement and analytics (aggregated and anonymised)
• Legal claims, audits, and investigations

5. LEGAL BASIS FOR PROCESSING

• Your consent
• Performance of a contract (providing services requested by you)
• Compliance with legal and regulatory obligations
• Protection of public interest or prevention of financial crime
• Legitimate business interests, provided such interests do not override your rights

6. SHARING AND DISCLOSURE OF PERSONAL DATA

We do not sell your Personal Data.

6.1 Payment and Financial Partners

• Licensed banks
• Payment processors
• Remittance partners
• Acquiring and settlement institutions

6.2 Compliance and Regulatory Entities

• UAE Central Bank or relevant regulators
• Law enforcement agencies
• Courts and judicial authorities
• AML/CFT monitoring bodies

6.3 Service Providers

• KYC and identity verification providers
• Cloud hosting and infrastructure providers
• Cybersecurity and fraud prevention vendors
• Bill payment and digital service aggregators

All third parties are contractually obligated to protect your data and use it only for authorised purposes.

7. CROSS-BORDER DATA TRANSFERS

• Transfers occur only to jurisdictions with adequate data protection standards or
• Appropriate safeguards (contractual, technical, and organisational) are implemented
• Transfers are limited to what is strictly necessary for service delivery or compliance

8. DATA RETENTION

• Provide services
• Comply with UAE AML, financial, tax, and regulatory requirements
• Resolve disputes and enforce agreements

Retention periods may extend beyond account closure where required by law. Once no longer required, data is securely deleted or anonymised.

9. DATA SECURITY

• Encryption of data at rest and in transit
• Secure access controls and authentication
• Regular vulnerability assessments
• Monitoring and logging of system activity
• Restricted access to sensitive data
• Staff confidentiality and data protection training

10. COOKIES AND TRACKING TECHNOLOGIES

• Enable platform functionality
• Improve user experience
• Analyse usage patterns
• Enhance security

11. YOUR RIGHTS UNDER UAE PDPL

• Access your Personal Data
• Request correction of inaccurate or incomplete data
• Request deletion of data (where legally permissible)
• Restrict or object to certain processing activities
• Withdraw consent (without affecting prior lawful processing)
• Lodge a complaint with the UAE Data Office or relevant authority

12. CHILDREN’S PRIVACY

RoyalXPay does not knowingly collect data from individuals under the age of 18. Accounts found to belong to minors will be suspended or terminated.

13. BUSINESS AND MERCHANT DATA

For business users, RoyalXPay may process:

• Corporate and ownership data
• Authorised representative details
• Transaction and settlement data
• Compliance and due diligence documentation

Such processing is conducted in accordance with UAE commercial, tax, and financial regulations.

14. CHANGES TO THIS PRIVACY POLICY

RoyalXPay may update this Privacy Policy periodically. Updates become effective upon publication on the Platform. Continued use of the Platform constitutes acceptance of the updated policy.

15. CONTACT AND DATA PROTECTION QUERIES

For privacy-related inquiries, data access requests, or complaints, please contact:

RoyalXPay – Data Protection & Compliance Team
Email: Info@royalxpay.com