Privacy Policy

Last updated: April 2026 · Compliant with UAE PDPL (Federal Decree-Law No. 45 of 2021)

1. Data We Collect

  • Account data: name, email address, company name, TRN (Tax Registration Number)
  • GHG data: emissions inputs, activity data, calculated figures, report outputs
  • Invoice data: buyer/seller details, line items, amounts, VAT figures
  • Usage data: page views, feature interactions (via PostHog, anonymized)
  • Technical data: IP address, browser type, session tokens

2. How We Use Your Data

  • Delivering the compliance reporting and e-invoicing services
  • Sending transactional emails (account, invoices, compliance reminders)
  • Improving the Platform through anonymized analytics
  • Complying with UAE legal obligations

3. Data Storage and Retention

Data is stored on Supabase (AWS ap-south-1, Mumbai). UAE data residency is not currently available — we will migrate to a UAE region when Supabase makes it available.

Invoice data is retained for a minimum of 5 years in accordance with UAE VAT Law (Federal Decree-Law No. 8 of 2017, Article 78) and Federal Tax Authority requirements. GHG records are retained for a minimum of 5 years in accordance with Article 14 of Federal Decree-Law No. 11 of 2024. Account data is retained for the duration of your subscription plus 12 months.

4. Your Rights (UAE PDPL)

Under UAE Federal Decree-Law No. 45 of 2021, you have the right to: access your personal data; request correction of inaccurate data; request deletion (subject to legal retention obligations); withdraw consent for non-essential processing.

Data portability: You can export a complete copy of all your personal data — including your profile, invoices, GHG reports, and audit logs — directly from your account settings page (Settings → Personal → Export Your Data). Exports are available once every 24 hours.

To exercise other PDPL rights, email privacy@smart-fenek.ae.

5. Third-Party Services and AI Processing

  • Supabase — database and authentication (AWS Mumbai)
  • Resend — transactional email delivery
  • PostHog — anonymized product analytics (no PII shared)
  • Better Stack — error logging (no user content)
  • Vercel — hosting and edge delivery
  • Anthropic Claude AI — When you use the invoice extraction feature to upload a document (PDF, image, Excel, or Word), the document content is sent to Anthropic's Claude API for AI-powered data extraction and validation. This processing occurs on Anthropic's servers located in the United States. Anthropic's data processing is governed by their Privacy Policy. If you do not wish your invoice documents to be processed by Anthropic Claude, you may choose to enter invoice data manually instead of using the extraction feature.

We do not sell your data to any third party.

6. Cookies

We use essential session cookies for authentication and anonymized analytics cookies via PostHog. No advertising or tracking cookies are used.

7. Contact

Privacy enquiries: privacy@smart-fenek.ae

See also: Terms of Service