Privacy Policy

Last updated: February 2026

1. Introduction

Ourea Systems FZ-LLC ("Ourea," "we," "us," or "our") is a financial technology company incorporated in the Dubai International Financial Centre (DIFC), United Arab Emirates, with its principal place of business at Cluster R, Jumeirah Lakes Towers, Dubai, UAE. We build and operate wealth management (OneView) and KYC/compliance (OneApprove) SaaS platforms for financial institutions.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you visit our websites (including ourea.com), use our products and services, or otherwise interact with us. We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including the UAE's Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and, where applicable, the General Data Protection Regulation (GDPR) for individuals in the European Economic Area.

2. Information We Collect

We collect information in the following categories:

Personal data you provide: When you contact us, request a demo, subscribe to our newsletter, or create an account, we may collect your name, email address, phone number, job title, company name, and any other information you voluntarily provide.

Account and usage data: When you use our platforms (OneView, OneApprove), we collect information necessary to provide the service, including login credentials, usage patterns, feature interactions, and configuration preferences. For enterprise customers, this may include data about authorised users and their activity within the platform.

Automatically collected data: When you visit our websites, we automatically collect certain information, including your IP address, browser type and version, device type, operating system, referring URLs, pages viewed, and the date and time of your visit.

Cookies and similar technologies: We use cookies, web beacons, and similar technologies to enhance your experience, analyse usage, and deliver personalised content. See Section 9 for further details.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, maintain, and improve our websites, products, and services;
  • Process and respond to your inquiries, demo requests, and support tickets;
  • Authenticate users and manage accounts;
  • Send you marketing communications (where you have opted in) and product updates;
  • Monitor and analyse usage patterns to improve our platforms and user experience;
  • Detect, prevent, and address fraud, security issues, and abuse;
  • Comply with legal obligations and enforce our terms and policies;
  • Conduct analytics and research to develop new products and features.

4. Legal Basis for Processing

Where applicable under GDPR or similar frameworks, we process your personal data on the following legal bases:

  • Contract performance: Processing necessary to perform our contract with you or your organisation (e.g., providing platform access, support).
  • Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services, security, and analytics, where such interests are not overridden by your rights.
  • Consent: Where you have given clear consent for specific processing (e.g., marketing emails, non-essential cookies).
  • Legal obligation: Processing necessary to comply with applicable laws and regulatory requirements.

You may withdraw consent at any time where consent is the legal basis, without affecting the lawfulness of processing based on consent before its withdrawal.

5. Data Sharing and Disclosure

We may share your personal information with:

  • Service providers: Third parties who assist us in operating our business, such as cloud hosting providers (e.g., AWS), analytics providers, email delivery services, and customer support tools. These providers are contractually bound to use your data only for the purposes we specify and to protect it in accordance with this policy.
  • Your organisation: If you access our platforms through your employer or another organisation, we may share relevant usage and account information with that organisation's administrators.
  • Legal and regulatory authorities: Where required by law, court order, or regulatory request, including to comply with anti-money laundering, sanctions, or other financial regulations.
  • Business transfers: In connection with a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity.

We do not sell your personal information to third parties.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the UAE, the United States, and the European Economic Area. These countries may have different data protection laws. Where we transfer data from the EEA or UK to countries not deemed to provide adequate protection, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, or rely on other lawful transfer mechanisms.

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. Retention periods vary depending on the type of data and purpose:

  • Account and usage data: Retained for the duration of your account plus a reasonable period thereafter for support and legal purposes;
  • Marketing and contact data: Retained until you unsubscribe or request deletion;
  • Logs and security data: Typically retained for a limited period as required for security and compliance;
  • Data processed on behalf of customers: Retained in accordance with our data processing agreements and customer instructions.

When data is no longer required, we securely delete or anonymise it.

8. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you;
  • Correction: Request correction of inaccurate or incomplete data;
  • Deletion: Request deletion of your personal data, subject to certain exceptions;
  • Portability: Request a copy of your data in a structured, machine-readable format (where applicable);
  • Restriction: Request restriction of processing in certain circumstances;
  • Objection: Object to processing based on legitimate interests or for direct marketing;
  • Withdraw consent: Withdraw consent where processing is based on consent;
  • Complaint: Lodge a complaint with a supervisory authority in your jurisdiction.

To exercise these rights, please contact us at [email protected] or the address below. We will respond within the timeframe required by applicable law. If you are an end-user of our platforms through your organisation, you may also need to contact your organisation's administrator, as they may control certain aspects of your data.

9. Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., local storage, pixels) to:

  • Essential cookies: Enable core functionality such as authentication, security, and load balancing;
  • Analytics cookies: Understand how visitors use our websites and platforms to improve our services;
  • Functional cookies: Remember your preferences and settings;
  • Marketing cookies: Deliver relevant advertisements and measure campaign effectiveness (where you have consented).

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our websites and platforms. For more information about the cookies we use, please contact us.

10. Security Measures

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit and at rest, access controls, regular security assessments, and employee training. Despite our efforts, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

11. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information without parental consent, please contact us, and we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may provide additional notice, such as an email notification or a prominent notice on our platforms. Your continued use of our Services after such changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, or if you wish to exercise your rights, please contact us:

Ourea Systems FZ-LLC
Cluster R, Jumeirah Lakes Towers (JLT)
Dubai, United Arab Emirates
Email: [email protected]

For data protection enquiries, you may also contact our data protection contact at [email protected].