DXBMARK
LEGAL DOCUMENTATIONVersion 1.0

Privacy Policy

Our policy regarding data privacy, user rights, data collection, and processing protocols.

Effective Date: June 01, 2026|Last Updated: June 01, 2026|Version: 1.0|Reading Time: 20 min read

1. Introduction

DXBMARK LLC ("DXBMARK," "we," "our," or "us") is committed to protecting your privacy and handling personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 and UK GDPR, the California Consumer Privacy Act (CCPA), and other applicable regulations in the jurisdictions where we operate.

This Privacy Policy explains how we collect, process, use, store, and protect personal data when you visit our website at https://www.dxbmark.com, use our services, or engage with DXBMARK in any capacity. Please read this policy carefully.

If you have questions, contact us at privacy@dxbmark.com.

2. Who We Are

Privacy / Data Protection Contact: privacy@dxbmark.com Legal Contact: legal@dxbmark.com Support Contact: support@dxbmark.com Billing Contact: billing@dxbmark.com Finance / Account Administration Contact: accounts@dxbmark.com Website: https://www.dxbmark.com

3. Privacy Contact and Data Protection

3.1 Privacy Contact

DXBMARK has appointed a Privacy Contact / Data Protection Contact for data protection enquiries. This does not necessarily mean that DXBMARK has appointed a statutory Data Protection Officer unless required by applicable law. For all data protection queries, rights requests, or privacy concerns, contact:

Privacy Contact: privacy@dxbmark.com

3.2 Data Protection Roles

As a Data Controller: DXBMARK acts as a data controller for:

  • Website visitor data
  • Account registration and user profile data
  • Sales and enquiry data
  • Billing and payment data
  • Marketing communication preferences
  • Support and customer service data
  • Security and compliance data
  • Business administration data

As a Data Processor: DXBMARK may act as a data processor when processing personal data on behalf of a B2B customer through:

  • SaaS products and platforms
  • Hosting and managed infrastructure services
  • Custom development projects
  • Automation and integration services
  • Dashboards, portals, and business systems

3.3 Your Responsibility as a Customer

If you upload, provide, or process personal data through DXBMARK services, you are responsible for ensuring that:

  • You have a lawful basis to collect and process that data (such as explicit consent, contractual necessity, legal obligation, or legitimate interest)
  • You have obtained necessary consents from individuals whose data you are processing
  • Your use of DXBMARK services complies with applicable data protection laws
  • You have appropriate authority to provide such data to DXBMARK

B2B customers: The customer organization is responsible for ensuring it has authority to provide personal data about its employees, contractors, customers, users, or other data subjects to DXBMARK.

B2C services: Where DXBMARK deals directly with individual consumers, DXBMARK may act as controller for customer account, billing, support, and service usage data.

4. Sources of Personal Data

DXBMARK may collect personal data from the following sources:

  • Directly from you — through website forms, account registration, enquiries, support tickets, and communications
  • From your employer or organization — when your employer engages DXBMARK for services and provides your contact details
  • From website interactions — cookies, analytics tools, and browsing activity on our website
  • From payment processors and banks — billing and transaction metadata related to service payments
  • From analytics and security tools — IP address, device data, and security signals
  • From third-party platforms — platforms you connect to or authorise DXBMARK to access as part of a service
  • From public business sources — company websites, professional profiles (LinkedIn and similar), business directories, or public registries where used for legitimate business development
  • From referrals, partners, or service providers — where a partner or third party refers your contact details to DXBMARK

5. Data We Collect

The personal data we collect depends on how you interact with DXBMARK, the services you use, and your role (website visitor, prospective customer, business customer, account holder, or authorised user).

5.1 Website and Enquiry Data

When you visit our website or submit enquiry forms, we may collect:

  • Name, email address, phone number
  • Company name, job title, industry
  • Country and region information
  • Enquiry details, message content, and attachments
  • Referral source (how you found us)
  • IP address, browser type, device information
  • Browsing activity on our website
  • Interaction with forms, pages, or content

When you submit a contact form, booking form, project enquiry form, consultation request, or similar website form, we may collect information such as your full name, email address, phone number, company name, role or title, preferred meeting date and time, business or project name, website URL, social media page links, years in business, service interests, project description, goals, expected timeline, estimated budget, business problems you are trying to solve, and your reason for contacting or wanting to work with DXBMARK.

We use this information to respond to enquiries, schedule meetings, evaluate project fit, prepare proposals, manage leads, communicate with prospective customers, create customer records, plan projects, and provide services where an engagement proceeds.

Lawful Basis: Legitimate interest (understanding website visitors and managing enquiries); consent (where required by law for non-essential cookies)

5.2 Account Registration Data

If you create an account to access DXBMARK services:

  • First name, last name
  • Email address, phone number (optional)
  • Company name, country
  • Password (stored as a one-way cryptographic hash, not plain text)
  • Account creation timestamp
  • Login timestamps and IP address
  • Account type, role, permissions
  • Authentication methods (password, two-factor authentication, OAuth)

Lawful Basis: Contract (account access); legitimate interest (security and account management)

5.3 Billing and Payment Data

We collect data necessary to process payments and manage invoices:

  • Subscription plan, billing cycle, and service details
  • Invoice history and billing status
  • Billing address, company name, tax identification
  • Payment method metadata (card type, last 4 digits, expiration date — not full card numbers)
  • Payment status, transaction history, refund records, payment disputes
  • Tax ID or VAT number (where required)

Important: Full card numbers, CVV codes, and complete payment credentials are processed by Stripe or other payment providers and are NOT stored by DXBMARK.

Payments may be processed through third-party payment processors, banks, card networks, digital wallets, and payment tools made available from time to time, including Stripe, PayPal, Link, Apple Pay, Google Pay, or other supported providers. These providers may collect and process payment method details, billing details, contact information, payment authentication data, transaction metadata, fraud prevention data, wallet information, and payment status information.

DXBMARK does not store full card numbers, CVV codes, or full payment credentials. Payment providers process such data under their own terms, privacy notices, security controls, and regulatory obligations.

Currency note: DXBMARK invoices customers primarily in USD. Customers may pay using local payment methods or local currencies through supported payment providers where available. Currency conversion, payment method charges, bank charges, card charges, and exchange-rate differences may be processed by the customer's bank or payment provider. DXBMARK records payments based on the USD amount due and/or the USD amount received, depending on the payment arrangement.

Lawful Basis: Contract (payment processing); legal obligation (tax and financial records)

5.4 Client Project Data

When you engage DXBMARK for custom development, consulting, hosting, or managed services, we may process:

  • Project requirements, specifications, and briefs
  • Business documents, workflows, and process documentation
  • Website content, brand assets, images, and media files
  • Technical documentation, architecture diagrams, and system designs
  • Access credentials, API keys, tokens, and environment variables (provided by you)
  • Deployment configuration and infrastructure details
  • Support records and project communications
  • Code, scripts, or technical materials provided by you
  • CRM data, customer lists, or contact records if provided for integration purposes
  • Test data, staging data, or production data where access is necessary for the service
  • Screenshots, logs, and technical diagnostics
  • Third-party platform account details where access is granted
  • Customer-provided databases, exports, or data feeds
  • Website or application content, media assets, and configurations

Important: Customers should not provide production credentials, sensitive personal data, or special category data unless strictly necessary for the service and agreed in writing.

Lawful Basis: Contract (service delivery); legitimate interest (project management, support, and technical delivery)

5.5 Usage and Activity Data

We collect data about how you use DXBMARK services:

  • Login activity and authentication attempts
  • Feature usage, API requests, and page views
  • Error logs and performance metrics
  • Audit logs of account changes
  • Security logs and access events
  • Device and browser information
  • Operational telemetry and system performance data

Lawful Basis: Contract (service delivery); legitimate interest (security, fraud prevention, service improvement)

5.6 SaaS Product Data

Where DXBMARK develops or operates SaaS products:

  • User accounts and workspace data
  • Configuration and preference settings
  • Customer-managed records, files, or content
  • Workflow configurations and integration data
  • API logs and activity data
  • Product-specific analytics and usage data

Product-specific privacy details may be provided on the relevant product website.

Lawful Basis: Contract (product access); legitimate interest (product improvement and security)

5.7 Hosting and Infrastructure Data

Where hosting, deployment, or infrastructure services are provided:

  • Domain records and DNS settings
  • Server logs, access logs, and error logs
  • Deployment logs and configuration data
  • Backup metadata and recovery information
  • Monitoring alerts and performance metrics
  • Security events and access attempts
  • Hosting account details and credentials (provided by you)

Lawful Basis: Contract (infrastructure service delivery); legitimate interest (security and performance)

5.8 Support and Communication Data

When you contact DXBMARK support or communicate with our team:

  • Emails, support tickets, and chat messages
  • Call notes and recordings (where applicable and where consent is obtained)
  • Attachments, files, and shared documents
  • Feedback and feature requests
  • Internal support notes and resolution history
  • Communication preferences

Where live chat, chatbot, ticketing, or support tools are enabled, we may collect name, email address, phone number, company name, chat messages, support issue descriptions, timestamps, technical metadata, attachments submitted by the user, and related support history.

DXBMARK may use support tools such as Tawk.to or similar providers to provide live chat, chatbot assistance, ticketing, support routing, and customer service communications.

Lawful Basis: Contract (support delivery); legitimate interest (service improvement and dispute resolution)

5.9 Meeting and Scheduling Data

When you book a meeting, consultation, discovery call, or support session, we may collect information such as your name, email address, phone number, company name, role, meeting date and time, time zone, meeting notes, project type, enquiry details, and calendar metadata.

DXBMARK may use scheduling tools such as Calendly, Google Meet, or similar providers to schedule meetings, send reminders, manage availability, generate calendar invitations, and conduct video or remote meetings.

Lawful Basis: Legitimate interest and contract preparation for business enquiries, consultations, scheduling, project planning, and customer communication.

5.10 Cookie and Consent Data

We collect information about your cookie preferences and consent decisions:

  • Cookie consent status and choices
  • Timestamp of consent decision and consent ID (where available)
  • Version of policy accepted
  • IP address and user agent at time of consent
  • Consent withdrawal records

Lawful Basis: Legal obligation (ePrivacy / GDPR cookie consent); legitimate interest (preference management)

5.11 Special Category and Sensitive Data

DXBMARK does not intentionally collect special category personal data (including health data, racial or ethnic origin, religious beliefs, trade union membership, genetic data, biometric data, sex life, or sexual orientation information) through its standard services.

If special category data is necessary for a specific service:

  • It will only be processed where explicitly necessary for that service
  • You must have consented in writing
  • Appropriate additional safeguards must be in place
  • Customers must not provide special category data through DXBMARK services unless expressly agreed and documented

6. How We Use Your Data

We use personal data for the following purposes:

6.1 Service Delivery

  • Providing, operating, and improving DXBMARK services
  • Managing accounts, subscriptions, and service access
  • Delivering custom projects and technical work
  • Providing technical support and account management
  • Processing payments and managing billing

6.2 Business Operations

  • Managing sales enquiries, proposals, and onboarding
  • Maintaining business records and accounting
  • Complying with tax, legal, and regulatory obligations
  • Conducting due diligence and fraud prevention
  • Communicating about service changes, maintenance, or updates

6.3 Security and Compliance

  • Detecting and preventing fraud, abuse, and unauthorized access
  • Monitoring for security threats and incidents
  • Maintaining audit logs and compliance records
  • Cooperating with law enforcement where required

6.4 Marketing (where consent is obtained or legitimate interest applies)

  • Sending marketing emails, newsletters, and promotional content
  • Analysing campaign performance and engagement
  • Retargeting website visitors through advertising where consent is obtained

DXBMARK does not sell personal data. DXBMARK does not share personal data with third parties for their independent marketing without consent.

6.5 AI-Assisted Processing

DXBMARK may use automation or AI-assisted tools to support internal workflows, technical delivery, documentation, support preparation, debugging, content generation, data analysis, customer service, and service improvement.

DXBMARK may also use company-trained chatbots or AI assistants trained on DXBMARK knowledge base materials to answer general questions about DXBMARK services, policies, processes, and support topics.

DXBMARK does not intentionally train public AI models on customer personal data, payment data, confidential project data, production data, or customer-owned business data. Customer personal data or confidential project materials should not be processed through AI-assisted tools unless necessary for the agreed service, authorized by the customer, and handled according to the applicable agreement, Data Processing Agreement, Security Statement, and documented consent or approval process.

AI-assisted responses may be informational and may require human review. AI-assisted tools are not a substitute for legal, financial, tax, security, or professional advice.

7. Third-Party Service Providers

DXBMARK uses third-party service providers to operate its business, deliver services, process payments, manage customer relationships, provide support, host systems, secure infrastructure, analyze website performance, and comply with legal and accounting obligations.

These providers may process personal data only as necessary to provide their services to DXBMARK or to DXBMARK customers. Where appropriate, DXBMARK relies on contractual safeguards, data processing terms, confidentiality obligations, vendor security documentation, and access controls.

DXBMARK uses providers in the following categories:

CategoryExample providersPurposeTypes of data processed
CRM, sales, project management, accounting, and business administrationZoho CRM, Zoho Books, Zoho Projects, or similar providersManaging leads, customer records, project delivery, invoicing, customer/vendor records, billing records, business administrationName, email, company name, billing address, invoices, payment status, tax/business identifiers, customer/vendor notes, communications, lead/customer records, project notes, requirements, files, task history
Payment processingStripe, PayPal, Link, card networks, banks, wallet providers, or similar payment providersCard payments, bank transfers, invoices, payouts, fraud checks, refunds, disputes, payment authentication, wallet-enabled payment flowsPayment metadata, transaction records, billing details, card metadata, wallet information, payout records, identity/compliance data, fraud prevention data
Email and productivityEmail, document, calendar, and productivity providers where usedBusiness email, calendars, documents, files, and communicationsEmail addresses, email content, attachments, calendars, files, contact records
Meeting and schedulingCalendly, Google Meet, or similar providersScheduling meetings, sending reminders, managing availability, creating calendar invitations, conducting remote meetingsContact details, company details, meeting date and time, time zone, meeting notes, calendar metadata, video meeting metadata
Live chat, chatbot, support, and ticketingTawk.to or similar support toolsLive chat, chatbot assistance, ticketing, support routing, customer service communicationsContact details, chat messages, support tickets, timestamps, attachments, support history, technical metadata
Consent managementCookiebot by Usercentrics or similar consent management providersCookie consent, preference management, consent records, cookie declarationsIP address, device/browser data, cookie preferences, consent choices, timestamps, consent records
Hosting, infrastructure, DNS, CDN, and securityMWHEBA LTD / MWHEBA Creative Agency, Cloudflare, Vercel, and similar hosting or infrastructure providersHosting websites and applications, DNS, CDN, security, deployment, storage, databases, backups, monitoring, bot protectionIP addresses, logs, hosted content, account data, application data, backups, technical metadata, security signals
Code repositories and deploymentGitHub, Vercel, or similar development and deployment platformsCode repositories, deployment, issue tracking, development workflows, CI/CD pipelinesCode, commits, user accounts, issue content, project materials, technical logs, deployment metadata
Search, analytics, and website performanceGoogle Search Console, Google Analytics where enabled, Google tags where enabled, and similar providersWebsite analytics, search performance, conversion tracking, website measurement, performance measurementIP address, device/browser data, page views, search and performance data, cookie preferences, interaction data
Communication and productivityWhatsApp Business, Slack, Zoom, Google Meet, email, document, calendar, and productivity providers where usedClient communication, support, meetings, project coordination, business email, calendars, documents, files, and communicationsContact details, chat messages, support tickets, call metadata, recordings where consented, email content, attachments, calendars, files, contact records
Legal, accounting, and compliance advisersAccountants, lawyers, tax advisers, registered agent servicesTax, accounting, legal compliance, company administrationBusiness records, invoices, tax records, contracts, company documents
Security and monitoringCloudflare, hosting security tools, logging/monitoring providersFraud prevention, bot protection, access logs, service reliabilityIP addresses, security logs, device data, access timestamps, threat signals

A current list of material service providers and subprocessors may be maintained in DXBMARK's Subprocessor List. Provider availability and usage may change over time depending on the service, customer project, infrastructure requirements, payment method, customer location, and written agreement.

7.1 Business Software Providers

DXBMARK may use third-party business software providers for business administration, accounting, invoicing, customer and vendor records, customer management, project delivery, support, and related operational workflows.

Zoho Books is currently used or configured for accounting, invoicing, customer/vendor records, billing records, and business administration.

Some third-party providers used by DXBMARK may publish security and compliance information, including ISO, SOC, or similar materials. Use of such providers does not mean DXBMARK itself holds those certifications.

DXBMARK does not claim that DXBMARK itself is ISO certified, SOC 2 certified, GDPR certified, or otherwise certified by virtue of using any third-party provider.

7.2 Provider Changes

Provider availability may change as DXBMARK's systems evolve. DXBMARK will update this policy where material changes affect how personal data is processed.

8. International Data Transfers

Where personal data is transferred to countries without an adequacy decision, DXBMARK and its providers rely on appropriate safeguards including:

  • Standard Contractual Clauses (SCCs): EU and UK approved contractual terms
  • Adequacy Decisions: Where applicable for the target jurisdiction
  • Supplementary Measures: Additional protections such as encryption
  • Customer Consent: Where legally required and obtained

For details on data transfer mechanisms applicable to specific services, contact privacy@dxbmark.com.

9. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law or contract.

General retention guidelines:

  • Account and contract data: Duration of the relationship plus 7 years (for legal and tax compliance)
  • Project and delivery records: Duration of the project plus 5–7 years
  • Invoice and billing data: 7 years from invoice date (tax/accounting obligations)
  • Marketing data: Until you unsubscribe or withdraw consent, then deleted promptly
  • Security and audit logs: 12–24 months (depending on service and legal obligation)
  • Support records: 3 years from resolution, unless longer period required
  • Cookie consent data: Duration of consent validity plus 1 year for audit purposes

Where we have no ongoing need to retain data, we will delete or anonymize it.

10. Your Data Protection Rights

Depending on your location and applicable law, you may have the following rights:

10.1 Right of Access

Request a copy of personal data we hold about you, including what we collect, how we use it, who we share it with, and how long we retain it.

10.2 Right to Rectification

Request correction of inaccurate or incomplete personal data.

10.3 Right to Erasure

Request deletion of your personal data where no longer necessary, where you withdraw consent, or where processing is unlawful. Exceptions apply for legal obligations, legal claims, and security purposes.

10.4 Right to Restrict Processing

Request restriction of processing where data accuracy is disputed, processing is unlawful, or you object pending verification.

10.5 Right to Data Portability

Receive your personal data in a structured, machine-readable format where processing is based on consent or contract and carried out by automated means.

10.6 Right to Object

Object to processing based on legitimate interest or for direct marketing purposes.

10.7 Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent. Withdrawal does not affect processing that occurred before withdrawal.

10.8 Right to Lodge a Complaint

Lodge a complaint with your local data protection authority (e.g., the ICO in the UK, your national supervisory authority in the EU) if you believe your rights have been violated.

10.9 How to Exercise Your Rights

Contact: privacy@dxbmark.com

Include sufficient detail to identify yourself and describe your request. We will respond within 30 days (may extend to 60 days for complex requests). Proof of identity may be required.

11. Security Measures

DXBMARK implements technical and organizational security measures to protect personal data including:

  • Encryption of data in transit (TLS/SSL)
  • Encryption of sensitive data at rest
  • Access controls and role-based permissions
  • Regular security patches and vulnerability management
  • Monitoring for security threats and intrusions
  • Incident response procedures
  • Staff data protection training and confidentiality obligations
  • Vendor security assessments

No security system is completely secure. We cannot guarantee absolute security of all personal data.

12. Data Breach Notification

If we discover a personal data breach that poses a risk to individuals:

  • We will notify relevant data protection authorities within 72 hours where legally required
  • We will notify affected individuals without undue delay
  • We will provide information about the breach and recommended protective actions
  • We will cooperate with authorities and affected individuals

13. Children's Data

DXBMARK services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that a child's data has been collected, we will delete it promptly. If you believe a child's data has been provided to DXBMARK, contact privacy@dxbmark.com immediately.

14. Automated Decision-Making and Profiling

DXBMARK does not use fully automated decision-making or algorithmic profiling that has significant legal or similarly significant effects on you without informing you and providing an opportunity for human review.

Limited profiling may occur for:

  • Fraud detection and prevention
  • Service recommendations
  • Marketing segmentation (where consent is obtained)
  • Analytics and improvement

Where profiling significantly affects you, you have the right to request human review.

15. Marketing Preferences

We may send you marketing emails, newsletters, and promotional content where permitted by law. You can:

  • Unsubscribe from marketing emails using the unsubscribe link in any email
  • Update your communication preferences in your account settings
  • Request unsubscribe by contacting privacy@dxbmark.com

Transactional emails (account notifications, receipts, service updates) will continue even if you unsubscribe from marketing.

16. Cookie Policy

Information about cookies is provided in our separate Cookie Policy at https://www.dxbmark.com/legal/cookie-policy/. That policy explains:

  • Types of cookies we use
  • Purposes and retention periods
  • How to manage and withdraw cookie preferences

17. Third-Party Links

DXBMARK websites may contain links to third-party websites, services, and platforms. We are not responsible for their privacy practices. Please review their privacy policies before providing personal data.

18. Updates to This Privacy Policy

DXBMARK may update this Privacy Policy at any time to reflect changes in legal requirements, business practices, technology, or service offerings. We will notify you of material changes by:

  • Posting the updated policy on our website with a "Last Updated" date
  • Sending email notification for significant changes (where contact information is available)

Continued use of DXBMARK services after updates constitutes acceptance of the updated policy.

19. Mandatory Rights Preserved

This Privacy Policy does not limit any mandatory data protection rights you may have under applicable law. Where mandatory rights apply, they are preserved regardless of this policy.

20. Contact Information

For privacy questions or to exercise your rights:

Privacy / Data Protection Contact: privacy@dxbmark.com Legal Contact: legal@dxbmark.com Support: support@dxbmark.com

End of Privacy Policy