Privacy Policy

1 Who We Are

Leap Digital FZE LLC is a technology and digital solutions company incorporated in the Sharjah Publishing City Free Zone, United Arab Emirates. We provide web design, web development, data analytics, digital marketing, and proprietary SaaS products to businesses across the UAE, US, UK, and EU.

For the purposes of applicable data protection laws, Leap Digital FZE LLC acts as the data controller in respect of personal data collected through our website and business operations. Where we process data on behalf of our clients, we act as a data processor.

2 Information We Collect

We collect personal information in the following ways:

2.1 Information You Provide Directly

• Contact & Enquiry Data: Name, email address, phone number, company name, and message content when you contact us or submit a form.
• Newsletter Subscriptions: Email address and communication preferences.
• Client Onboarding: Business registration details, billing address, tax identification numbers, and payment information (processed securely through third-party payment providers).
• Account Data: Username, password, and profile information for SaaS platform accounts.

2.2 Information Collected Automatically

• Usage Data: Pages visited, time on site, referral source, browser type, device type, and operating system.
• Technical Data: IP address, device identifiers, session data, and log files.
• Cookies & Tracking: Data collected through cookies, pixels, and similar technologies (see Section 5).

2.3 Information from Third Parties

• Analytics data from platforms such as Google Analytics and other measurement tools.
• Business contact information from publicly available sources or professional networking platforms.
• Referrals from existing clients or partners.

3 How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, manage, and improve the services you have requested, including web development, analytics, and SaaS platforms.
• Communications: To respond to your enquiries, send service notifications, and provide customer support.
• Marketing: To send newsletters, product updates, and promotional content where you have opted in. You may unsubscribe at any time.
• Analytics & Improvement: To analyze usage patterns, measure performance, and improve our website, products, and services.
• Billing & Administration: To process payments, manage accounts, issue invoices, and maintain financial records.
• Legal Compliance: To comply with applicable laws, regulatory requirements, and legitimate business interests including fraud prevention.
• Security: To detect, prevent, and respond to fraud, abuse, or security incidents affecting our systems or users.
• Product Development: To develop new services and improve existing SaaS features based on aggregated usage insights.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent.

4 Legal Basis for Processing

For users in the European Union, United Kingdom, or other jurisdictions requiring a lawful basis, we process your personal data under the following grounds:

• Contract Performance: Processing necessary to deliver services you have requested or contracted for.
• Legitimate Interests: Where we have a legitimate business interest (e.g., improving our services, preventing fraud, direct marketing to existing clients), provided it does not override your rights and freedoms.
• Legal Obligation: Where processing is required to comply with applicable law (e.g., tax regulations, anti-money laundering).
• Consent: Where you have given explicit consent, such as newsletter subscriptions or non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.

For users in the UAE, we comply with the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL) and related implementing regulations.

5 Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website and to gather analytics data. The types of cookies we use include:

• Strictly Necessary Cookies: Essential for the website to function correctly. These cannot be disabled.
• Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics). These are set only with your consent where required by law.
• Marketing Cookies: Used to track visits across websites and deliver relevant advertising. We may use platforms such as Meta Pixel or Google Ads tags for this purpose.
• Preference Cookies: Remember your settings and preferences to improve your experience.

You can manage cookie preferences through your browser settings. Blocking certain cookies may affect website functionality. Where required by law, we will obtain your consent before placing non-essential cookies.

6 Analytics & Data Services

As a data analytics company, we apply industry-leading practices to all data we handle:

6.1 Client Analytics Implementations

When we implement analytics solutions on behalf of our clients (e.g., GA4, server-side tagging, data pipelines), we act as a data processor. The client is the data controller and is responsible for their own privacy notices and user consent mechanisms.

6.2 Data Aggregation & Anonymization

Where possible, we work with aggregated, anonymized, or pseudonymized data sets that cannot reasonably be linked back to any individual. We do not sell individual-level personal data.

6.3 Suppression Vault

Our Suppression Vault SaaS product processes email suppression lists on behalf of clients. Data uploaded to Suppression Vault is processed solely for the purpose of email list management and suppression. We do not use this data for any other purpose and apply strict access controls and encryption.

7 Sharing Your Information

We do not sell your personal data. We may share your information only in the following circumstances:

• Service Providers: Trusted third-party vendors who assist us in operating our business (e.g., cloud hosting, payment processing, email delivery, analytics tools). These parties are contractually bound to protect your data and use it only for the purposes we specify.
• Professional Advisors: Legal, accounting, or other professional advisors where necessary and under strict confidentiality obligations.
• Legal Requirements: Where required by law, court order, regulatory authority, or to protect the rights, property, or safety of Leap Digital, our clients, or others.
• Business Transfers: In connection with a merger, acquisition, or sale of all or part of our business, where the recipient is bound by equivalent data protection commitments.
• With Your Consent: For any other purpose with your explicit prior consent.

We require all third parties to implement appropriate technical and organizational security measures and to process data only in accordance with our instructions.

8 International Data Transfers

Leap Digital operates from the UAE and serves clients globally. Personal data may be transferred to and processed in countries outside your country of residence, including the UAE, EU member states, the United Kingdom, and the United States.

When transferring data from the EU/EEA or UK to countries without an adequacy decision, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• UK International Data Transfer Agreements (IDTAs); or
• Other lawful transfer mechanisms as recognized by applicable data protection authorities.

If you have questions about how we handle international transfers, please contact us using the details in Section 15.

9 Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or regulatory requirements:

• Client Data: Retained for the duration of the contract plus a minimum of 5 years for financial and legal compliance purposes.
• Marketing Data: Retained until you unsubscribe or withdraw consent, plus a reasonable suppression period.
• Website Analytics: Aggregated analytics data is retained for up to 26 months; raw log data for up to 12 months.
• Support Communications: Retained for up to 3 years after the last interaction.
• SaaS Account Data: Retained for the duration of the subscription and up to 90 days after cancellation, after which data is permanently deleted unless legally required to retain it.

Upon expiry of the applicable retention period, data is securely deleted or anonymized.

10 Data Security

We implement robust technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• Encryption of data in transit (TLS/HTTPS) and at rest (AES-256 where applicable);
• Role-based access controls and least-privilege principles;
• Regular security assessments and penetration testing;
• Secure development practices and code reviews;
• Multi-factor authentication for internal systems;
• Incident response procedures and breach notification protocols.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and affected individuals in accordance with applicable law.

11 Your Rights

Depending on your location, you may have the following rights regarding your personal data:

To exercise any of these rights, please contact us using the details in Section 15. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

These rights are not absolute and may be subject to certain exemptions under applicable law. We will explain if we are unable to fulfill a request.

12 Children's Privacy

Our website, services, and SaaS platforms are not directed at individuals under the age of 18. We do not knowingly collect personal data from children under 18 without verifiable parental consent.

If you are a parent or guardian and believe we have inadvertently collected data from a child under 18, please contact us immediately at the details below and we will promptly delete such information.

13 Third-Party Links

Our website may contain links to third-party websites, tools, or platforms (including social media channels such as Facebook). Once you leave our website, this Privacy Policy no longer applies. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies before providing any personal data.

The inclusion of any link does not imply endorsement of the linked site or its content.

14 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other business reasons. When we make changes, we will update the "Last Updated" date at the top of this page.

For material changes — particularly those that affect how we process your data or your rights — we will provide more prominent notice, such as a banner on our website or direct notification to our clients.

We encourage you to review this policy periodically. Continued use of our website or services after changes take effect constitutes acceptance of the revised policy.

15 Contact & Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Company: Leap Digital FZE LLC
• Address: Business Center, Sharjah Publishing City Free Zone, United Arab Emirates
• Phone: (+971) 555-670-206 (Monday – Friday)
• Website: leapdigital.ae

We aim to resolve all privacy-related requests and complaints within 30 days. If you remain dissatisfied after contacting us, you have the right to lodge a complaint with:

• UAE: The UAE Data Office (established under the UAE PDPL)
• EU/EEA: Your local Data Protection Authority (DPA)
• UK: The Information Commissioner's Office (ICO) — ico.org.uk