Version 2026-04-21
Related: Terms of Service · Data Processing Addendum · Acceptable Use Policy
SwiftDeal Ventures FZ LLC, a UAE free-zone company ("SDV-FZ", "we", "us"), is the operator of SDV-FZ OS (the "Service") and is the controller of personal data about our direct customers and the processor of personal data that our customers (restaurants and hospitality operators) upload about their employees, suppliers, and end customers.
Account data: name, email, phone, role, password hash, MFA status, preferences, authentication tokens.
Customer business data: restaurant details, locations, menu, inventory, suppliers, purchase orders, invoices, expenses, HR records, payroll, shift schedules, training status.
Customer end-user data (controlled by the restaurant, processed by us): staff details, supplier contact details, customer contact details and preferences where the restaurant uses marketing features, loyalty balances, and campaign engagement metrics.
Technical and usage data: IP address, browser user-agent, device type, coarse location derived from IP, session IDs, in-app actions, performance metrics, error reports.
AI interaction data: prompts, uploaded documents (e.g. invoices), AI responses, and related metadata.
Contract: to provide and operate the Service you have subscribed to.
Legitimate interests: to secure the Service, prevent fraud and abuse, measure and improve performance, and communicate operational updates. We balance these against your rights and do not override fundamental rights and freedoms.
Consent: for optional features such as marketing emails from us, where required by law. You may withdraw consent at any time.
Legal obligation: to comply with tax, AML, and regulatory obligations applicable to us.
To provide and secure the Service, authenticate users, process payments, send transactional messages (welcome, billing, alerts, incident notices), monitor errors, detect abuse, enforce our terms, and generate anonymised aggregate analytics that cannot reasonably be used to identify an individual.
We do not sell personal data. We do not use Customer Data to train foundation models for third parties.
Our primary hosting region is US-East (Neon PostgreSQL) and sub-processors are listed below with their regions. Where personal data is transferred from the EU/EEA, UK, or UAE to a jurisdiction without an adequacy decision, we rely on Standard Contractual Clauses (EU SCCs, UK IDTA) and/or binding intra-group commitments as applicable.
Active account and Customer Data: retained for the life of the subscription and for 30 days after termination, then deleted, except where a longer period is required by law (e.g. tax records — up to 5 years under UAE law).
Backups: encrypted backups retained on a rolling 30-day window.
Security and audit logs: 12 months. Financial records: as required by law. Marketing preferences and suppression lists: kept until withdrawn (suppression lists are retained specifically to respect opt-outs).
Subject to your jurisdiction (UAE PDPL, EU/UK GDPR, California CCPA, and others), you have rights to access, correct, delete, restrict, port, and object to processing, and to withdraw consent. You may also lodge a complaint with your local data-protection authority.
You may exercise these rights at sagar@swiftdealventures-fz.com. We will respond within 30 days; complex requests may take up to 60 days with notice.
We apply industry-standard safeguards: TLS in transit, AES encryption at rest for storage-level data, bcrypt password hashing, per-tenant query isolation, role-based access control, audit logging on sensitive actions, rate limiting, and required multi-factor authentication for OWNER accounts. We run cron-level observability and error-analysis telemetry to detect anomalies. No system is perfectly secure; you are responsible for keeping your credentials safe.
We use strictly necessary cookies for authentication and session state. We do not use advertising cookies or third-party tracking cookies. The Service is a business application, not a marketing website.
The Service is not directed to children under 18. We do not knowingly collect personal data from minors.
If we become aware of a personal data breach that poses a risk to affected individuals, we will notify affected customers without undue delay and, where feasible, within 72 hours of becoming aware, in line with UAE PDPL, GDPR, and applicable law.
We may update this Privacy Policy. Material changes will be notified by email or in-app and, where consent is required, re-acceptance will be requested on next login.
We use the following sub-processors to operate the Service. Each is bound by contract to protect Customer Data to a standard at least as protective as this Policy. We will give reasonable advance notice of any change.
Data Protection contact: sagar@swiftdealventures-fz.com · SwiftDeal Ventures FZ LLC, Dubai, United Arab Emirates.