Qinfi Logo

Privacy Policy

Last Updated: 15 December 2025

Effective Date: 15 December 2025

Welcome to [Super App Name] (’we,’ ’our,’ or ’us’), an innovative platform offering digital banking and cryptocurrency exchange services. Protecting and respecting your privacy is a priority for us. This Privacy Policy explains how we collect, use, share, and protect your personal data, as well as the rights you have regarding your data. By using our services, you agree to the practices described herein.

This policy is drafted in compliance with the General Data Protection Regulation (GDPR) of the European Union, the UAE Federal Decree-Law No. 45 of 2021 Regarding the Protection of Personal Data, and the DIFC Data Protection Law. Should there be any conflict between these regulations, the stricter standard protecting user privacy shall apply, subject to applicable law.

We encourage you to read this Privacy Policy carefully. If you have any questions, you may contact our designated Data Protection Officer (DPO) once their information is made available.

1. Definitions

For the purposes of this Privacy Policy:

  • Personal Data : Any information that identifies or could reasonably identify a natural person, including but not limited to name, contact details, financial
  • Controller : Quranium SA, as the entity that determines the purpose and means of processing your Personal Data.
  • Processor : Third-party entities processing your Personal Data on behalf of the Controller.

2. Categories of Personal Data Collected

We collect and process the following categories of Personal Data:

  • 2.1. Identifiers
    •  Name, date of birth, nationality.
    •  Contact information: email address, phone number, physical address.
  • 2.2. Financial Data
    • Bank account details, transaction history, payment card information.
    • Cryptocurrency wallet addresses, cryptocurrency transactions
  • 2.3. Sensitive Data
    • Biometric information (e.g., fingerprints, facial recognition, retina scans) where explicitly required for authentication.
    • Passwords and security credentials.
  • 2.4. Usage Data
    • Technical information such as IP address, browser type, device identifiers, and geolocation.
  • 2.5. Interactions
    • Information provided during customer service interactions or user-initiated requests made via our app, website, or support channels.

3. Sources and Collection Methods

We may collect your Personal Data through:

  • Direct Interactions : When you register, use our services, or fill in forms on the mobile app or website.
  • Legal Authorities : if required to comply with applicable laws, regulations, or legal processes.
  • Business Transfers : in connection with a merger, sale, or asset transfer, your information may be transferred as part of that transaction.
  • With Your Consent : in cases where you have given explicit permission.

4. Purpose of Data Processing

We process your Personal Data to:

  • Provide services, including enabling crypto exchanges, digital banking transactions, and wallet management.
  • Comply with legal obligations (e.g., anti-money laundering (AML), know-your-customer (KYC) verifications).
  • Enforce security measures and prevent fraud.
  • Communicate with you regarding account updates, policy changes, and relevant service announcements.
  • Carry out user analysis and improve app functionality in line with your rights.
  • Fulfill contractual obligations under your terms of service agreement with us.

5. Lawful Grounds for Processing

We process Personal Data based on the following legal justifications:

  • Performance of a Contract :  To provide core app services, including account management and transaction processing.
  • Legal Obligations : To comply with GDPR, UAE data protection laws, and AML/KYC regulations.
  • Legitimate Interests : To maintain app security, detect fraud, and enable user support.
  • Consent : For any data collection that requires explicit consent, such as biometric data or marketing communications.

In cases where your consent is the legal basis, you may withdraw it at any time without affecting the legality of processing based on prior consent.

6. Data Sharing

Your Personal Data may be shared with the following categories of recipients:

  • Payment Processors :  To facilitate transactions within the app.
  • Regulatory Authorities : For compliance with laws, investigations, or regulatory audits.
  • Technology Service Providers : These include cloud hosting services, analytics platforms, and customer support tools.
  • Affiliated Companies : When necessary for app functionality or asset management.

We ensure that third-party processors only handle your data under strict contractual agreements, adhering to applicable data protection standards.
We do not sell your Personal Data to third parties or engage in targeted advertising using your sensitive data.

7. International Data Transfers

As our operations may involve cross-border transactions, your Personal Data may be transferred to jurisdictions outside of the European Economic Area (EEA) or UAE. Such transfers will occur:

  • Only under Adequacy Decisions :  Where the receiving jurisdiction ensures an adequate level of protection as determined by the European Commission or UAE regulators.
  • With Safeguards : Implementing data protection clauses, Binding Corporate Rules (BCRs), or other appropriate security mechanisms.

Please contact us for more information on safeguards used for such transfers.

8. User Rights

Under GDPR and UAE data protection laws, you are entitled to:

  • Access :  Request a copy of your Personal Data.
  • Correction :  Update or correct inaccurate data.
  • Erasure :  Request data deletion under specified circumstances (e.g., withdrawal of consent, no longer necessary for processing).
  • Restriction :  Limit processing of your data in cases of dispute.
  • Data Portability :  Receive a copy of your data in a structured, machine-readable format.
  • Objection :  Oppose data processing for legitimate interests or profiling.
  • Withdraw Consent :  When processing is based on your consent.

To exercise these rights, please contact us via the mechanisms provided in Section 11.

9. Data Retention

We retain your Personal Data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required by law.

  • Financial records :  Retained for 7 years to comply with accounting and legal obligations.
  • Biometric data :  Retained for 1 year from account deactivation unless legal purposes require otherwise.
  • Transactional data :  Retained for 5 years from transaction date in compliance with AML/KYC requirements.

After expiration of these periods, the data will be securely deleted or anonymized.

10. Security Measures

We implement industry-standard measures to protect your Personal Data, including:

  • Advanced encryption for data in transit and storage.
  • Regular penetration testing to identify and address vulnerabilities.
  • Multi-factor authentication for account access.
  • Role-based access controls for our staff and third-party partners.

Please note that while we take serious measures to secure data, no system is fully immune from potential intrusions. Users should ensure their passwords and authentication mechanisms are kept secure.

11. How to Contact Us

For questions about this Privacy Policy or to exercise your rights, you may contact us using the following method:

We encourage you to contact us first to resolve complaints or concerns.

12. Updates and Amendments

We reserve the right to update this Privacy Policy to reflect changes in our practices or applicable laws. Any updates will be posted on our app and website, and we will notify users in advance via email or in-app notifications where required.

This Privacy Policy is subject to local laws in the UAE and shall be interpreted in accordance with applicable legislation.