Privacy Policy

CONTROLLER: Fliq Technologies Ltd. - registered in the DIFC, Dubai, UAE

LAST UPDATED: April, 2026

PRIMARY LAW: DIFC Data Protection Law No. 5 of 2020

This Privacy Policy explains how Fliq Technologies Ltd. ("Fliq") collects, uses, discloses, stores, and protects your personal data when you access or use our Services - including our mobile application, website, and all related services. By accessing or using the Services, you acknowledge that you have read and understood this Policy.

Fliq Technologies Ltd. ("Fliq," "Company," "we," "us," or "our") is incorporated and registered in the Dubai International Financial Centre ("DIFC"), Dubai, United Arab Emirates. We operate the Fliq live commerce platform, including our mobile application, website, and all related services (collectively, the "Services").

This Policy should be read together with our Terms of Service and any other policies referenced therein. If you do not agree with the practices described herein, please do not use the Services.

As a DIFC-registered entity, we are primarily subject to DIFC Data Protection Law No. 5 of 2020 ("DIFC DP Law") and the DIFC Data Protection Regulations, as administered and enforced by the Commissioner of Data Protection appointed by the DIFC Authority.

To the extent that our Services involve the processing of personal data of individuals located on the UAE mainland, we also comply with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("PDPL") and its executive regulations. Where Users are located in the Abu Dhabi Global Market (“ADGM”), the ADGM Data Protection Regulations 2021 shall apply to the extent required.

We are further guided by UAE Federal Decree-Law No. 14 of 2023 on Commerce through Modern Means of Technology and Federal Decree-Law No. 5 of 2023 on Consumer Protection.

Where our users are located in other GCC jurisdictions, we comply with the data protection laws applicable in those jurisdictions, including the Saudi Arabia Personal Data Protection Law, the Bahrain Personal Data Protection Law (Law No. 30 of 2018), and the Qatar Law No. 13 of 2016 on Privacy and Protection of Personal Data.

For the purposes of the DIFC DP Law and applicable data protection legislation, the data controller is:

• Fliq Technologies Ltd.
• Registered in the Dubai International Financial Centre (DIFC), Dubai, UAE
• General Privacy Enquiries: privacy@fliq.ae
• Data Protection Officer (DPO): dpo@fliq.ae

We collect personal data in several ways when you interact with our Services. The categories and types of data we collect are described below

4.1 Information You Provide Directly

• Account Registration: full name, email address, phone number, date of birth, profile photograph, username, and password.
• Identity Verification (KYC): copies of your Emirates ID, passport, or other government-issued identification, as well as selfie verification images.
• Seller Information: trade licence or commercial registration number, Tax Registration Number (TRN), bank account details for disbursements, and any other information required for seller onboarding.
• Payment Information: payment card details (processed and stored by our third-party payment service providers, not by Fliq directly), billing address, Apple Pay or Google Pay account identifiers, and transaction history.
• User Content: video and audio content from your livestream broadcasts, chat messages, comments, product listings, descriptions, images, reviews, and any other content you submit through Services.
• Communications: messages, emails, and other communications you send to our customer support team or other Users through the Platform’s messaging features
• Shipping Information: shipping addresses, delivery preferences, and recipient information provided for order fulfilment.

4.2 Information Collected Automatically

• Device and Technical Data: IP address, device type, operating system, browser type and version, unique device identifiers, mobile network information, and screen resolution
• Usage Data: pages visited, features used, livestreams viewed or hosted, search queries, click patterns, time spent on pages, items viewed, bids placed, purchases made
• Location Data: approximate location derived from your IP address; with consent, precise location data from your mobile device
• Cookies and Tracking Technologies — see Section 11 for full details
• Log and Diagnostic Data: server logs, crash reports, performance data, and diagnostic information

4.3 Information from Third Parties

• Social Login Providers: if you log in using Google or Apple, we may receive your name, email address, and profile information
• Payment Service Providers: our payment processors may share limited transaction information with us
• Identity Verification Providers: identity verification results, fraud risk assessments, and sanctions screening results
• Logistics Partners: delivery status updates, tracking information, and delivery confirmation
• Public Sources: publicly available information from business registries and trade licence databases

4.4 Sensitive Personal Data

We do not intentionally collect sensitive personal data (also known as special categories of data), such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or criminal records, except where: (a) it is strictly necessary for identity verification or fraud prevention (e.g., government-issued ID containing biometric data); (b) you voluntarily provide it (e.g., in Livestream content); or (c) we are required to do so by applicable law. Where we process sensitive personal data, we do so with your explicit consent or as otherwise permitted under the DIFC DP Law and applicable legislation.

We process your personal data for the following purposes and on the following legal bases under the DIFC DP Law:

5.1 Performance of Contract

We process your data where it is necessary for the performance of our contract with you, including to:

• Create, maintain, and manage your account
• Facilitate transactions between buyers and sellers, including processing payments, arranging shipping, and managing returns and refunds
• Enable you to host and participate in livestreams
• Verify your identity for seller onboarding and KYC compliance
• Provide customer support and respond to your enquiries
• Send you transactional communications such as order confirmations, shipping updates, and payment receipts

5.2 Legitimate Interests

We process your data where it is necessary for our legitimate interests (or those of a third party), provided those interests are not overridden by your rights and freedoms. These legitimate interests include

• Improving, personalising, and optimising the Services by analysing usage patterns and user behaviour
• Detecting, preventing, and investigating fraud, security incidents, and other harmful or unauthorised activity
• Ensuring the safety, security, and integrity of the Platform and its users
• Enforcing our Terms of Service, Community Guidelines, and other policies
• Conducting internal analytics, research, and business intelligence
• Protecting our legal rights and interests, including in connection with legal claims and proceedings

5.3 Consent

Where required by applicable law, we process your personal data based on your consent. Consent-based processing includes:

• Sending you marketing and promotional communications, including push notifications, emails, and SMS messages
• Collecting precise geolocation data from your mobile device
• Using certain non-essential cookies and tracking technologies for advertising and analytics purposes
• Sharing your data with third-party advertising partners for targeted advertising

You may withdraw your consent at any time by contacting us at privacy@fliq.ae or through the settings in the app, without affecting the lawfulness of processing carried out before withdrawal.

5.4 Legal Obligations

• Complying with anti-money laundering (AML), counter-terrorism financing (CTF), and sanctions screening requirements under UAE Federal Decree-Law No. 20 of 2018 and the DIFC AML Rules issued by the Dubai Financial Services Authority (DFSA).
• Responding to lawful requests from law enforcement, regulatory authorities, and the DIFC Courts
• Maintaining records for tax, accounting, and audit purposes as required by UAE law
• Reporting suspicious activity to the UAE Financial Intelligence Unit or other competent authorities

5.5 Vital Interests and Public Interest

In exceptional circumstances, we may process your personal data to protect your vital interests or those of another person, or where processing is necessary for reasons of substantial public interest.

6.1 Other Users

Certain information is visible to other users as part of the normal functioning of the Platform. For Sellers: seller profile name, ratings, reviews, and livestream content. For Buyers: username, profile picture, and comments or bids placed during livestreams.

6.2 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including payment processing, cloud hosting, identity verification, shipping and logistics, customer support, analytics, marketing, content moderation, and trust and safety tools. These service providers are contractually bound to process your data only on our instructions and in accordance with this Policy and applicable data protection law. They are prohibited from using your personal data for their own purposes.

6.3 Legal and Regulatory Disclosures

We may disclose your personal data where we are legally required or permitted to do so, including: (a) in response to a court order, subpoena, or other lawful request from the DIFC Courts, UAE courts, or other judicial or regulatory authority; (b) to comply with AML, CTF, or sanctions obligations; (c) to protect the rights, property, or safety of Fliq, our Users, or the public; (d) to enforce our Terms of Service; or (e) in connection with a legal claim or proceeding.

6.4 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such transfer and ensure that the receiving entity is bound by obligations no less protective than those in this Policy.

Your personal data may be transferred to, stored in, and processed in jurisdictions outside the DIFC and the UAE, including by our service providers and infrastructure partners. Some of these jurisdictions may not provide the same level of data protection as the DIFC or the UAE.

Where we transfer your personal data outside the DIFC, we ensure that appropriate safeguards are in place in accordance with the DIFC DP Law, including:

• Transfers to jurisdictions recognised as providing adequate protection by the Commissioner of Data Protection
• Execution of standard contractual clauses or data processing agreements
• Reliance on binding corporate rules where applicable
• Obtaining your explicit consent to the transfer, where no other safeguard is available

Where the transfer involves personal data of individuals on the UAE mainland, we also comply with the cross-border transfer provisions of the PDPL, which require contractual protections ensuring the receiving party maintains an equivalent level of data protection.

You may request further information about the safeguards applied to international transfers of your data by contacting our DPO at dpo@fliq.ae

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable law. The retention periods we apply are determined based on the following criteria:

• Nature of Data: the nature and sensitivity of the data;
• Purpose of Processing: the purposes for which the data is processed;
• Legal Requirements: applicable legal, regulatory, tax, and accounting requirements;
• Legal Claims: the need to retain data for the establishment, exercise, or defence of legal claims; and
• Business Interests: our legitimate business interests, including fraud prevention and trust and safety.

The following general retention periods apply:

• Account Data: retained for the duration of your account and for 2 years following account closure or deletion
• Transaction and Payment Data: retained for 6 years from the date of the transaction, in accordance with UAE tax and commercial record-keeping requirements
• Identity Verification Data: retained for the minimum period required by applicable AML/KYC legislation, typically 5 years from the date of the last transaction
• Livestream Recordings: retained for up to 3 years, or until the relevant dispute is resolved, whichever is longer. When a seller's account is closed, livestream recordings relevant to unresolved disputes or compliance investigations will be retained until those matters are fully resolved.
• Usage and Analytics Data: retained for up to 24 months for analytics purposes; may be anonymised and retained indefinitely in aggregated form
• Customer Support Communications: retained for 12 months from the date of communication, or longer where necessary for dispute resolution or legal proceedings

Under the DIFC DP Law and applicable data protection legislation, you have the following rights in relation to your personal data:

• Right of Access: request a copy of the personal data we hold about you, along with information about how we process it
• Right to Rectification: request that we correct any inaccurate or incomplete personal data
• Right to Erasure: request that we delete your personal data in certain circumstances such as where it is no longer necessary for the purposes for which it was collected, or where you withdraw consent and no other legal basis applies
• Right to Restriction: request that we restrict the processing of your personal data in certain circumstances such as where you contest the accuracy of the data or object to processing based on legitimate interests
• Right to Data Portability: receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller where technically feasible.
• Right to Object: object to the processing of your personal data where processing is based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your rights.
• Right to Withdraw Consent: withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal
• Right Relating to Automated Decision-Making: not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you, unless the decision is necessary for a contract, authorised by law, or based on your explicit consent
• Right to Lodge a Complaint: with the DIFC Commissioner of Data Protection or, where applicable, the UAE Data Office

To exercise any of these rights, please contact us at privacy@fliq.ae or our DPO at dpo@fliq.ae. We will respond to your request within thirty (30) calendar days of receipt.

CONTACT: SEE SECTION 12 FOR PRIVACY ENQUIRY DETAILS

privacy@fliq.ae · dpo@fliq.ae

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, including:

• Encryption of personal data in transit (using TLS/SSL) and at rest
• Access controls and authentication mechanisms restricting access to authorised personnel on a need-to-know basis
• Regular security assessments, penetration testing, and vulnerability scanning
• Secure development practices and code review processes
• Incident response and data breach notification procedures
• Employee training on data protection and information security
• Contractual security requirements imposed on all third-party service providers
• physical security measures at our offices and data centres

While we strive to use commercially reasonable means to protect your personal data, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your data.

10.1 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the DIFC Commissioner of Data Protection (and/or the UAE Data Office, where applicable) without undue delay and, where feasible, within seventy-two (72) hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, providing information about the nature of the breach, the likely consequences, and the measures taken or proposed to mitigate the impact.

We use cookies and similar tracking technologies to collect information about your use of the Services, enhance your experience, and serve relevant content and advertisements.

Types of Cookies We Use

• Essential Cookies: necessary for the basic functioning of the Services. Cannot be disabled.
• Analytics and Performance Cookies: help us understand how you interact with the Services.
• Functional Cookies: remember your preferences, such as language settings and display options.
• Advertising and Targeting Cookies: used to deliver relevant advertisements and measure the effectiveness of advertising campaigns.

Do Not Track Signals

Our Platform does not currently respond to “Do Not Track” (DNT) signals sent by your browser. We will update this Policy if our practices change in the future.

The Services are not intended for individuals under the age of eighteen (18). We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take immediate steps to delete that data. See also Section 1.2 of the Fliq Terms of Service for age eligibility requirements. If you believe that we may have collected data from a child under 18, please contact us at privacy@fliq.ae.

The Services may contain links to third-party websites, applications, or services that are not operated or controlled by Fliq. This Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party services you access through the Platform. Fliq is not responsible for the privacy practices or content of any third-party services

Where you have opted in or where we are otherwise permitted to do so under applicable law, we may send you marketing and promotional communications by email, SMS, push notification, or in-app messaging. You can opt out at any time by: clicking the "unsubscribe" link in any marketing email; adjusting your notification preferences in the app settings; or contacting us at privacy@fliq.ae.

Even if you opt out of marketing communications, we may still send you non-promotional transactional communications like order confirmations, payment receipts, shipping updates, security alerts, and legal notices.

We may use automated processes and profiling in certain aspects of the Services, including:

• fraud detection and prevention, where automated systems analyze Transaction patterns and behavior to identify potentially fraudulent activity;
• content moderation, where automated tools help identify Content that may violate our Community Guidelines;
• personalized recommendations, where algorithms suggest products, Sellers, and Livestreams based on your browsing and purchase history; and
• trust and safety scoring, where automated assessments help determine the risk profile of Users and Transactions.

Where automated decision-making produces legal effects or similarly significantly affects you, you have the right to request human review of the decision, express your views, and contest the outcome. To exercise this right, contact us at privacy@fliq.ae

Given the unique nature of live commerce, the following specific practices apply to Livestream data:

• Livestream Recordings: Livestream video and audio is transmitted in real time and may be recorded and stored by Fliq for transaction verification, dispute resolution, content moderation, and regulatory compliance. Recordings are retained in accordance with the retention periods described in Section 8.
• Live Chat and Interactions: Messages, bids, comments, and reactions submitted during Livestreams are stored and associated with your Account. This information may be visible to other Users and may be used for moderation and analytics purposes.
• Seller Disclosures During Livestreams: Sellers conducting Livestreams may share personal data during their broadcasts (e.g., showing product labels, mentioning locations). Sellers are responsible for ensuring that any personal data disclosed during Livestreams is shared in compliance with applicable data protection law.
• Viewership Analytics: We collect data on Livestream viewership, engagement, bidding patterns, and conversion rates for analytics and Platform improvement. This data is used in aggregated and anonymized form where possible.

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, applicable law, or for other operational or legal reasons. When we make material changes, we will: (a) update the “Last Updated” date at the top of this Policy; (b) post the revised Policy on the Platform; and (c) notify you through the app, by email, or by other appropriate means.

We encourage you to review this Policy periodically. Your continued use of the Services after any changes to this Policy constitutes your acceptance of the updated terms. If you do not agree with the revised Policy, you should discontinue use of the Services and close your Account.

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

Fliq Technologies Ltd.

Registered in the Dubai International Financial Centre (DIFC)

Dubai, United Arab Emirates

• General Privacy Enquiries: privacy@fliq.ae
• Data Protection Officer (DPO): dpo@fliq.ae
• Customer Support: support@gofliq.ae
• Legal: legal@gofliq.ae

To lodge a complaint with the data protection authority:

DIFC: DIFC Commissioner of Data Protection - https://www.difc.ae/business/operating/data-protection/

UAE Federal: UAE Data Office, established under Federal Decree-Law No. 44 of 2021