Back to Privacy Policy
Privacy Policy/UAE Addendum

UAE Privacy Addendum

Specific provisions for UAE Open Banking users

For Users with UAE Bank Connections

This addendum applies when you connect a UAE bank account through Lean (our Open Banking partner). It explains additional data handling requirements specific to UAE regulations.

UAE Personal Data Protection Law (PDPL)

We comply with UAE Federal Decree-Law No. 45 of 2021 regarding the Protection of Personal Data. This includes:

Lawful Basis for Processing

Data TypeLawful Basis
Account & profile dataContract performance
Transaction dataContract performance
Analytics & insightsLegitimate interest
AML retentionLegal obligation

Your Rights Under UAE PDPL

  • Right to Access: Request a copy of your data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Delete your data (subject to retention requirements)
  • Right to Data Portability: Export your data
  • Right to Withdraw Consent: Revoke consent at any time
  • Right to Object: Object to certain processing activities

Data Localization

Your UAE financial data is stored in data centers located in the UAE:

  • Primary Database: Azure UAE North region
  • Backups: UAE region only
  • No Cross-Border Transfer: Raw financial data is not transferred outside UAE

5-Year Data Retention (AML Requirement)

Important Legal Requirement

UAE Anti-Money Laundering regulations require financial service providers to retain transaction records for 5 years. This applies to your UAE bank transaction data.

What This Means For You

If you delete your Wealthi account while having UAE bank connections:

Deleted Immediately

  • Your profile and account
  • Bank connections
  • Account balances
  • Non-UAE transactions
  • Assets and liabilities
  • Budgets and preferences
  • Chat history

Retained for 5 Years

  • UAE bank transactions (anonymized)
  • Transaction amounts
  • Transaction dates
  • Merchant information
  • Transaction descriptions

How We Anonymize Retained Data

When you delete your account, UAE transaction data is anonymized:

  1. Your user ID is replaced with a one-way cryptographic hash
  2. Your email and personal details are removed
  3. Only transaction data required for AML compliance is kept
  4. A secure mapping is stored separately for regulatory requests only

After 5 years from the date of account deletion, all retained data is permanently deleted.

Open Banking Compliance

We connect to UAE banks through Lean, a regulated Open Banking provider licensed by:

  • Financial Services Regulatory Authority (FSRA) - Abu Dhabi
  • Central Bank of UAE (CBUAE)

How Open Banking Works

  1. You authenticate directly with your bank through Lean's secure interface
  2. Your bank credentials are never shared with Wealthi
  3. Lean retrieves your account and transaction data with your consent
  4. Data is transmitted securely to Wealthi over encrypted channels

UAE Data Processing Consent

When you connect a UAE bank account, you will be asked to provide explicit consent for:

  • Collection and processing of your UAE bank transaction data
  • Storage of data in UAE data centers
  • 5-year retention of anonymized transaction data for AML compliance
  • Use of data for personal financial insights

You can withdraw consent at any time by disconnecting your UAE bank account. However, note that previously collected data may still be subject to the 5-year AML retention requirement.

Questions?

For questions about UAE data handling, contact our Data Protection team at privacy@wealthi.app

Privacy PolicyTerms of Service