Privacy Policy

Last Updated: 09/01/2026

At SMART STACK, including its subsidiaries and/or affiliates (hereinafter referred to as “we,” “our,” “us,” or “Smart Stack”), we are committed to safeguarding the privacy and security of our clients’ and website visitors’ personal data (“User,” “Customer,” “you,” “your”). We are committed to transparency and to ensuring that you understand how your personal data is collected, used, and protected, as well as the rights available to you under applicable law.

When you interact with us through any of our channels, we may collect certain information about you. Where such information can be used to identify you directly or indirectly, it constitutes “personal data” or “personal information”. We process personal data in accordance with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data of the United Arab Emirates (“PDPL”), its Executive Regulations, where applicable, and other applicable data protection laws and regulations, including those governing cross-border data transfers.

1. WHO WE ARE

For the purposes of the PDPL and other applicable data protection laws, Smart Stack is the Data Controller and is responsible for determining the purposes and means of processing your personal data.

This Privacy Policy, together with our terms of engagement, explains how we collect, use, store, share, and protect your personal data, and outlines your rights in relation to such data when you engage our accounting, bookkeeping, tax processing, or financial audit services, visit our website (https://sstackaccounting.com/), or otherwise interact with us.

We may also collect personal data from third parties, as further described below. By accessing our website or engaging us for services, you acknowledge that you have read and understood this Privacy Policy.

For avoidance of doubt, any engagement for services shall be subject to a separate written quotation, engagement letter, scope of work, invoice, or service contract, as applicable

2. WHAT PERSONAL DATA DO WE COLLECT

We collect different categories of personal data depending on the nature of our relationship with you. This may include, but is not limited to:

1. Identity Data: Name, date of birth, nationality, passport or national ID details, residency or visa information.
2. Contact Data: Residential or business address, email address, telephone numbers.
3. Financial Data: Bank account details, payment card details, accounting records, financial statements, tax-related information, billing and payment history.
4. Professional Data: Occupation, employer, job title, professional qualifications, and business contact details.
5. Business and Accounting Data: Accounting records, bookkeeping entries, invoices, supporting financial documentation, audit materials, VAT and Corporate Tax records, and compliance-related information necessary for the provision of our services.
6. Technical Data: Internet Protocol (IP) address, browser type and version, time zone settings, approximate location, operating system, device type, and other technology identifiers used to access our website.
7. Usage Data: Information about how you use our website, platforms, and services.
8. Marketing and Communications Data: Preferences in receiving communications from us and records of your interactions with us.

We collect personal data directly from you, from publicly available sources, and from third parties (such as tax authorities, banks, auditors, regulators, or service providers) where necessary for the provision of our services or as permitted by applicable law.

Given the nature of Smart Stack services, certain personal data may also be included in invoices, payroll records, employment records, tax filings, government portal submissions, and related compliance documentation provided by the client.

3. HOW WE COLLECT YOUR PERSONAL DATA

1. Information you provide:
   When you visit our website or utilize the “Contact Us” feature through interactive elements, online forms, email, or other communication methods, you voluntarily provide us with personal information such as your name, email address, phone number, and any other details you choose to share.
   We collect the information you submit when completing surveys, questionnaires, or forms. If you are a current or prospective client seeking our services, we may gather identity, contact, financial, professional, and business-related data as required for the specific accounting, tax, or audit services.
2. Information we collect from third parties:
   We may collect personal data about you from third parties, in accordance with the law and where relevant to the services we provide or our legitimate business operations. These sources include banks, tax authorities, auditors, regulators, professional advisors, accounting platforms, and other entities connected to your financial or compliance requirements.
3. Information we collect automatically:
   When you visit or interact with our website or digital platforms, we may automatically collect certain technical data, including device identifiers, IP address, browser and operating system information, usage patterns, referring URLs, and cookies. This information helps us understand how our website is used and enables us to improve functionality, performance, and security.

4. HOW AND WHY DO WE USE YOUR PERSONAL DATA

We collect and process personal data only for specific, explicit, and legitimate purposes, and only where we have a lawful basis under applicable data protection laws. These purposes and legal bases include the following:

1. Where we have your consent:
   Where required by law, we process personal data based on your consent, including when you submit information through our website, subscribe to communications, or otherwise provide explicit permission for specific processing activities. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
2. To perform a contract:
   We process personal data where necessary to perform our contractual obligations to you or to take steps at your request prior to entering into a contract. This includes onboarding, service delivery (accounting, bookkeeping, tax processing, reporting, audits), billing, payment processing, and communications relating to your engagement.
3. To comply with legal and regulatory obligations:
    including VAT, Corporate Tax, accounting, auditing, AML, KYC, and regulatory compliance obligations
4. We process personal data to comply with applicable UAE laws and regulatory obligations, including compliance requirements related to financial reporting, taxation, Corporate Tax, VAT, audit requirements, regulatory compliance, and record-keeping obligations, as well as applicable AML/KYC obligations where required.For legal claims and vital interests

We may process personal data where necessary to establish, exercise, or defend legal claims, respond to lawful requests by competent authorities, or where processing is required to protect the vital interests of you or another individual in exceptional circumstances.

1. Personal data collected for specific purposes will not be further processed in a manner incompatible with those purposes, except as permitted or required by law.
2. For legitimate business purposes
3. Where permitted under applicable law, we may process personal data for legitimate business purposes, such as improving our internal processes, maintaining service quality, ensuring cybersecurity, preventing fraud, and handling complaints and disputes, provided such processing does not override your rights and interests.

5. HOW WE SHARE YOUR PERSONAL DATA

We disclose personal data only where necessary and in accordance with applicable law, including to:

1. Our Employees
2. Service Providers
3. Auditors, tax authorities, and regulators
4. Government and Regulatory Authorities
5. Courts and Tribunals
6. Business Transfers

We ensure that all third parties are contractually obligated to protect your data in accordance with applicable data protection laws.

Smart Stack treats business and accounting records as confidential and will not disclose such records except as required for service delivery, under client instruction/authority, or where disclosure is required by applicable law or lawful request of a competent authority.

6. USE OF COOKIES AND THIRD-PARTY LINKS

We may employ session and persistent cookies and similar technologies. We utilize third-party tracking services such as Google Analytics and Google Tag Manager.

Our website may provide links to third-party websites. We do not control those sites or their privacy practices and disclaim liability for them.

Strictly necessary cookies may be used by default. Non-essential cookies (including analytics cookies) will be deployed only where legally permitted and, where required, only after obtaining your explicit consent through a cookie banner / cookie preference tool. Continued browsing alone shall not constitute consent for non-essential cookies where applicable law requires explicit consent.

We encourage you to review our Cookie Policy for further details on cookie categories, purposes, retention, and withdrawal of consent mechanisms.

7. INTERNATIONAL DATA TRANSFERS

We may transfer personal data outside the UAE where required for service delivery or through cloud-based accounting and storage platforms. Transfers are carried out in accordance with the PDPL and appropriate safeguards.

Where an international transfer is made, Smart Stack implements reasonable safeguards (such as contractual clauses and security controls) to ensure that personal data receives an adequate level of protection as required under applicable law.

8. HOW LONG DO WE KEEP YOUR PERSONAL DATA

We retain personal data only for as long as necessary to meet contractual, legal, regulatory, and professional obligations. Once no longer required, data is securely destroyed or anonymized.

Retention periods may vary depending on the nature of the engagement, applicable UAE tax and financial record retention requirements, regulatory obligations, and potential legal claims.

9. YOUR RIGHTS AND CHOICES

You have rights of access, correction, objection, restriction, portability, erasure, complaint, and withdrawal of consent, subject to applicable law.

Your rights may be subject to limitations where processing is required for compliance with legal obligations, regulatory requirements, protection of legal claims, fraud prevention, cybersecurity, or other lawful grounds under applicable law.

10. HOW DO WE KEEP YOUR INFORMATION SAFE?

We implement robust technical and organizational security measures, including encryption, access controls, secure cloud infrastructure, and staff training.

We take additional precautions appropriate for accounting and financial information, including strict access limitation on a need-to-know basis and secure storage and transmission of client records.

11. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. Continued use constitutes acceptance.

12. CONTACT US

SMART STACK – Data Protection OfficerName: Ahmed Elshnawy

Email: [email protected]

Address: BC 856460 26^th Floor Amber  Gem Tower Ajman.

References to “Data Protection Officer” shall be interpreted as the designated data protection contact/person responsible for privacy matters and do not imply statutory appointment unless required under applicable law.

You also have the right to lodge a complaint with the relevant supervisory authority in the UAE.