Privacy Policy

This Privacy Policy explains how Sinder Fintech Computer Systems & Communication Equipment Software Design L.L.C ("Sinder", "we", "us" or "our") collects, uses,

Version 1.0.0 · Effective 2026-06-15

Last updated: 15 June 2026

This Privacy Policy explains how Sinder Fintech Computer Systems & Communication Equipment Software Design L.L.C ("Sinder", "we", "us" or "our") collects, uses, shares and protects personal data when you use the Sinder mobile application, website and related services (together, the "Sinder App" or "Services").

In this Privacy Policy, "we", "us" and "our" mean Sinder as operator of the Sinder App and technology interface.

1. Who we are and how to contact us

Sinder Fintech Computer Systems & Communication Equipment Software Design L.L.C is a company incorporated under the laws of the United Arab Emirates, company number 1414902, with its registered office at:

Sinder Fintech Computer Systems & Communication Equipment Software Design L.L.C
31 Maktabik Business Centre, SONY Building, Al Raffa, Dubai,
PO Box 45978, United Arab Emirates

For privacy questions, contact:

Email: privacy@sinder.ae

You may also contact support@sinder.ae for general support.

2. Scope

This Privacy Policy applies to personal data we collect when you:

• use the Sinder App or website;
• join our waitlist or sign up for a Sinder account;
• apply for or use products available through the Sinder App, including the Sinder Travel Card and associated account interface;
• communicate with us through email, in-app chat, social media or support channels; or
• participate in marketing campaigns, beta programmes, benefits, events or referrals.

It does not cover third-party websites, apps or services that you access through links from the Sinder App.

Partners may process data as independent controllers or service providers depending on their role and applicable law.

3. Personal data we collect

The personal data we collect depends on how you interact with us and which features or products you use.

3.1 Information you provide

We may collect:

• identification data, such as full name, date of birth, nationality, gender, Emirates ID details and passport details where required;
• contact details, such as mobile number, email address, residential address and mailing address;
• account information, such as username, profile photo, language preferences and marketing preferences;
• KYC and compliance information, such as source of funds, employment status, occupation, income range, tax residency and declarations required by law;
• support and communication data, such as emails, in-app chats, recordings or notes from support interactions, survey responses, feedback and complaints; and
• referral or ambassador data, where permitted and lawful.

3.2 UAE PASS and identity provider data

If you onboard or log in using UAE PASS or another identity provider, we may receive identity, contact, document and verified attribute data authorised by you, including name, date of birth, Emirates ID, mobile number, email address, address, nationality, gender and other KYC attributes.

We use this data to pre-fill your Sinder profile, verify your identity, perform KYC checks and support account/card opening, servicing, monitoring and compliance.

Relevant UAE PASS and KYC data may be shared with Ruya Community Islamic Bank LLC ("ruya") for account/card opening, KYC/AML checks, ongoing servicing, transaction monitoring, fraud prevention and regulatory compliance.

3.3 Partner and transaction data

We may receive data from or share data with partners involved in products you access through the Sinder App.

ruya, as regulated banking partner, issuing bank and account provider

• account identifiers and account status;
• masked Card details, card type and token identifiers;
• transaction metadata, such as merchant name, country, MCC, currency, amount, date and time;
• balances and account information available through the product integration;
• KYC, AML/CFT, sanctions, risk, fraud and monitoring data; and
• dispute, complaint and support information.

Network International and Mastercard

• transaction authorisation, processing and settlement data;
• dispute and chargeback data;
• card tokenisation, scheme compliance and fraud monitoring information.

KYC, AML/CFT, fraud and security providers

• identity verification results;
• sanctions and politically exposed person screening results;
• device, behavioural and risk signals; and
• fraud or misuse alerts.

3.4 Device, app and analytics data

We may automatically collect:

• device type, model, operating system and version;
• device identifiers, advertising IDs where permitted, push tokens and app version;
• language settings, time zone, IP address and approximate location;
• log data, such as login times, screens viewed, clicks, errors and performance metrics; and
• cookie, SDK and similar technology data for web-based parts of the Services.

4. Why we use personal data

We use personal data to:

• create and manage your Sinder account;
• verify identity and eligibility;
• provide the Sinder App and technology interface;
• enable you to view and manage the ruya-issued account and Card through the Sinder App;
• display transaction history, balances, card controls, FX information, fees, benefits and support information;
• facilitate onboarding to products provided by ruya and other partners;
• provide customer support and complaint handling;
• perform KYC, AML/CFT, sanctions, fraud prevention, transaction monitoring and security checks;
• comply with legal, regulatory, audit and reporting obligations;
• improve, test and develop the Sinder App;
• send service, transactional and security communications;
• send marketing communications where lawful and in line with your preferences; and
• enforce our Terms of Use and Product Terms.

Where possible, we use aggregated or de-identified data for analytics and improvement.

5. Legal bases

Depending on your location and applicable law, we may rely on:

• contract performance, including to create your account and provide app functionality;
• compliance with legal obligations, including AML/CFT, sanctions, consumer protection, recordkeeping and reporting obligations;
• legitimate interests, including improving Services, preventing fraud, securing systems and defending legal claims; and
• consent, including for certain marketing, identity, tracking or optional data-sharing activities.

Where we rely on consent, you may withdraw it at any time. Withdrawal does not affect processing already carried out or processing required by law or regulation.

6. How we share personal data

We do not sell personal data. We may share personal data with:

• ruya, for account/card opening, KYC/AML checks, servicing, account display, transaction monitoring, fraud prevention, disputes, complaints, audits and regulatory requests;
• Network International and Mastercard, for card issuing support, transaction processing, settlement, tokenisation, dispute handling, fraud monitoring and card scheme compliance;
• KYC, AML/CFT, sanctions, fraud and security providers;
• cloud hosting, data storage, IT, analytics, customer support, CRM, marketing and communication vendors;
• payment processors and financial institutions involved in transactions;
• professional advisers, auditors, insurers and corporate transaction parties where needed;
• regulators, law enforcement, courts and authorities where required or permitted by law; and
• third parties where you direct us, consent or applicable law permits.

Partners may process data as independent controllers or service providers depending on their role and applicable law.

7. International transfers

We are based in the UAE, but some partners and service providers may be located in other countries. Where personal data is transferred internationally, we take appropriate measures to protect it in accordance with applicable legal requirements.

8. How long we keep personal data

We keep personal data only for as long as needed for the purposes described in this Privacy Policy, including:

• while you have an active Sinder account;
• while needed to provide products and Services;
• as required by AML/CFT, financial services, tax, accounting, consumer protection or other applicable laws;
• as needed to resolve disputes, handle complaints, enforce agreements and protect our rights.

When data is no longer needed, we securely delete, anonymise or retain it only where legally required or permitted.

9. Your rights and choices

Your rights depend on applicable law, but may include rights to access, correct, delete, restrict, object to processing, receive a portable copy of data, withdraw consent and complain to an authority.

Some rights may be limited where data must be retained or processed for legal, regulatory, AML/CFT, fraud prevention, dispute-resolution, accounting or security reasons.

To exercise rights, contact privacy@sinder.ae. We may need to verify your identity before responding.

Requests relating to ruya-controlled banking records may be routed to or coordinated with ruya as issuer/account provider.

10. Marketing preferences

You can opt out of marketing communications by using unsubscribe links, adjusting settings in the Sinder App where available or contacting privacy@sinder.ae.

Opting out of marketing does not affect service, security, legal or transactional communications.

11. UAE PASS and digital identity providers

When you use UAE PASS or another digital identity provider with the Sinder App:

• we receive identity and contact data authorised by you;
• we use the data for onboarding, KYC checks, profile pre-fill, servicing and compliance;
• we may share relevant UAE PASS and KYC data with ruya for account/card opening, KYC/AML checks, ongoing servicing, fraud prevention, transaction monitoring and regulatory compliance; and
• UAE PASS remains responsible for UAE PASS services and credentials.

You can manage your UAE PASS profile and consents within UAE PASS. If you need to correct Sinder profile information obtained from UAE PASS, you may need to update it in both UAE PASS and the Sinder App.

12. Cookies, SDKs and tracking technologies

On our website and within web-based parts of the Sinder App, we and our providers may use cookies, SDKs and similar technologies to keep you logged in, remember settings, understand usage, measure performance, support marketing attribution and help prevent fraud.

You can control cookies through your browser settings and some SDK or tracking choices through device settings. Some features may not work properly if certain technologies are disabled.

13. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or destruction. These may include encryption, access controls, secure development practices, monitoring, testing and staff training.

No method of transmission or storage is completely secure. You are responsible for keeping your device and login credentials secure and notifying us promptly if you suspect unauthorised access.

14. Children

The Sinder App is not intended for children under 18. We do not knowingly collect personal data from children under 18.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where appropriate, notify you through the Sinder App, email or another reasonable channel.

16. Contact and complaints

For questions, concerns or complaints about this Privacy Policy or how we handle personal data, contact:

Email: privacy@sinder.ae

Address: Sinder Fintech Computer Systems & Communication Equipment Software Design L.L.C, 31 Maktabik Business Centre, SONY Building, Al Raffa, Dubai, PO Box 45978, United Arab Emirates

If you are not satisfied with our response, you may have the right to complain to a relevant data protection or regulatory authority, where applicable.