Legal

Privacy Policy.

Last updated: 2 June 2026

Service
QoRe (qorepay.app)
Operated by
Amity and Co L.L.C-FZ ("Amity and Co", "QoRe", "we", "us", "our")
Licence No.
2532998.01
Registered address
Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates
Contact
hello@qorepay.app

1. Introduction

This Privacy Policy explains how we collect, use, disclose, transfer, retain, and protect personal data when you visit qorepay.app (the “Website”), enquire about or use the QoRe service, or otherwise interact with us. It also describes the rights available to you under the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”) and its Executive Regulations, together with any other applicable data protection laws of the United Arab Emirates.

We act as the controller of the personal data described in this policy, except where we process personal data on behalf of a merchant, in which case the merchant is the controller and we act as a processor (see Section 7).

2. Scope

This policy applies to:

It does not apply to the independent privacy practices of third parties, including our payment service providers and any website you reach through a link from ours.

3. Personal data we collect

3.1 Information you provide

When you complete our pilot sign-up form, email us, or otherwise contact us, we collect the information you submit. This typically includes your name, business name, business type, WhatsApp/telephone number, and email address, together with the content of your message.

3.2 Information about payers

When a payer makes a payment through QoRe, we may process limited transaction information such as the amount, currency, order reference, date and time, payment status, and a masked/tokenised reference returned by the payment service provider. The merchant determines what information is requested at the point of payment.

3.3 Payment and card data

Card and payment-instrument details are collected and processed directly by the licensed payment service provider (for example, Stripe). Each Merchant connects its own PSP account, and funds are settled by the PSP directly to that Merchant; QoRe does not hold funds and does not receive, see, or store full card numbers, CVV codes, or other sensitive authentication data. We receive only transaction metadata (such as amount, status, and a tokenised reference). Card processing is performed in a PCI-DSS compliant environment operated by the PSP.

3.4 Information collected automatically

When you use the Website we may automatically collect technical information through server-side request logs, including your IP address, device and browser type, operating system, referring page, the pages you view, and the date and time of access. We use this information for security, diagnostics, and to operate and improve the Website. We do not set advertising or cross-site tracking cookies on this Website.

4. How we use personal data

We use personal data for the following purposes:

5. Legal bases for processing

Consistent with the PDPL, we process personal data where one or more of the following applies: you have given your consent; processing is necessary to perform a contract with you or to take steps at your request before entering into a contract; processing is necessary to comply with a legal obligation; processing is necessary to protect vital interests; or processing is necessary for our legitimate interests (such as securing and improving our service), provided those interests are not overridden by your rights and freedoms. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out beforehand.

6. Cookies and similar technologies

This marketing Website relies on server-side logs and does not use advertising or analytics cookies. Strictly necessary technical storage may be used to deliver the Website. If we introduce optional analytics or other non-essential technologies in future, we will update this policy and, where required, request your consent.

7. How we share personal data

We do not sell your personal data. We share it only as follows:

Where we act as a processor for a merchant, we process payer personal data only on documented instructions from that merchant and in accordance with our agreement with them.

8. International transfers

Some of our service providers process personal data outside the UAE. Where personal data is transferred to a jurisdiction that does not provide an adequate level of protection under the PDPL, we put in place appropriate safeguards (such as contractual data protection commitments) and rely on the transfer conditions permitted by the PDPL and its Executive Regulations. You may contact us for further information about these safeguards.

9. Data retention

We keep personal data only for as long as necessary for the purposes set out in this policy. Enquiry and pilot information is generally retained for the duration of our relationship and for a reasonable period thereafter for record-keeping and legitimate business purposes. Transaction records are retained for the periods required by applicable tax, accounting, and anti-money-laundering laws. We will delete or anonymise personal data when it is no longer required, unless a longer retention period is required by law.

10. Information security

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, and unauthorised access or disclosure. These include encryption in transit, access controls, and the use of PCI-DSS compliant providers for card processing. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Your rights

Subject to the PDPL and any applicable exemptions, you have the right to:

12. How to exercise your rights and complaints

To exercise any of these rights, email hello@qorepay.app. We may ask you to verify your identity before responding and will respond within the timeframes required by law. If you believe your data protection rights have been infringed, you may also contact the UAE Data Office, the federal authority responsible for personal data protection.

13. Children

The QoRe service and Website are intended for businesses and adults. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to delete it.

14. Third-party links and services

The Website and payment flows may link to or rely on third-party services. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy notices.

15. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top indicates when it was last revised. Material changes will be notified through the Website or by other appropriate means. Your continued use of the Website or the service after an update constitutes acceptance of the revised policy.

16. Contact us

Questions, requests, or complaints about this policy or our handling of personal data can be sent to hello@qorepay.app, or by post to Amity and Co L.L.C-FZ, Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates.