PRIVACY POLICY

Effective Date: July 2, 2026 

Last Updated: July 2, 2026 

Our Privacy Commitment 

  • We will be transparent about what data we collect, why we collect it, and how we use it. 

  • We will only use your personal data to provide our Services, for legitimate business purposes, to fulfil legal obligations, and where you have given us consent. 

  • We will never sell or rent your personal data to third parties. 

  • We will keep your personal information secure using appropriate technical and organisational measures. 

  • We will respect your rights to access, correct, and control the personal information you share with us. 
     

Table of Contents 

1. Who We Are 

2. Scope and Application 

3. Definitions 

4. Information We Collect 

5. Legal Basis for Processing 

6. How We Use Your Information 

7. Sharing of Information 

8. International Data Transfers 

9. Data Retention 

10. Cookies and Tracking Technologies 

11. Application Permissions 

12. Automated Decision-Making 

13. Data Security 

14. Children's Privacy 

15. Your Rights as a Data Subject 

16. Third-Party Services and Links 

17. Marketing Communications 

18. Changes to This Privacy Policy 

19. Contact Information 

Annex A. Application-Specific Supplement 
 

1. Who We Are 

TraceCORE Software and Technology Development LLC ("TraceCORE", "Company", "we", "us", or "our") is a limited liability company registered in the United Arab Emirates. 

We operate a portfolio of digital products, which may include: 

  • A website located at: https://tracecore.solutions/ 

  • One or more mobile and/or web applications (each an "Application", collectively the "Applications") that we develop, publish, or operate from time to time. 

(Together, our website, our Applications, and all related digital products and services are referred to as the "Services".) 

This Privacy Policy is designed to apply generally across all Services we operate now or may introduce in the future. Where an Application collects or uses personal data in a way that is specific to that Application, those details are set out in Annex A (Application-Specific Supplement), which forms part of this Privacy Policy and is updated as we add or change Applications. 

For the purposes of applicable data protection law, TraceCORE acts as the data controller of your personal data processed through the Services, unless otherwise stated in this Privacy Policy. 
 

2. Scope and Application 

This Privacy Policy applies to all individuals who interact with our Services, including: 

  • Visitors to our website(s) and digital platforms; 

  • Registered users of any of our Applications; 

  • Individuals who contact us through our support channels, contact forms, or other means of communication. 

This Policy applies globally. TraceCORE is based in the United Arab Emirates and complies with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE PDPL") as the primary applicable law. 

For users located in other jurisdictions - including Bosnia and Herzegovina ("BiH"), countries within the European Economic Area ("EEA"), or other regions with their own data protection legislation - we acknowledge and seek to comply with those applicable local requirements to the extent they apply to our processing activities. 

If you do not agree with this Privacy Policy, please do not access or use our Services. 
 

3. Definitions 

For the purposes of this Privacy Policy, the following definitions apply: 

Term 

Definition 

Personal Data 

Any information relating to an identified or identifiable natural person. 

Processing 

Any operation performed on personal data, including collection, recording, storage, use, disclosure, transmission, or deletion. 

Data Controller 

The party that determines the purposes and means of processing personal data. TraceCORE acts as data controller for personal data collected through our Services. 

Data Processor 

A party that processes personal data on behalf of, and under the instructions of, a data controller. 

Data Subject 

Any identified or identifiable natural person whose personal data is processed. 

Sensitive Personal Data 

Personal data revealing racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data processed for identification purposes, health data, or data concerning sexual orientation. We do not knowingly collect Sensitive Personal Data. 

Application 

Any mobile or web application developed, published, or operated by TraceCORE, whether now existing or introduced in the future, as identified in Annex A. 

Services 

Our website, our Applications, and all related digital products and services operated by TraceCORE. 

Partner Platform 

A third-party platform, aggregator, or service that integrates with one or more of our Applications to share relevant data, as further described for each Application in Annex A. 

UAE PDPL 

UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. 


4. Information We Collect 

The personal data we collect depends on how you interact with our Services and which Application(s) you use. We collect only what is necessary for the stated purposes. 

4.1 Information You Provide Directly 

When you register for an account, use our Services, or contact us, we may collect: 

  • Full name 

  • Email address 

  • Phone number 

  • Taxpayer Identification Number (TIN) or equivalent national tax/identification number, where relevant to a specific Application 

  • Company or business registration information (where applicable) 

  • Address (residential or business, where provided) 

  • Account credentials (username and password) 

  • Any information submitted through forms, registrations, contact requests, or support communications 

4.2 Information Collected Automatically 

When you access our website or use our Applications, we automatically collect certain technical data, including: 

  • Device model and operating system 

  • Browser type, version, and language settings 

  • IP address 

  • Mobile identifiers (such as device ID, where permitted by applicable law) 

  • Application version number 

  • Log data (including access times, pages visited, actions performed, session duration, and error reports) 

  • Usage analytics and navigation behaviour 

4.3 Application-Specific Data 

Depending on which Application(s) you use, we may collect additional categories of personal data that are necessary to provide that Application's particular features and functionality — for example, financial, transactional, location, or activity data relevant to that Application's purpose. 

The specific categories of Application-specific data we collect, and the purposes for which we collect them, are set out for each Application in Annex A (Application-Specific Supplement). This structure allows us to add new Applications, or update the data practices of an existing Application, without changing the core commitments in this Privacy Policy. 

4.4 Information Received from Third Parties 

We may receive information about you from third-party sources, which we combine with data collected directly: 

  • Partner Platforms connected to a specific Application (see Annex A), used to verify completed transactions or activity relevant to that Application 

  • Payment service providers (for processing payments or payouts, where an Application offers this functionality) 

  • Publicly available sources or government databases (where legally permitted, for identity or tax verification) 
     

5. Legal Basis for Processing 

We process your personal data only where we have a lawful basis to do so. Under the UAE PDPL and other applicable data protection laws, our lawful bases are: 

  • Performance of a contract - processing necessary to provide our Services or fulfil our contractual obligations to you; 

  • Legal obligation - processing required to comply with applicable laws, tax obligations, or regulatory requirements; 

  • Legitimate interests - processing necessary for our genuine business interests or those of a third party, where those interests are not overridden by your rights and freedoms; 

  • Consent - where you have given us clear, freely-given consent to process your data for a specific purpose. 

The table below sets out the specific legal basis we rely upon for our key processing activities: 

Processing Activity 

Data Categories 

Legal Basis 

Account registration and management 

Name, email, phone, password 

Performance of contract; Consent; Legal obligation 

Providing and operating our Applications 

Application-specific data (see Annex A) 

Performance of contract; Legal obligation; Consent 

Customer support and service communications 

Name, contact details, correspondence 

Performance of contract; Legitimate interests 

Fulfilling Application-specific regulatory or compliance functions (e.g., tax calculation, where applicable) 

TIN, financial/activity data (see Annex A) 

Legal obligation; Performance of contract 

Verifying data with Partner Platforms 

Application-specific activity data (see Annex A) 

Performance of contract; Legitimate interests 

Sharing data with competent authorities or regulators 

Relevant data as required by law 

Legal obligation 

Analytics and service improvement 

Usage data, log data (anonymised or pseudonymised) 

Legitimate interests 

Security, fraud prevention, and system integrity 

IP address, device data, usage data 

Legitimate interests; Legal obligation 

Sending marketing communications 

Name, email address 

Consent 

Non-essential cookies and tracking technologies 

Browsing and usage data 

Consent 

Cross-border data transfers (where consent required) 

Any relevant personal data 

Consent; Adequate safeguards 

Responding to legal requests or court orders 

Any relevant personal data 

Legal obligation 

Where we rely on legitimate interests, we have assessed that those interests are not outweighed by your rights and freedoms. You may object to processing on this basis at any time (see Section 15 – Your Rights). 

Where we rely on consent, you have the right to withdraw consent at any time without affecting the lawfulness of prior processing.
 

6. How We Use Your Information 

We use your personal data for the following purposes: 

6.1 General Services 

  • To create, maintain, and manage your account 

  • To operate, maintain, and improve our website and digital Services 

  • To provide customer support and respond to enquiries and service requests 

  • To analyse usage patterns and improve the user experience 

  • To detect, investigate, and prevent fraud, security incidents, and unauthorised access 

  • To comply with applicable legal, regulatory, and tax obligations 

  • To enforce our Terms and Conditions and other applicable policies 

6.2 Application-Specific Purposes 

Each Application may use your personal data to deliver its own specific features. In general, this may include purposes such as: 

  • To provide the core features and functionality of the Application(s) you use, as described in Annex A 

  • To generate, store, and provide access to Application-generated records or documents (e.g., statements, receipts, reports), where applicable 

  • To verify data with Partner Platforms connected to a specific Application 

  • To process transactions or payouts via integrated payment service providers, where an Application offers this functionality 

Annex A sets out the specific Application-level purposes that apply to each Application we operate. 

6.3 Communications 

  • To send administrative, security-related, and service notifications 

  • To send marketing communications, where you have provided explicit consent 

  • To send push notifications relevant to your use of a specific Application (e.g., reminders, alerts, and updates), subject to your device settings and preferences 

We will not use your personal data for purposes that are materially different from those set out in this Privacy Policy without notifying you and, where required, obtaining your consent. 
 

7. Sharing of Information 

7.1 We Do Not Sell Your Personal Data 

TraceCORE does not sell, rent, or trade your personal data to third parties for commercial or marketing purposes. We share your data only as described in this section. 

7.2 Authorised Third-Party Sharing 

We may share personal data with the following categories of recipients, strictly as necessary and under appropriate contractual and data protection safeguards: 

Recipient Category 

Purpose 

Safeguards 

IT infrastructure, hosting & cloud storage providers 

To support the operation and delivery of our Services 

Data processing agreements; contractual obligations 

Analytics providers 

To understand and improve Service usage (data pseudonymised or anonymised where possible) 

Data processing agreements 

Customer support providers 

To assist in resolving user enquiries and complaints 

Confidentiality obligations; data processing agreements 

Payment service providers 

To process payments or payouts for users of Applications that offer payment functionality 

PCI-DSS compliance; data processing agreements 

Partner Platforms and aggregators 

To verify completed transactions and activity data relevant to a specific Application (see Annex A) 

Data sharing agreements; contractual obligations 

Tax authorities and government regulators 

Where required by applicable law, including for Application-specific compliance and reporting 

Legal obligation 

Legal and compliance advisors 

To protect our legal rights and comply with legal obligations 

Professional confidentiality obligations 

Law enforcement / government authorities 

Where required by a valid legal request, court order, or applicable regulation 

Strict review and validation before disclosure 

7.3 Business Transfers 

In the event of a merger, acquisition, reorganisation, or sale of all or part of our business or assets, your personal data may be transferred to the relevant third party. We will notify affected users of any such transfer where required by applicable law. 

7.4 With Your Consent 

We may share your personal data with other third parties where you have provided your explicit and informed consent to do so. 

All third parties with whom we share personal data are required, by contract or applicable law, to maintain appropriate data security measures and to process your data solely for the specified, authorised purposes. 
 

8. International Data Transfers 

TraceCORE is based in the United Arab Emirates. Your personal data may be stored and processed in the UAE or transferred to other countries in connection with the services and infrastructure we use to operate our business. 

For users located outside the UAE - including those in Bosnia and Herzegovina, other EEA-adjacent countries, or any other jurisdiction with applicable cross-border transfer requirements - we ensure that: 

  • Cross-border transfers are made only to countries that are recognised as offering an adequate level of data protection; or 

  • Appropriate contractual safeguards are in place, such as standard contractual clauses or equivalent mechanisms recognised under applicable law; or 

  • Your explicit consent has been obtained where required. 

Where personal data is transferred to third-party service providers located in other countries, we require those providers to maintain data protection standards consistent with this Privacy Policy and applicable law. 

You have the right to request information about the safeguards we have put in place for cross-border transfers. Please contact us using the details in Section 19. 
 

9. Data Retention 

We retain your personal data only for as long as is necessary to fulfil the purposes described in this Privacy Policy, or as required by applicable law. Our general retention periods are as follows: 

Data Category 

Retention Period 

Basis 

Account and registration data 

Duration of your account + 5 years following closure 

Contractual obligation; Legitimate interests 

Application-specific data (e.g., financial, transactional, or activity records — see Annex A for details) 

Minimum 5–10 years as required by applicable law, or as specified in Annex A 

Legal obligation 

Usage and technical log data 

Up to 12 months from collection 

Legitimate interests 

Customer support correspondence 

3 years from resolution of the enquiry 

Legitimate interests; Legal obligation 

Consent records (including marketing preferences) 

Duration of consent + 3 years following withdrawal 

Legal obligation; Legitimate interests 

Marketing preference records 

Until withdrawal of consent or opt-out 

Consent 

Where a specific Application requires a different retention period for its Application-specific data, that period is set out in Annex A and takes precedence for that data category. 

Where we are legally required to retain personal data beyond the periods above (for example, for tax compliance, audit, regulatory, or dispute resolution purposes), we will do so in accordance with the applicable legal obligation. 

When personal data is no longer required, it is securely deleted or anonymised so that it can no longer be attributed to an identifiable individual. 
 

10. Cookies and Tracking Technologies 

Our website and digital Services use cookies and similar technologies, including pixels, tags, and unique device identifiers, to improve functionality, analyse traffic, and deliver a better user experience. 

10.1 Types of Cookies We Use 

Cookie Type 

Purpose 

Consent Required? 

Essential / Functional 

Necessary for the Services to operate correctly, including user authentication, session management, and security. Cannot be disabled. 

No — strictly necessary 

Analytical / Performance 

Help us understand how users interact with our Services, identify areas for improvement, and measure the effectiveness of our features. 

Yes 

Marketing / Targeting 

Used to deliver relevant communications. Only activated where you have given explicit consent. 

Yes 

10.2 Managing Your Cookie Preferences 

You can manage and control your cookie preferences through: 

  • Your browser settings (to block, restrict, or delete cookies); 

  • Your device settings (for mobile applications); 

Disabling essential cookies may affect the functionality and performance of our Services. 
 

11. Application Permissions 

When using our Applications, we may request access to certain device features. We only request permissions that are strictly necessary to deliver an Application's functionality: 

Permission 

Purpose 

Optional? 

Internet connection 

To synchronise data securely with our servers and provide account access 

No — required for core functionality 

Device storage 

To download and save Application-generated files (e.g., documents, records, receipts) locally on your device, where applicable 

Optional — you may decline; content will remain accessible online only 

Push notifications 

To send Application-related alerts, reminders, and updates specific to the Application you use 

Yes — can be managed in your device settings 

Location data (if applicable) 

Only requested if required for specific Application features; not collected passively 

Yes — can be declined at any time 

The specific permissions requested by each Application, and their purposes, are set out in Annex A. You can manage all permissions at any time through your device's application settings. Revoking a permission may limit certain features of the relevant Application. 
 

12. Automated Decision-Making 

At present, TraceCORE does not make decisions that produce legal or similarly significant effects on individuals solely through automated processing without human involvement. 

Should we introduce automated decision-making or profiling activities in the future that have a material impact on users, we will: 

  • Update this Privacy Policy to describe such activities; 

  • Obtain your consent where required by applicable law; and 

  • Provide you with the ability to request human review of any automated decision. 
     

13. Data Security 

We implement appropriate technical and organisational security measures designed to protect your personal data from unauthorised access, disclosure, alteration, loss, or destruction. These measures include: 

  • Encryption of data in transit using SSL/TLS (Secure Sockets Layer / Transport Layer Security) protocols; 

  • Encryption of sensitive data at rest; 

  • Role-based access controls and multi-factor authentication for system access; 

  • Regular security assessments, vulnerability testing, and audits; 

  • Contractual confidentiality obligations imposed on all staff and service providers; 

  • Secure deletion and anonymisation procedures when data is no longer required. 

However, no method of data transmission over the internet or electronic storage is completely secure. While we take every reasonable measure to protect your personal data, we cannot guarantee absolute security. We encourage you to: 

  • Use a secure network environment when accessing our Services; 

  • Keep your account credentials confidential and not share your password with anyone; 

  • Log out of the Application when using shared or public devices; 

  • Contact us immediately if you suspect any unauthorised access to your account. 

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by applicable law. 
 

14. Children's Privacy 

Our Services are intended exclusively for individuals who are at least 18 years of age. We do not knowingly collect, retain, or process personal data from minors under the age of 18. 

If you are a parent or guardian and have reason to believe that a minor has provided us with personal data without your knowledge or consent, please contact us immediately using the details in Section 19. We will take prompt steps to investigate and, where appropriate, delete that data from our records. 
 

15. Your Rights as a Data Subject 

Subject to applicable law and any legal limitations, you have the following rights in relation to your personal data: 

Right 

Description 

Right of Access 

To request a copy of the personal data we hold about you and information about how we process it. 

Right to Rectification 

To request correction of inaccurate or incomplete personal data. 

Right to Erasure ("Right to be Forgotten") 

To request deletion of your personal data in certain circumstances, including where it is no longer necessary for the purpose for which it was collected. 

Right to Restriction of Processing 

To request that we limit how we use your personal data in certain circumstances (e.g., while accuracy is contested). 

Right to Object 

To object to processing based on our legitimate interests, or to processing for direct marketing purposes. 

Right to Data Portability 

To receive your personal data in a structured, commonly used, and machine-readable format, and to transfer it to another controller. 

Right to Withdraw Consent 

To withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of prior processing. 

Right to Lodge a Complaint 

To file a complaint with the relevant data protection supervisory authority in your jurisdiction. 

15.1 UAE Residents 

Your rights are governed by the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. To exercise your rights, please use the contact details set out in Section 19. 

15.2 Users in Bosnia and Herzegovina 

If you are located in Bosnia and Herzegovina, you may also have rights under the BiH Law on Protection of Personal Data. To exercise your rights, please use the contact details set out in Section 19. 

15.3 Users in Other Jurisdictions 

If you are located in another jurisdiction with applicable data protection legislation (including EEA countries subject to GDPR or equivalent laws), we will seek to comply with your rights under those applicable laws. To exercise your rights, please use the contact details set out in Section 19. 

15.4 How to Exercise Your Rights 

To exercise any of the above rights, please contact us using the details in Section 19. 

We will respond to verified requests within 30 calendar days. In complex or high-volume cases, we may extend this period by a further 30 days and will notify you of the extension in advance. 

We may request reasonable proof of identity before processing your request, to protect your data from unauthorised access. 
 

16. Third-Party Services and Links 

Our Services may contain links to, or integrations with, third-party websites, Partner Platforms, payment providers, tax systems, and aggregators. TraceCORE is not responsible for the privacy practices of those third parties. 

When an Application integrates with a Partner Platform or aggregator (see Annex A for details specific to each Application), that platform operates as a separate and independent data controller for data it independently collects and processes. TraceCORE is responsible solely for personal data that such platforms share with us in connection with the provision of our Services. 

We strongly encourage you to review the privacy policies of any third-party services you access through or alongside our platform before sharing any personal information with them. 
 

17. Marketing Communications 

We will only send you direct marketing communications where you have provided explicit, freely-given consent, or where applicable law permits us to do so on another lawful basis. 

17.1 Managing Your Marketing Preferences 

You may opt out of marketing communications at any time using any of the following methods: 

  • Click the "Unsubscribe" link at the bottom of any marketing email we send you; 

  • Adjust your communication preferences within the relevant Application's settings; 

  • Disable push notifications in your device's application settings; 

  • Contact us directly at: info@tracecore.solutions 

Opting out of marketing communications will not affect your receipt of essential service-related communications, such as Application-specific transactional confirmations, reminders, security alerts, or account notifications. 
 

18. Changes to This Privacy Policy 

We may update this Privacy Policy from time to time to reflect changes in our Services, business practices, or applicable legal requirements. This includes adding, updating, or removing entries in Annex A as we introduce new Applications or change the data practices of existing ones. The "Last Updated" date at the top of this Policy will reflect the most recent revision. 

When we make significant or material changes, we will: 

  • Post the updated Policy on our website and within the relevant Application(s); 

  • Notify you by email or in-app notification; and 

  • Where required by applicable law, obtain your consent to the updated terms. 

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our Services following notification of material changes constitutes your acknowledgement of the updated Policy. 
 

19. Contact Information and Data Protection Contact Point 

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data protection practices, please contact us at: 

TraceCORE Software and Technology Development LLC 
Email: info@tracecore.solutions 
Website: tracecore.solutions 

We are committed to addressing all data protection enquiries and complaints promptly and in good faith. If you are not satisfied with our response, you have the right to escalate your concern to the relevant data protection authority in your jurisdiction. 

  

Annex A. Application-Specific Supplement 

This Annex forms part of, and should be read together with, the main body of this Privacy Policy. It sets out the data practices that are specific to each Application we operate. Where a provision in this Annex differs from the general body of this Privacy Policy for a particular Application, this Annex prevails for that Application only. 

TraceCORE may add, remove, or update entries in this Annex as we introduce new Applications or change the data practices of an existing Application. Material changes will be communicated in accordance with Section 18 (Changes to This Privacy Policy). 

A.1 Income Dash 

Description: Income Dash is a mobile application that enables gig-economy workers and independent contractors to track earnings, manage payouts, calculate tax accruals, generate fiscal receipts, and maintain financial records drawn from integrated partner platforms. 

Additional Data Collected: For users of Income Dash, we collect the following Application-specific data: 

  • Earnings history and payout history 

  • Tax accruals and taxes paid 

  • Transaction summaries and completed order details 

  • Service history and work activity records 

  • Fiscal receipts generated through integrated partner platform activities 

  • Financial records required for tax compliance and reporting 

Purposes: Specific data is used to: 

  • Display your work activity, earnings, payouts, and tax information 

  • Generate, store, and provide access to fiscal receipts 

  • Calculate tax accruals and maintain financial records 

  • Verify completed transactions with partner platforms and aggregators 

  • Process and facilitate payouts via integrated payment service providers 

  • Produce tax summaries and reports for your personal tax compliance 

  • Send push notifications regarding payout updates, tax reminders, and important alerts related to Income Dash 

Partner Platforms: Income Dash integrates with gig-economy platforms and aggregators to verify completed transactions and work activity. These platforms act as independent data controllers for the data they collect and process directly; Income Dash receives and processes only the data these platforms share with it for the purposes listed above. 

Application-Specific Permissions:  

  • Device storage - to download and save fiscal receipts locally on your device (optional; you may decline, and receipts will remain accessible online only) 

  • Push notifications - to send payout confirmations, tax reminders, and other Income Dash alerts (optional; can be managed in your device settings) 

Application-Specific Retention Periods:  

  • Financial records, fiscal receipts, and tax data: minimum 5–10 years, as required by applicable tax and accounting law 

  • Transaction and earnings history: duration of your account plus a minimum of 5 years, for audit and compliance purposes 

 

 

Top