PRIVACY POLICY
Effective Date: July 2, 2026
Last Updated: July 2, 2026
Our Privacy Commitment
-
We will be transparent about what data we collect, why we collect it, and how we use it.
-
We will only use your personal data to provide our Services, for legitimate business purposes, to fulfil legal obligations, and where you have given us consent.
-
We will never sell or rent your personal data to third parties.
-
We will keep your personal information secure using appropriate technical and organisational measures.
-
We will respect your rights to access, correct, and control the personal information you share with us.
Table of Contents
1. Who We Are
2. Scope and Application
3. Definitions
4. Information We Collect
5. Legal Basis for Processing
6. How We Use Your Information
7. Sharing of Information
8. International Data Transfers
9. Data Retention
10. Cookies and Tracking Technologies
11. Application Permissions
12. Automated Decision-Making
13. Data Security
14. Children's Privacy
15. Your Rights as a Data Subject
16. Third-Party Services and Links
17. Marketing Communications
18. Changes to This Privacy Policy
19. Contact Information
Annex A. Application-Specific Supplement
1. Who We Are
TraceCORE Software and Technology Development LLC ("TraceCORE", "Company", "we", "us", or "our") is a limited liability company registered in the United Arab Emirates.
We operate a portfolio of digital products, which may include:
-
A website located at: https://tracecore.solutions/
-
One or more mobile and/or web applications (each an "Application", collectively the "Applications") that we develop, publish, or operate from time to time.
(Together, our website, our Applications, and all related digital products and services are referred to as the "Services".)
This Privacy Policy is designed to apply generally across all Services we operate now or may introduce in the future. Where an Application collects or uses personal data in a way that is specific to that Application, those details are set out in Annex A (Application-Specific Supplement), which forms part of this Privacy Policy and is updated as we add or change Applications.
For the purposes of applicable data protection law, TraceCORE acts as the data controller of your personal data processed through the Services, unless otherwise stated in this Privacy Policy.
2. Scope and Application
This Privacy Policy applies to all individuals who interact with our Services, including:
-
Visitors to our website(s) and digital platforms;
-
Registered users of any of our Applications;
-
Individuals who contact us through our support channels, contact forms, or other means of communication.
This Policy applies globally. TraceCORE is based in the United Arab Emirates and complies with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE PDPL") as the primary applicable law.
For users located in other jurisdictions - including Bosnia and Herzegovina ("BiH"), countries within the European Economic Area ("EEA"), or other regions with their own data protection legislation - we acknowledge and seek to comply with those applicable local requirements to the extent they apply to our processing activities.
If you do not agree with this Privacy Policy, please do not access or use our Services.
3. Definitions
For the purposes of this Privacy Policy, the following definitions apply:
|
Term |
Definition |
|
Personal Data |
Any information relating to an identified or identifiable natural person. |
|
Processing |
Any operation performed on personal data, including collection, recording, storage, use, disclosure, transmission, or deletion. |
|
Data Controller |
The party that determines the purposes and means of processing personal data. TraceCORE acts as data controller for personal data collected through our Services. |
|
Data Processor |
A party that processes personal data on behalf of, and under the instructions of, a data controller. |
|
Data Subject |
Any identified or identifiable natural person whose personal data is processed. |
|
Sensitive Personal Data |
Personal data revealing racial or ethnic origin, political opinions, religious beliefs, genetic data, biometric data processed for identification purposes, health data, or data concerning sexual orientation. We do not knowingly collect Sensitive Personal Data. |
|
Application |
Any mobile or web application developed, published, or operated by TraceCORE, whether now existing or introduced in the future, as identified in Annex A. |
|
Services |
Our website, our Applications, and all related digital products and services operated by TraceCORE. |
|
Partner Platform |
A third-party platform, aggregator, or service that integrates with one or more of our Applications to share relevant data, as further described for each Application in Annex A. |
|
UAE PDPL |
UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. |
4. Information We Collect
The personal data we collect depends on how you interact with our Services and which Application(s) you use. We collect only what is necessary for the stated purposes.
4.1 Information You Provide Directly
When you register for an account, use our Services, or contact us, we may collect:
-
Full name
-
Email address
-
Phone number
-
Taxpayer Identification Number (TIN) or equivalent national tax/identification number, where relevant to a specific Application
-
Company or business registration information (where applicable)
-
Address (residential or business, where provided)
-
Account credentials (username and password)
-
Any information submitted through forms, registrations, contact requests, or support communications
4.2 Information Collected Automatically
When you access our website or use our Applications, we automatically collect certain technical data, including:
-
Device model and operating system
-
Browser type, version, and language settings
-
IP address
-
Mobile identifiers (such as device ID, where permitted by applicable law)
-
Application version number
-
Log data (including access times, pages visited, actions performed, session duration, and error reports)
-
Usage analytics and navigation behaviour
4.3 Application-Specific Data
Depending on which Application(s) you use, we may collect additional categories of personal data that are necessary to provide that Application's particular features and functionality — for example, financial, transactional, location, or activity data relevant to that Application's purpose.
The specific categories of Application-specific data we collect, and the purposes for which we collect them, are set out for each Application in Annex A (Application-Specific Supplement). This structure allows us to add new Applications, or update the data practices of an existing Application, without changing the core commitments in this Privacy Policy.
4.4 Information Received from Third Parties
We may receive information about you from third-party sources, which we combine with data collected directly:
-
Partner Platforms connected to a specific Application (see Annex A), used to verify completed transactions or activity relevant to that Application
-
Payment service providers (for processing payments or payouts, where an Application offers this functionality)
-
Publicly available sources or government databases (where legally permitted, for identity or tax verification)
5. Legal Basis for Processing
We process your personal data only where we have a lawful basis to do so. Under the UAE PDPL and other applicable data protection laws, our lawful bases are:
-
Performance of a contract - processing necessary to provide our Services or fulfil our contractual obligations to you;
-
Legal obligation - processing required to comply with applicable laws, tax obligations, or regulatory requirements;
-
Legitimate interests - processing necessary for our genuine business interests or those of a third party, where those interests are not overridden by your rights and freedoms;
-
Consent - where you have given us clear, freely-given consent to process your data for a specific purpose.
The table below sets out the specific legal basis we rely upon for our key processing activities:
|
Processing Activity |
Data Categories |
Legal Basis |
|
Account registration and management |
Name, email, phone, password |
Performance of contract; Consent; Legal obligation |
|
Providing and operating our Applications |
Application-specific data (see Annex A) |
Performance of contract; Legal obligation; Consent |
|
Customer support and service communications |
Name, contact details, correspondence |
Performance of contract; Legitimate interests |
|
Fulfilling Application-specific regulatory or compliance functions (e.g., tax calculation, where applicable) |
TIN, financial/activity data (see Annex A) |
Legal obligation; Performance of contract |
|
Verifying data with Partner Platforms |
Application-specific activity data (see Annex A) |
Performance of contract; Legitimate interests |
|
Sharing data with competent authorities or regulators |
Relevant data as required by law |
Legal obligation |
|
Analytics and service improvement |
Usage data, log data (anonymised or pseudonymised) |
Legitimate interests |
|
Security, fraud prevention, and system integrity |
IP address, device data, usage data |
Legitimate interests; Legal obligation |
|
Sending marketing communications |
Name, email address |
Consent |
|
Non-essential cookies and tracking technologies |
Browsing and usage data |
Consent |
|
Cross-border data transfers (where consent required) |
Any relevant personal data |
Consent; Adequate safeguards |
|
Responding to legal requests or court orders |
Any relevant personal data |
Legal obligation |
Where we rely on legitimate interests, we have assessed that those interests are not outweighed by your rights and freedoms. You may object to processing on this basis at any time (see Section 15 – Your Rights).
Where we rely on consent, you have the right to withdraw consent at any time without affecting the lawfulness of prior processing.
6. How We Use Your Information
We use your personal data for the following purposes:
6.1 General Services
-
To create, maintain, and manage your account
-
To operate, maintain, and improve our website and digital Services
-
To provide customer support and respond to enquiries and service requests
-
To analyse usage patterns and improve the user experience
-
To detect, investigate, and prevent fraud, security incidents, and unauthorised access
-
To comply with applicable legal, regulatory, and tax obligations
-
To enforce our Terms and Conditions and other applicable policies
6.2 Application-Specific Purposes
Each Application may use your personal data to deliver its own specific features. In general, this may include purposes such as:
-
To provide the core features and functionality of the Application(s) you use, as described in Annex A
-
To generate, store, and provide access to Application-generated records or documents (e.g., statements, receipts, reports), where applicable
-
To verify data with Partner Platforms connected to a specific Application
-
To process transactions or payouts via integrated payment service providers, where an Application offers this functionality
Annex A sets out the specific Application-level purposes that apply to each Application we operate.
6.3 Communications
-
To send administrative, security-related, and service notifications
-
To send marketing communications, where you have provided explicit consent
-
To send push notifications relevant to your use of a specific Application (e.g., reminders, alerts, and updates), subject to your device settings and preferences
We will not use your personal data for purposes that are materially different from those set out in this Privacy Policy without notifying you and, where required, obtaining your consent.
7. Sharing of Information
7.1 We Do Not Sell Your Personal Data
TraceCORE does not sell, rent, or trade your personal data to third parties for commercial or marketing purposes. We share your data only as described in this section.
7.2 Authorised Third-Party Sharing
We may share personal data with the following categories of recipients, strictly as necessary and under appropriate contractual and data protection safeguards:
|
Recipient Category |
Purpose |
Safeguards |
|
IT infrastructure, hosting & cloud storage providers |
To support the operation and delivery of our Services |
Data processing agreements; contractual obligations |
|
Analytics providers |
To understand and improve Service usage (data pseudonymised or anonymised where possible) |
Data processing agreements |
|
Customer support providers |
To assist in resolving user enquiries and complaints |
Confidentiality obligations; data processing agreements |
|
Payment service providers |
To process payments or payouts for users of Applications that offer payment functionality |
PCI-DSS compliance; data processing agreements |
|
Partner Platforms and aggregators |
To verify completed transactions and activity data relevant to a specific Application (see Annex A) |
Data sharing agreements; contractual obligations |
|
Tax authorities and government regulators |
Where required by applicable law, including for Application-specific compliance and reporting |
Legal obligation |
|
Legal and compliance advisors |
To protect our legal rights and comply with legal obligations |
Professional confidentiality obligations |
|
Law enforcement / government authorities |
Where required by a valid legal request, court order, or applicable regulation |
Strict review and validation before disclosure |
7.3 Business Transfers
In the event of a merger, acquisition, reorganisation, or sale of all or part of our business or assets, your personal data may be transferred to the relevant third party. We will notify affected users of any such transfer where required by applicable law.
7.4 With Your Consent
We may share your personal data with other third parties where you have provided your explicit and informed consent to do so.
All third parties with whom we share personal data are required, by contract or applicable law, to maintain appropriate data security measures and to process your data solely for the specified, authorised purposes.
8. International Data Transfers
TraceCORE is based in the United Arab Emirates. Your personal data may be stored and processed in the UAE or transferred to other countries in connection with the services and infrastructure we use to operate our business.
For users located outside the UAE - including those in Bosnia and Herzegovina, other EEA-adjacent countries, or any other jurisdiction with applicable cross-border transfer requirements - we ensure that:
-
Cross-border transfers are made only to countries that are recognised as offering an adequate level of data protection; or
-
Appropriate contractual safeguards are in place, such as standard contractual clauses or equivalent mechanisms recognised under applicable law; or
-
Your explicit consent has been obtained where required.
Where personal data is transferred to third-party service providers located in other countries, we require those providers to maintain data protection standards consistent with this Privacy Policy and applicable law.
You have the right to request information about the safeguards we have put in place for cross-border transfers. Please contact us using the details in Section 19.
9. Data Retention
We retain your personal data only for as long as is necessary to fulfil the purposes described in this Privacy Policy, or as required by applicable law. Our general retention periods are as follows:
|
Data Category |
Retention Period |
Basis |
|
Account and registration data |
Duration of your account + 5 years following closure |
Contractual obligation; Legitimate interests |
|
Application-specific data (e.g., financial, transactional, or activity records — see Annex A for details) |
Minimum 5–10 years as required by applicable law, or as specified in Annex A |
Legal obligation |
|
Usage and technical log data |
Up to 12 months from collection |
Legitimate interests |
|
Customer support correspondence |
3 years from resolution of the enquiry |
Legitimate interests; Legal obligation |
|
Consent records (including marketing preferences) |
Duration of consent + 3 years following withdrawal |
Legal obligation; Legitimate interests |
|
Marketing preference records |
Until withdrawal of consent or opt-out |
Consent |
Where a specific Application requires a different retention period for its Application-specific data, that period is set out in Annex A and takes precedence for that data category.
Where we are legally required to retain personal data beyond the periods above (for example, for tax compliance, audit, regulatory, or dispute resolution purposes), we will do so in accordance with the applicable legal obligation.
When personal data is no longer required, it is securely deleted or anonymised so that it can no longer be attributed to an identifiable individual.
10. Cookies and Tracking Technologies
Our website and digital Services use cookies and similar technologies, including pixels, tags, and unique device identifiers, to improve functionality, analyse traffic, and deliver a better user experience.
10.1 Types of Cookies We Use
|
Cookie Type |
Purpose |
Consent Required? |
|
Essential / Functional |
Necessary for the Services to operate correctly, including user authentication, session management, and security. Cannot be disabled. |
No — strictly necessary |
|
Analytical / Performance |
Help us understand how users interact with our Services, identify areas for improvement, and measure the effectiveness of our features. |
Yes |
|
Marketing / Targeting |
Used to deliver relevant communications. Only activated where you have given explicit consent. |
Yes |
10.2 Managing Your Cookie Preferences
You can manage and control your cookie preferences through:
-
Your browser settings (to block, restrict, or delete cookies);
-
Your device settings (for mobile applications);
Disabling essential cookies may affect the functionality and performance of our Services.
11. Application Permissions
When using our Applications, we may request access to certain device features. We only request permissions that are strictly necessary to deliver an Application's functionality:
|
Permission |
Purpose |
Optional? |
|
Internet connection |
To synchronise data securely with our servers and provide account access |
No — required for core functionality |
|
Device storage |
To download and save Application-generated files (e.g., documents, records, receipts) locally on your device, where applicable |
Optional — you may decline; content will remain accessible online only |
|
Push notifications |
To send Application-related alerts, reminders, and updates specific to the Application you use |
Yes — can be managed in your device settings |
|
Location data (if applicable) |
Only requested if required for specific Application features; not collected passively |
Yes — can be declined at any time |
The specific permissions requested by each Application, and their purposes, are set out in Annex A. You can manage all permissions at any time through your device's application settings. Revoking a permission may limit certain features of the relevant Application.
12. Automated Decision-Making
At present, TraceCORE does not make decisions that produce legal or similarly significant effects on individuals solely through automated processing without human involvement.
Should we introduce automated decision-making or profiling activities in the future that have a material impact on users, we will:
-
Update this Privacy Policy to describe such activities;
-
Obtain your consent where required by applicable law; and
-
Provide you with the ability to request human review of any automated decision.
13. Data Security
We implement appropriate technical and organisational security measures designed to protect your personal data from unauthorised access, disclosure, alteration, loss, or destruction. These measures include:
-
Encryption of data in transit using SSL/TLS (Secure Sockets Layer / Transport Layer Security) protocols;
-
Encryption of sensitive data at rest;
-
Role-based access controls and multi-factor authentication for system access;
-
Regular security assessments, vulnerability testing, and audits;
-
Contractual confidentiality obligations imposed on all staff and service providers;
-
Secure deletion and anonymisation procedures when data is no longer required.
However, no method of data transmission over the internet or electronic storage is completely secure. While we take every reasonable measure to protect your personal data, we cannot guarantee absolute security. We encourage you to:
-
Use a secure network environment when accessing our Services;
-
Keep your account credentials confidential and not share your password with anyone;
-
Log out of the Application when using shared or public devices;
-
Contact us immediately if you suspect any unauthorised access to your account.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authorities as required by applicable law.
14. Children's Privacy
Our Services are intended exclusively for individuals who are at least 18 years of age. We do not knowingly collect, retain, or process personal data from minors under the age of 18.
If you are a parent or guardian and have reason to believe that a minor has provided us with personal data without your knowledge or consent, please contact us immediately using the details in Section 19. We will take prompt steps to investigate and, where appropriate, delete that data from our records.
15. Your Rights as a Data Subject
Subject to applicable law and any legal limitations, you have the following rights in relation to your personal data:
|
Right |
Description |
|
Right of Access |
To request a copy of the personal data we hold about you and information about how we process it. |
|
Right to Rectification |
To request correction of inaccurate or incomplete personal data. |
|
Right to Erasure ("Right to be Forgotten") |
To request deletion of your personal data in certain circumstances, including where it is no longer necessary for the purpose for which it was collected. |
|
Right to Restriction of Processing |
To request that we limit how we use your personal data in certain circumstances (e.g., while accuracy is contested). |
|
Right to Object |
To object to processing based on our legitimate interests, or to processing for direct marketing purposes. |
|
Right to Data Portability |
To receive your personal data in a structured, commonly used, and machine-readable format, and to transfer it to another controller. |
|
Right to Withdraw Consent |
To withdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of prior processing. |
|
Right to Lodge a Complaint |
To file a complaint with the relevant data protection supervisory authority in your jurisdiction. |
15.1 UAE Residents
Your rights are governed by the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. To exercise your rights, please use the contact details set out in Section 19.
15.2 Users in Bosnia and Herzegovina
If you are located in Bosnia and Herzegovina, you may also have rights under the BiH Law on Protection of Personal Data. To exercise your rights, please use the contact details set out in Section 19.
15.3 Users in Other Jurisdictions
If you are located in another jurisdiction with applicable data protection legislation (including EEA countries subject to GDPR or equivalent laws), we will seek to comply with your rights under those applicable laws. To exercise your rights, please use the contact details set out in Section 19.
15.4 How to Exercise Your Rights
To exercise any of the above rights, please contact us using the details in Section 19.
We will respond to verified requests within 30 calendar days. In complex or high-volume cases, we may extend this period by a further 30 days and will notify you of the extension in advance.
We may request reasonable proof of identity before processing your request, to protect your data from unauthorised access.
16. Third-Party Services and Links
Our Services may contain links to, or integrations with, third-party websites, Partner Platforms, payment providers, tax systems, and aggregators. TraceCORE is not responsible for the privacy practices of those third parties.
When an Application integrates with a Partner Platform or aggregator (see Annex A for details specific to each Application), that platform operates as a separate and independent data controller for data it independently collects and processes. TraceCORE is responsible solely for personal data that such platforms share with us in connection with the provision of our Services.
We strongly encourage you to review the privacy policies of any third-party services you access through or alongside our platform before sharing any personal information with them.
17. Marketing Communications
We will only send you direct marketing communications where you have provided explicit, freely-given consent, or where applicable law permits us to do so on another lawful basis.
17.1 Managing Your Marketing Preferences
You may opt out of marketing communications at any time using any of the following methods:
-
Click the "Unsubscribe" link at the bottom of any marketing email we send you;
-
Adjust your communication preferences within the relevant Application's settings;
-
Disable push notifications in your device's application settings;
-
Contact us directly at: info@tracecore.solutions
Opting out of marketing communications will not affect your receipt of essential service-related communications, such as Application-specific transactional confirmations, reminders, security alerts, or account notifications.
18. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our Services, business practices, or applicable legal requirements. This includes adding, updating, or removing entries in Annex A as we introduce new Applications or change the data practices of existing ones. The "Last Updated" date at the top of this Policy will reflect the most recent revision.
When we make significant or material changes, we will:
-
Post the updated Policy on our website and within the relevant Application(s);
-
Notify you by email or in-app notification; and
-
Where required by applicable law, obtain your consent to the updated terms.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our Services following notification of material changes constitutes your acknowledgement of the updated Policy.
19. Contact Information and Data Protection Contact Point
If you have any questions, concerns, or complaints regarding this Privacy Policy or our data protection practices, please contact us at:
TraceCORE Software and Technology Development LLC
Email: info@tracecore.solutions
Website: tracecore.solutions
We are committed to addressing all data protection enquiries and complaints promptly and in good faith. If you are not satisfied with our response, you have the right to escalate your concern to the relevant data protection authority in your jurisdiction.
Annex A. Application-Specific Supplement
This Annex forms part of, and should be read together with, the main body of this Privacy Policy. It sets out the data practices that are specific to each Application we operate. Where a provision in this Annex differs from the general body of this Privacy Policy for a particular Application, this Annex prevails for that Application only.
TraceCORE may add, remove, or update entries in this Annex as we introduce new Applications or change the data practices of an existing Application. Material changes will be communicated in accordance with Section 18 (Changes to This Privacy Policy).
A.1 Income Dash
Description: Income Dash is a mobile application that enables gig-economy workers and independent contractors to track earnings, manage payouts, calculate tax accruals, generate fiscal receipts, and maintain financial records drawn from integrated partner platforms.
Additional Data Collected: For users of Income Dash, we collect the following Application-specific data:
-
Earnings history and payout history
-
Tax accruals and taxes paid
-
Transaction summaries and completed order details
-
Service history and work activity records
-
Fiscal receipts generated through integrated partner platform activities
-
Financial records required for tax compliance and reporting
Purposes: Specific data is used to:
-
Display your work activity, earnings, payouts, and tax information
-
Generate, store, and provide access to fiscal receipts
-
Calculate tax accruals and maintain financial records
-
Verify completed transactions with partner platforms and aggregators
-
Process and facilitate payouts via integrated payment service providers
-
Produce tax summaries and reports for your personal tax compliance
-
Send push notifications regarding payout updates, tax reminders, and important alerts related to Income Dash
Partner Platforms: Income Dash integrates with gig-economy platforms and aggregators to verify completed transactions and work activity. These platforms act as independent data controllers for the data they collect and process directly; Income Dash receives and processes only the data these platforms share with it for the purposes listed above.
Application-Specific Permissions:
-
Device storage - to download and save fiscal receipts locally on your device (optional; you may decline, and receipts will remain accessible online only)
-
Push notifications - to send payout confirmations, tax reminders, and other Income Dash alerts (optional; can be managed in your device settings)
Application-Specific Retention Periods:
-
Financial records, fiscal receipts, and tax data: minimum 5–10 years, as required by applicable tax and accounting law
-
Transaction and earnings history: duration of your account plus a minimum of 5 years, for audit and compliance purposes