Home

Legal

Data Protection & Security Policy

How GrowthIQ protects the documents, financial data and personal information processed through our platform.

Last updated 9 June 2026

GrowthIQ is committed to protecting the personal data, business information, financial records and documents submitted through our website, platform and related services.

This Data Protection & Security Policy explains the measures we take to protect information processed by GrowthIQ Consultancy FZCO, trading as GrowthIQ and/or GiQ ("GrowthIQ", "we", "us" or "our"), including uploaded documents, bank statements, VAT records, trade licence documents, shareholder information, financial data, platform usage data and lender application information.

This policy should be read together with our Privacy Policy.

1. Our commitment to data protection

GrowthIQ processes business and personal information in connection with SME financing enquiries, lender matching, application preparation, document analysis, financing support and related platform services.

We aim to process information lawfully, transparently and securely, in accordance with applicable UAE data protection requirements, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, to the extent applicable to our activities.

We are committed to applying appropriate technical, organisational and administrative measures to protect information against unauthorised access, loss, misuse, alteration, disclosure or destruction.

2. Information protected under this policy

This policy applies to information submitted to or processed by GrowthIQ, including:

  • personal identification information
  • contact information
  • company and trade licence information
  • shareholder, director and authorised signatory information
  • passport, Emirates ID and visa documents
  • bank statements
  • VAT returns
  • invoices, receivables and financial records
  • existing loan or liability information
  • application information submitted through our website or platform
  • lender-matching outputs and platform-generated analytics
  • communication records relating to financing applications
  • platform usage records, security logs and audit logs

3. Purpose of processing

GrowthIQ processes information only for legitimate business and service-related purposes, including:

  • assessing financing requirements
  • collecting and organising application documents
  • analysing financial information
  • matching businesses with suitable financing providers
  • preparing lender-ready application packs
  • submitting information to selected lenders and financing partners
  • supporting application follow-ups
  • improving our platform, workflows and analytics
  • complying with legal, contractual, audit, fraud prevention and regulatory obligations
  • protecting the security and integrity of our systems

GrowthIQ does not sell personal data.

4. Technical and organisational safeguards

GrowthIQ applies appropriate technical, organisational and administrative safeguards designed to protect information against unauthorised access, loss, misuse, alteration, disclosure or destruction.

These safeguards may include:

  • secure transmission protocols such as TLS/HTTPS
  • encryption where appropriate
  • secure cloud storage
  • database-level access controls
  • role-based access permissions
  • controlled document access
  • authentication controls
  • restricted administrative access
  • activity logging and monitoring
  • secure document-sharing methods
  • internal confidentiality obligations
  • vendor due diligence
  • periodic review of security practices
  • incident response procedures

The specific safeguards used may vary depending on the nature of the information, the risk involved, the system used and the relevant operational requirement.

5. Document security

Documents uploaded to GrowthIQ may include financial, commercial and identification information. We therefore use controlled access methods for uploaded files and restrict access to authorised parties who require the documents for legitimate business, financing, operational, legal or compliance purposes.

Where applicable, document access may be provided through time-limited secure links rather than permanent public links.

Users should not upload documents that are not relevant to the financing application or service requested.

6. Platform access control

GrowthIQ restricts access to personal data, business information and financial documents to authorised users, employees, contractors, service providers, lenders and financing partners who require access for legitimate purposes.

Our platform is designed to apply access controls so that users may only access information that they are authorised to view.

Administrative access is restricted and is granted only where necessary for platform operation, customer support, security, compliance or service delivery.

We may maintain activity logs and security records to monitor platform usage, investigate suspicious activity, support audit requirements and protect the integrity of our systems.

7. Internal confidentiality

Employees, contractors and authorised personnel who may access client information are expected to maintain confidentiality and use information only for authorised business purposes.

Access to client data is granted on a need-to-know basis and may be reviewed, restricted or revoked where no longer required.

Unauthorised access, use, sharing, copying or disclosure of client data is prohibited.

8. Sharing with lenders and financing partners

Where a business requests financing support, GrowthIQ may share relevant information and documents with selected lenders, banks, fintech lenders, private credit providers, underwriters and other financing partners.

Such sharing is carried out for the purpose of assessing financing eligibility, preparing lender submissions, supporting underwriting, obtaining indicative offers, progressing approvals or facilitating disbursement.

Lenders and financing partners may apply their own privacy policies, consent forms, underwriting policies, credit checks, due diligence processes and regulatory obligations. GrowthIQ does not control how a lender makes its final credit decision.

9. Third-party service providers

GrowthIQ may use third-party service providers for cloud hosting, storage, document processing, OCR, analytics, workflow automation, communications, customer support, security and related platform functions.

Where we use such providers, we require them to process information only for authorised purposes and to apply appropriate confidentiality, security and data protection safeguards.

We take reasonable steps to assess whether service providers are suitable for the processing activities they perform on our behalf.

10. International processing and storage

Some of our service providers, technology partners, cloud infrastructure providers or financing partners may process or store information outside the United Arab Emirates.

Where information is transferred or processed outside the UAE, we take steps designed to ensure that the information receives appropriate protection. These steps may include contractual safeguards, confidentiality obligations, technical security measures, access controls and due diligence on service providers.

11. Data retention and deletion

GrowthIQ retains information for as long as reasonably necessary to provide our services, manage applications, comply with legal or contractual obligations, support audit requirements, prevent fraud, resolve disputes and maintain appropriate business records.

Retention periods may vary depending on:

  • the type of information
  • whether an application was approved, declined, withdrawn or remains active
  • lender requirements
  • contractual obligations
  • legal, accounting, tax, regulatory or audit requirements
  • fraud prevention and dispute-resolution needs
  • whether the user remains an active client, partner or platform user

Where information is no longer required, we may delete, anonymise or archive it in accordance with our internal retention practices and applicable law.

12. Breach response

If GrowthIQ becomes aware of a personal data breach or security incident affecting information processed by us, we will take reasonable steps to investigate, contain and remediate the incident.

Depending on the nature and severity of the incident, we may:

  • investigate the cause and scope of the incident
  • restrict or suspend affected access
  • take steps to prevent further unauthorised access
  • restore affected systems or data where possible
  • review relevant logs and records
  • notify affected users, clients, partners or service providers
  • notify the relevant UAE authority where required by applicable law
  • update controls or processes to reduce the risk of recurrence

13. User responsibilities

Users are responsible for ensuring that information and documents submitted to GrowthIQ are accurate, complete and lawful to provide.

Where users submit information relating to directors, shareholders, employees, customers, suppliers, guarantors or other third parties, they confirm that they have the authority to provide that information and that such information may be processed in accordance with GrowthIQ’s Privacy Policy and this Data Protection & Security Policy.

Users are also responsible for:

  • keeping login details confidential
  • not sharing account access with unauthorised persons
  • using secure networks and devices where possible
  • notifying GrowthIQ promptly if they suspect unauthorised access or misuse
  • uploading only documents relevant to the financing application or service requested

14. No absolute security guarantee

While GrowthIQ takes reasonable steps to protect information, no website, platform, cloud service, email system or electronic transmission method can be guaranteed to be completely secure.

GrowthIQ continuously reviews and improves its safeguards to reduce security risks and protect the information entrusted to us.

15. Relationship with Privacy Policy

This Data Protection & Security Policy explains how GrowthIQ protects information.

Our Privacy Policy explains what information we collect, why we collect it, how we use it, who we share it with, how long we keep it and what rights may apply to individuals whose personal data we process.

If there is any inconsistency between this Data Protection & Security Policy and the Privacy Policy, the Privacy Policy will apply to the processing of personal data, unless otherwise required by applicable law.

16. Changes to this policy

We may update this Data Protection & Security Policy from time to time to reflect changes in our services, technology, security practices, legal requirements, lender processes or business operations.

The updated version will be posted on our website with a revised Last updated date.

Where changes are material, we may take additional steps to notify users, where appropriate.

17. Contact

For questions about this Data Protection & Security Policy or how GrowthIQ protects information, please contact:

GrowthIQ Consultancy FZCO

Email: team@growthiq.ae

Website: www.growthiq.ae

Registered address: Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates