← Back

Privacy Policy

Last updated: April 7, 2026

This Privacy Policy explains how Rowstr FZ-LLC (“we”, “us”, or “our”), a company registered in the United Arab Emirates, collects, uses, stores, and protects your personal data when you use the Rowstr platform (“the Service”). This policy is aligned with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“UAE PDPL”).

1. Data We Collect

Account information: When you sign up via third-party authentication, we receive your name, email address, and profile picture. We do not receive or store your third-party account password.

Organization data: Agency name, team members, roles, and invite links you create within the platform.

Content: Media files (images, videos), model profiles, task items, calendar entries, messages, and saved content that you upload or create in the Service.

Usage data: We collect anonymized analytics data, including page views, feature usage, and interaction patterns. This data is used solely to improve the Service. No personally identifiable information is included in analytics.

Technical data: Browser type, device information, IP address, and access logs collected automatically for security, fraud prevention, and troubleshooting purposes.

2. Legal Basis for Processing

We process your personal data on the following legal bases under the UAE PDPL:

  • Contractual necessity: Processing required to provide the Service you have subscribed to
  • Consent: Where you have given explicit consent (e.g., marketing communications)
  • Legitimate interest: Security monitoring, fraud prevention, and service improvement
  • Legal obligation: Compliance with UAE laws and regulations

3. How We Use Your Data

  • Service delivery: Store and display your content, manage team access, enable collaboration features
  • Service improvement: Analyze anonymized usage patterns to optimize performance and develop new features
  • Communications: Send transactional emails such as invitations and account notifications
  • Security: Detect and prevent unauthorized access, abuse, or fraud
  • Legal compliance: Fulfill obligations under UAE law and respond to lawful requests from authorities

4. Data Storage

Your data is stored using secure, enterprise-grade cloud infrastructure. All data is encrypted in transit and at rest using industry-standard protocols. We implement commercially reasonable security measures including secure authentication, role-based access controls, and regular security reviews.

5. Media Processing

When you upload images, we generate optimized versions and thumbnails to improve loading performance. The original full-quality file is always preserved and available for download. For videos, we generate preview images for display purposes. All media processing occurs on our secure infrastructure and content is never shared with third parties for processing.

6. Data Sharing

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

  • Service providers: We use trusted third-party providers for infrastructure, storage, email delivery, analytics, and payment processing. These providers act as data processors and are contractually obligated to protect your data and process it only on our instructions.
  • Payment processing: Subscription payments are handled by a PCI-compliant payment processor. We do not store payment card details on our systems.
  • Legal requirements: We may disclose data when required by UAE law, court order, or government authority, or to protect the rights, property, or safety of Rowstr FZ-LLC, its users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

7. Content Ownership

You retain full ownership of all content you upload. We do not use your content for training machine learning models, advertising, or any purpose beyond providing the Service. When you delete content, it is removed from our active storage within 30 days and from all backups within 90 days.

8. Data Retention

We retain your account data for as long as your account is active and as needed to provide the Service. If you delete your account, we will delete your personal data within 30 days, except where longer retention is required by UAE law (e.g., financial records under UAE Commercial Transactions Law). Anonymized, aggregated data that cannot be used to identify you may be retained indefinitely for analytical purposes.

9. Your Rights

Under the UAE PDPL, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data, subject to legal retention obligations
  • Restriction: Request that we limit the processing of your data in certain circumstances
  • Data portability: Receive your data in a structured, commonly used format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may request verification of your identity before processing your request.

10. Cookies & Tracking

We use essential cookies required for authentication and session management. We also use first-party analytics to understand how the Service is used. We do not use third-party advertising cookies or cross-site tracking technologies. You can manage cookie preferences through your browser settings, though disabling essential cookies may affect Service functionality.

11. Security Measures

  • All data encrypted in transit (TLS) and at rest
  • Secure authentication with industry-standard protocols
  • Role-based access control for team members
  • Regular security assessments and vulnerability monitoring
  • Content deduplication to minimize stored data
  • Automated threat detection and access logging

12. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will take immediate steps to delete such data.

13. International Data Transfers

Your data may be processed in jurisdictions outside the UAE where our service providers are located. In such cases, we ensure that adequate safeguards are in place to protect your data in accordance with the UAE PDPL, including contractual data processing agreements with appropriate security and confidentiality obligations.

14. Data Breach Notification

In the event of a personal data breach that is likely to result in harm to your rights, we will notify the UAE Data Office and affected individuals without undue delay, and in any event within the timeframe required by the UAE PDPL. Notification will include the nature of the breach, the data affected, and the measures taken to address it.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes via email or through the Service at least 15 days before they take effect. The “Last updated” date at the top reflects the most recent revision.

16. Governing Law

This Privacy Policy is governed by the laws of the United Arab Emirates, including the UAE PDPL (Federal Decree-Law No. 45 of 2021). For users in the European Economic Area, we also comply with applicable GDPR requirements where they apply to our processing of your data.

17. Contact Us

For any questions or concerns about this Privacy Policy or your personal data:

Email: [email protected]
Entity: Rowstr FZ-LLC, Dubai, United Arab Emirates