E
EARNFLOW
Technologies Ltd.
Back to HomeLegal

Privacy Policy

How Earnflow Technologies Ltd. collects, uses, and protects your personal data.

Last updated: 22 April 2026

1. Introduction

Earnflow Technologies Ltd. ("Earnflow", "we", "us", or "our") is a company registered in the Dubai International Financial Centre (DIFC), UAE, operating under DIFC Law No. 5 of 2020 (the Data Protection Law, "DIFC DPL"). We act as a Data Controller in respect of personal data collected through our platform at earnflowtec.com and associated mobile applications.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, with whom we share it, and what rights you have in relation to it. By using our platform, you acknowledge that you have read and understood this policy.

2. Personal Data We Collect

We collect the following categories of personal data:

CategoryExamplesPurpose
IdentityFull name, date of birth, nationality, government-issued IDKYC onboarding, AML compliance
ContactEmail address, phone number, postal addressAccount management, notifications
FinancialBank account details, wallet addresses, transaction history, earnings dataPayment processing, settlement
PlatformSocial media handle, platform earnings statements, content categoryEligibility verification, corridor routing
TechnicalIP address, device type, browser, session tokens, usage logsSecurity, fraud prevention, analytics
ComplianceSanctions screening results, PEP status, risk classificationAML/CFT obligations under DIFC law

3. Legal Basis for Processing

Under the DIFC DPL, we process your personal data on the following legal bases:

  • Contractual necessity: Processing required to perform our agreement with you (e.g., processing your payment, onboarding your account).
  • Legal obligation: Processing required to comply with applicable law, including DIFC AML/CFT regulations, FATF recommendations, and sanctions screening obligations.
  • Legitimate interests: Processing for fraud prevention, platform security, and improving our services, where these interests are not overridden by your rights.
  • Consent: Where we rely on consent (e.g., marketing communications), you may withdraw it at any time by contacting [email protected].

4. How We Use Your Data

We use your personal data to:

  • Create and manage your Earnflow account
  • Verify your identity and conduct KYC/AML checks
  • Process inbound USD earnings and outbound local-currency settlements
  • Screen transactions against sanctions lists (OFAC, UN, EU, HM Treasury)
  • Detect and prevent fraud, money laundering, and terrorist financing
  • Communicate with you about your account, transactions, and platform updates
  • Comply with requests from competent regulatory authorities
  • Improve our platform through aggregated, anonymised analytics

5. Data Sharing and Disclosure

We share your personal data only in the following circumstances:

  • Banking partner (Lorum / Fuse Bank): To open and operate your master account, process payments, and fulfil regulatory reporting obligations.
  • Mobile money operators: M-Pesa (Kenya/Ethiopia), Hormuud EVC+ (Somalia), MTN Mobile Money (Uganda/Ghana), Djibouti Telecom (Djibouti) — to execute local-currency disbursements.
  • KYC/AML providers: Third-party identity verification and sanctions screening services operating under data processing agreements.
  • Regulatory authorities: DIFC Authority, UAE Central Bank, Financial Intelligence Unit, and other competent authorities where required by law.
  • Professional advisers: Lawyers, auditors, and insurers under confidentiality obligations.

We do not sell your personal data to third parties.

6. International Data Transfers

Your data may be transferred to and processed in countries outside the DIFC, including Kenya, Somalia, Ethiopia, Uganda, Ghana, and Djibouti, in connection with payment processing. Where such transfers occur, we ensure appropriate safeguards are in place, including standard contractual clauses or adequacy decisions recognised under the DIFC DPL.

7. Data Retention

We retain your personal data for as long as your account is active and for a minimum of five (5) years after account closure, in accordance with DIFC AML/CFT record-keeping requirements. Transaction records and compliance documentation may be retained for up to ten (10) years where required by applicable law.

8. Your Rights

Under the DIFC DPL, you have the following rights in respect of your personal data:

RightDescription
AccessRequest a copy of the personal data we hold about you.
RectificationRequest correction of inaccurate or incomplete data.
ErasureRequest deletion of your data, subject to legal retention obligations.
RestrictionRequest that we limit processing of your data in certain circumstances.
PortabilityReceive your data in a structured, machine-readable format.
ObjectionObject to processing based on legitimate interests.
Withdraw consentWhere processing is based on consent, withdraw it at any time.

To exercise any of these rights, email [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the DIFC Commissioner of Data Protection.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits. In the event of a personal data breach that is likely to result in a high risk to your rights, we will notify you and the DIFC Commissioner of Data Protection without undue delay.

10. Contact Us

For any privacy-related queries, contact our Data Protection Officer:

Omar Hassan Ali
CEO / Data Controller
Unit 4, Level 3, Gate District
DIFC, Dubai, UAE · PO Box 506501