Privacy Policy

Last Updated: 18 June 2026

This Privacy Policy explains how Bizrah collects, uses, shares, and protects personal information in connection with the website located at bizrah.com (the “Site”) and the products and services we provide through it (the “Services”, including our self-serve accounting software (the “Software”) and our bookkeeping, tax, and related services (the “Professional Services”)).

The Services are operated by Bizrah Holding B.V., a private limited liability company incorporated in the Netherlands (Netherlands Chamber of Commerce no. 98803700), acting for and on behalf of itself and each of its subsidiaries, affiliates, and group companies, including Bizrah Technology Solutions L.L.C. (Dubai Department of Economy and Tourism commercial licence no. 1583862) (together, “Bizrah”, “we”, “us”, or “our”).

This Privacy Policy is incorporated into and forms part of our Terms & Conditions. Capitalised terms used but not defined here have the meaning given to them in the Terms & Conditions. By using the Site or the Services, you acknowledge that you have read this Privacy Policy. Where we provide Professional Services to you under a Cloud Service Agreement, our handling of the financial and business data we process for you is also governed by that agreement and any data processing agreement between us.

In this Privacy Policy, “personal information” (also referred to in some laws as “personal data” or “personally identifiable information”) means any information that relates to an identified or identifiable individual.

1. The Two Roles We Play

How we treat personal information depends on the context in which we receive it:

As a controller. When you visit the Site, register for an account, communicate with us, or when we market and sell our Services, we determine how and why the relevant personal information is processed. For that information, Bizrah is the controller.

As a processor. When we provide the Services — and in particular the Professional Services — you (our customer) provide or make available data so that we can keep your books, prepare your filings, and operate the Software on your behalf. That data, including any personal information it contains (for example, the names, contact details, or pay or invoice amounts of your staff, customers, or suppliers), is “Customer Content”. We process Customer Content on your instructions and on your behalf, which means you are the controller of that information and Bizrah is your processor. You are responsible for providing any notices to, and obtaining any consents from, the individuals whose information appears in your Customer Content. This Privacy Policy describes our general practices; our processing of Customer Content is governed by the Cloud Service Agreement and any data processing agreement between us, which control if there is a conflict with this Privacy Policy.

2. Personal Information We Collect

Information you give us. This includes your name, business email address, phone number, company name and role, account login details, billing details, and anything you provide when you register, fill in forms, respond to surveys, contact support, or otherwise communicate with us.

Customer Content you make available to us. To provide the Services we receive financial and business information from you or at your direction. This may include transactions, invoices, receipts, bank and payment records, payroll data, and supporting documents, some of which may contain personal information about your staff, customers, suppliers, officers, or owners. We receive this information directly from you and, where you authorise it, through connections to your third-party tools and accounts — including messaging applications (such as WhatsApp), email, accounting software, and bank or payment portals — which we access to capture the data needed to provide the Services.

Information we collect automatically. When you use the Site or the Software, we automatically collect usage and device information such as IP address, device and browser type, operating system, pages viewed, dates and times of access, referring pages, and similar log data, including through cookies and similar technologies (see Section 8).

Information from third parties. We may receive information from our service providers, integration and referral partners, analytics providers, and other sources that help us provide, market, and improve the Services.

3. How We Use Personal Information

We use personal information for the following purposes:

To provide and operate the Services — to create and administer your account, deliver the Software and the Professional Services, ingest and reconcile your financial data, prepare your books and filings, and provide customer support;
To process payments — to bill you and process transactions for paid Services;
To communicate with you — to send service, security, and administrative messages, respond to your enquiries, and (where permitted) send marketing communications you can opt out of;
To secure and protect the Services — to monitor for, prevent, and address fraud, abuse, security incidents, and technical issues;
To improve and develop the Services — to understand how the Services are used, conduct research and analytics, and build new features and offerings;
For sales and marketing — to understand the needs of prospective customers, manage leads and events, and measure and improve our marketing; and
To comply with law and enforce our terms — to meet our legal and regulatory obligations, respond to lawful requests, resolve disputes, and enforce our agreements.

We process Customer Content only to provide and maintain the Services, in accordance with your instructions and the Cloud Service Agreement.

4. Artificial Intelligence and Machine Learning

The Services use artificial intelligence and machine-learning technologies to capture, categorise, and reconcile data and to generate outputs. We may process information, including Customer Content, to provide, develop, train, and improve these features, provided that data used for training or model-improvement purposes is first de-identified or aggregated using commercially reasonable, industry-standard techniques. Outputs may be incorrect or incomplete and are not a substitute for professional judgement; for our Professional Services we may apply human review to complex items, while the self-serve Software operates on an automated basis.

5. Aggregated and De-Identified Data

We may create aggregated, de-identified, or anonymised data from the information we collect, including from Customer Content, in a way that does not identify you or any individual. Once data is in this form it is no longer personal information, and we may use and share it for any lawful business purpose — such as operating, analysing, and improving the Services and our business — provided we do not share it in a manner that could identify you or any individual.

6. How We Share Personal Information

We do not sell your personal information. We share personal information only as described below:

Service providers. With vendors who process information on our behalf to help us run the Services and our business — including hosting and cloud infrastructure, IT and security, communications and email, payment processing, analytics, and customer support providers — under obligations to protect it and use it only as instructed.
Integrations and accounts you connect. With the third-party tools and accounts you authorise us to connect to (such as messaging, email, accounting, and banking providers), to the extent needed to provide the Services. Your use of those third parties is governed by their own terms and privacy policies.
Professional advisors. With our lawyers, auditors, bankers, insurers, and similar advisors who are bound by confidentiality obligations.
Within the Bizrah group. Among Bizrah Holding B.V. and its subsidiaries and affiliates, where needed to provide and administer the Services.
Legal and protection. With courts, regulators, law enforcement, or other parties where we believe in good faith that disclosure is required or permitted by law, or is necessary to protect the rights, property, or safety of Bizrah, our users, or others, or to enforce our agreements.
Business transfers. In connection with a merger, acquisition, financing, reorganisation, insolvency, or sale or transfer of all or part of our business or assets, your information may be disclosed or transferred as part of that transaction.

7. International Data Transfers

Bizrah operates across the United Arab Emirates, the Netherlands, and other locations, and we and our service providers may store and process personal information outside your country of residence. Where we transfer personal information across borders, we do so in accordance with applicable data protection laws and put in place appropriate safeguards where required.

8. Cookies and Tracking Technologies

We and our analytics providers use cookies and similar technologies (such as pixels and similar identifiers) to operate and secure the Site and Software, remember your preferences, understand how the Services are used, and measure and improve our content and marketing. Some cookies are essential to providing the Services; others are analytics or performance cookies. You can control cookies through your browser settings, although disabling some cookies may affect how the Services function. Where required by law, we will request your consent for non-essential cookies.

9. Data Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorised access, use, disclosure, alteration, and loss, appropriate to the nature of the information. Any login credentials you provide to enable integrations are stored in encrypted form and used only to provide the Services. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. You also play a role in keeping your information secure by protecting your account credentials and notifying us of any suspected compromise.

10. Data Retention

We retain personal information for as long as needed to provide the Services and operate our business, and afterwards as necessary to comply with our legal and regulatory obligations (including record-keeping and tax obligations), resolve disputes, enforce our agreements, and prevent fraud. Customer Content is retained in accordance with the Cloud Service Agreement; following termination, we will delete or return Customer Content as set out there, subject to any retention required by law or held in routine backups. We may retain aggregated or de-identified data indefinitely.

11. Your Rights and Choices

Depending on where you are located and the applicable data protection laws — which may include the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), the Abu Dhabi Global Market (ADGM) Data Protection Regulations 2021, and, where applicable, the EU and UK General Data Protection Regulation (GDPR) — you may have rights to:

access the personal information we hold about you;
correct inaccurate or incomplete information;
request deletion of your information;
object to or restrict certain processing;
request a portable copy of certain information; and
withdraw consent where processing is based on consent.

To exercise these rights, contact us at [email protected]. We will respond as required by applicable law and may need to verify your identity. Where we process personal information as a processor on behalf of a customer (for example, Customer Content), we will refer your request to the relevant customer (the controller) or assist them in responding.

Marketing choices. You can opt out of marketing communications at any time using the unsubscribe link in our emails or by contacting us. We may still send you service and administrative messages.

12. Children’s Privacy

The Services are intended for business use and are not directed to children or to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us personal information, please contact us and we will take appropriate steps to delete it.

13. Third-Party Sites and Services

The Site and the Services may link to or integrate with websites and services we do not operate. We are not responsible for the privacy practices of those third parties, and this Privacy Policy does not apply to them. We encourage you to review their privacy policies before providing them your information.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by appropriate means, such as posting the updated policy with a revised “Last Updated” date, sending an email, or providing notice through the Services. Changes take effect when posted unless we state otherwise. Your continued use of the Site or the Services after the changes take effect means you accept the updated Privacy Policy.

15. Contact Us

If you have questions, comments, or requests regarding this Privacy Policy or our handling of personal information, please contact us:

Bizrah Holding B.V. (on behalf of itself and its subsidiaries and affiliates, including Bizrah Technology Solutions L.L.C.)
Email: [email protected]