Logo
ProFlow
Home/Privacy Policy

ProFlow 360

Privacy Policy

How ProFlow 360 handles and protects your personal data.

Effective Date: [10th May, 2026]
Last Updated: [12th May, 2026]

This Privacy Policy explains how ProFlow 360 (“ProFlow,” “we,” “our,” or “us”) collects, uses, stores, shares, protects, and processes personal data when users access our website, SaaS platform, tenant dashboards, client portals, support services, payment-related features, and related digital services.

By using ProFlow 360, you agree to the practices described in this Privacy Policy. If you do not agree, you should not use the platform or submit personal information through our website or services.

1. About ProFlow 360

ProFlow 360 is a SaaS platform designed for PRO service companies, business service providers, and related organisations to manage client companies, employee records, documents, renewals, tasks, invoices, quotations, payments, support tickets, communications, and operational workflows.

Depending on your role, you may access ProFlow 360 as:

  • A platform visitor
  • A tenant organisation or subscriber
  • A tenant user, administrator, manager, employee, accountant, or document controller
  • A client portal user
  • A support contact
  • A billing or payment contact
  • A website contact form submitter

2. Scope of this Policy

This Privacy Policy applies to personal data processed through:

  • The ProFlow 360 public website
  • The Super Admin platform
  • Tenant dashboards
  • Client portals
  • Document management features
  • Employee and company profile modules
  • Renewal and reminder systems
  • Invoice, quotation, and payment modules
  • Email and notification systems
  • Support tickets and uploaded attachments
  • Contact forms and communication channels
  • Analytics and technical monitoring tools

This Policy does not apply to third-party websites, platforms, or services linked from ProFlow 360, unless expressly stated.

3. Our Role as Controller or Processor

Depending on the context, ProFlow 360 may act as either a data controller or a data processor.

When we collect information directly from visitors, subscribers, account owners, or users for platform administration, billing, support, security, analytics, or legal compliance, we may act as a data controller.

When tenant organisations use ProFlow 360 to manage their own clients, employees, documents, invoices, cases, renewals, and records, the tenant organisation is generally the data controller, and ProFlow 360 acts as a processor or service provider acting on the tenant’s instructions.

Tenant organisations are responsible for ensuring they have proper legal authority, consent, contractual basis, or other lawful basis to upload and process personal data through the platform.

4. Personal Data We Collect

We may collect and process the following categories of personal data:

4.1 Account and User Information

  • Full name
  • Email address
  • Phone number
  • Role or job title
  • Login credentials or authentication identifiers
  • Organisation or company name
  • Tenant workspace details
  • User permissions, roles, and access logs
  • Profile photo or avatar, if uploaded

4.2 Company and Business Information

  • Company name
  • Trade name
  • Licence details
  • Business address
  • Contact information
  • TRN or tax registration details
  • Business documents and supporting files
  • Client company records
  • Service history and workflow status

4.3 Employee and Client Portal Information

Depending on how tenants use the platform, the system may process:

  • Employee names
  • Contact details
  • Passport, visa, Emirates ID, labour card, or similar document references
  • Expiry dates
  • Document status
  • Uploaded documents and attachments
  • Renewal information
  • Client portal login details
  • Client communications and document submissions

4.4 Documents and Uploaded Files

Users may upload files including:

  • Company documents
  • Employee documents
  • Renewal documents
  • Identity or verification documents
  • Invoices, quotations, and receipts
  • Support ticket attachments
  • Public website media assets
  • Other operational records

Uploaded files may contain personal, confidential, financial, or business information. Users must not upload data unless they have the right to do so.

4.5 Billing, Subscription, and Payment Information

We may process:

  • Subscription plan information
  • Billing contact details
  • Invoice and quotation records
  • Payment status
  • Payment link information
  • Transaction references
  • Payment gateway response data

Where payments are processed through third-party payment providers, we do not store full card numbers unless expressly supported by a compliant payment provider. Payment providers process payment data according to their own terms and privacy policies.

4.6 Communications and Support Data

We may collect:

  • Contact form submissions
  • Support ticket messages
  • Email correspondence
  • Notification records
  • Feedback and service requests
  • Attachments submitted during support conversations

4.7 Technical and Usage Data

We may automatically collect:

  • IP address
  • Browser type
  • Device type
  • Operating system
  • Login time and session details
  • Pages visited
  • Feature usage
  • Error logs
  • Security logs
  • Cookies and similar identifiers
  • Referral source and analytics data

5. How We Collect Personal Data

We collect personal data when:

  • You visit our website
  • You create or access an account
  • A tenant organisation invites you to the platform
  • You use the tenant dashboard or client portal
  • You upload documents or files
  • You submit contact or support forms
  • You send or receive emails through the platform
  • You generate invoices, quotations, payments, or reports
  • You interact with notifications or support tickets
  • You communicate with us through email, phone, WhatsApp, or other channels
  • Our systems automatically record usage, security, or analytics data

6. Why We Use Personal Data

We process personal data for the following purposes:

  • To provide, operate, and maintain the ProFlow 360 platform
  • To create and manage user accounts
  • To manage tenant organisations and client portals
  • To process documents, renewals, reminders, tasks, invoices, quotations, and payments
  • To send platform notifications, reminders, and service emails
  • To provide customer support
  • To verify access rights and user permissions
  • To protect accounts, detect misuse, prevent fraud, and maintain security
  • To improve system performance, usability, and reliability
  • To maintain audit logs and operational records
  • To comply with legal, regulatory, accounting, tax, or contractual obligations
  • To enforce our terms, policies, and agreements
  • To respond to lawful requests from authorities, courts, regulators, or government bodies
  • To send service-related updates and important administrative notices

We do not sell personal data.

7. Legal Basis for Processing

Where applicable, we process personal data based on one or more lawful grounds, including:

  • Consent
  • Performance of a contract
  • Compliance with legal obligations
  • Legitimate business interests
  • Protection of legal rights
  • Security and fraud prevention
  • Instructions from tenant organisations acting as data controllers
  • Any other lawful basis recognised under applicable data protection laws

The UAE Personal Data Protection Law generally requires a lawful basis or valid exception for processing personal data and includes obligations around transparency, security, and individual rights.

8. Sensitive and Confidential Information

The platform may process sensitive, confidential, or regulated information if tenants upload such data, including identity documents, visa records, employee files, financial records, and business documents.

Users are responsible for ensuring that sensitive data is uploaded only when necessary and lawfully permitted.

We apply reasonable technical and organisational safeguards to protect such information, but no system can guarantee absolute security.

9. Cookies and Tracking Technologies

We may use cookies and similar technologies for:

  • Login sessions
  • Security
  • User preferences
  • Analytics
  • Performance monitoring
  • Fraud prevention
  • Website improvement

Where required, we may request consent before using non-essential cookies or tracking technologies.

Users can manage cookies through browser settings. Blocking cookies may affect certain platform features.

10. Google Analytics, Google Tag Manager, and Similar Tools

If enabled, ProFlow 360 may use analytics or tag management tools such as Google Analytics or Google Tag Manager to understand website performance, visitor behaviour, and marketing effectiveness.

These tools may collect technical and usage data, such as IP address, browser information, page views, device data, and referral sources.

Where required, such tools are used subject to applicable consent and privacy requirements.

11. How We Share Personal Data

We may share personal data with:

  • Tenant organisations and authorised tenant users
  • Client portal users, where access is authorised
  • Service providers who support hosting, storage, email, analytics, payment processing, development, monitoring, and security
  • Payment processors and banking providers
  • Cloud hosting and database providers
  • Email and communication providers
  • Legal, tax, accounting, audit, or compliance advisors
  • Regulators, courts, law enforcement, or government authorities where required by law
  • Successors or buyers in connection with a merger, acquisition, restructuring, or transfer of business assets

We require service providers to process data only for authorised purposes and apply reasonable confidentiality and security safeguards.

12. Tenant Access and Responsibility

Tenant organisations control the data they upload and manage in their workspaces.

Tenant administrators are responsible for:

  • Inviting authorised users only
  • Managing user roles and permissions
  • Removing access when no longer required
  • Ensuring client and employee data is uploaded lawfully
  • Responding to client or employee privacy requests where applicable
  • Ensuring documents are accurate, relevant, and necessary
  • Using the platform in compliance with applicable laws

ProFlow 360 is not responsible for unlawful uploads, incorrect records, or unauthorised sharing caused by tenant users, except where caused by our own proven failure to apply reasonable platform safeguards.

13. Data Storage and Hosting

Personal data may be stored in cloud infrastructure, databases, storage buckets, backup systems, email systems, and support tools used to operate ProFlow 360.

Data may be stored or processed inside or outside the UAE, depending on the hosting provider, technical architecture, and service provider locations.

Where cross-border transfer safeguards are required, we take reasonable steps to use appropriate contractual, technical, or organisational protections.

14. International Data Transfers

Because ProFlow 360 uses cloud-based technologies, personal data may be transferred to or accessed from countries outside the UAE.

Where required by applicable law, we rely on appropriate safeguards such as:

  • Contractual protections
  • Security controls
  • Access restrictions
  • Data processing agreements
  • Legitimate operational necessity
  • Consent or other lawful transfer mechanisms

15. Data Security

We use reasonable technical and organisational measures to protect personal data, including:

  • User authentication
  • Role-based access control
  • Tenant-level access separation
  • Database access controls
  • Storage access controls
  • Audit logs
  • Encrypted transport where supported
  • Secure hosting practices
  • Limited administrative access
  • Monitoring and error logging
  • Backup and recovery practices
  • Private or signed access for sensitive attachments where implemented

However, no internet-based system, cloud platform, or digital service is completely secure. Users are responsible for protecting their passwords, devices, email accounts, and access credentials.

16. Data Retention

We retain personal data for as long as necessary to:

  • Provide the platform and services
  • Maintain tenant records
  • Support document history and renewal tracking
  • Comply with legal, tax, accounting, and regulatory obligations
  • Resolve disputes
  • Enforce agreements
  • Maintain backups and audit logs
  • Support legitimate business operations

Tenant data may be retained until deleted by the tenant, removed according to contractual terms, or deleted under an agreed retention process.

Backups may retain data for a limited period even after deletion from active systems.

17. Document History and Retention

ProFlow 360 may preserve old, expired, renewed, archived, or previous versions of documents for business continuity, audit history, renewal tracking, compliance evidence, and operational accuracy.

Deleting or replacing a document may not immediately remove historical versions, logs, references, or backups unless deletion is expressly supported and legally permissible.

18. User Rights

Depending on applicable law and your relationship with ProFlow 360 or a tenant organisation, you may have rights to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Object to certain processing
  • Request transfer of data
  • Withdraw consent where processing is based on consent
  • Raise privacy concerns or complaints

The UAE PDPL includes individual rights such as access, correction, deletion, restriction, cessation of processing, and data transfer.

If your data is controlled by a tenant organisation, we may refer your request to that tenant or process it according to the tenant’s instructions.

19. How to Submit Privacy Requests

To submit a privacy request, contact us at:

Email: [Insert Privacy Email]
Support Email: [Insert Support Email]
Company Name: [Insert Company Name]
Address: [Insert Company Address]

We may need to verify your identity before processing your request.

We may refuse or limit requests where permitted by law, such as where compliance would affect legal obligations, fraud prevention, security, business records, or rights of others.

20. Children’s Privacy

ProFlow 360 is intended for business and professional use. It is not directed at children.

Users must not knowingly upload children’s personal data unless they have a lawful basis, proper authority, and all required consents.

21. Marketing Communications

We may send service-related communications, platform updates, security notices, billing notices, and administrative messages.

Marketing communications may be sent only where permitted by law or with appropriate consent. Users may opt out of marketing communications where applicable.

Opting out of marketing emails does not stop essential service, billing, security, or account-related communications.

22. Payment Processing

Payment transactions may be processed by third-party payment providers. Such providers may collect and process payment information according to their own terms and privacy policies.

ProFlow 360 may store payment status, invoice references, payment confirmation, subscription records, transaction identifiers, and related billing information, but we do not intentionally store complete payment card details unless handled through compliant third-party infrastructure.

23. Email, Notifications, and Automated Reminders

The platform may send automated reminders and notifications for:

  • Document expiry
  • Visa or licence renewal
  • Trial expiry
  • Subscription billing
  • Invoice and quotation activity
  • Payment links
  • Support ticket replies
  • Contact form messages
  • Account invitations
  • System and security updates

Users can manage certain notifications where such functionality is available. Some essential service notifications cannot be disabled.

24. Support Tickets and Attachments

When users create support tickets, we may process the ticket subject, message, account details, tenant information, attachments, technical logs, and related communications.

Support ticket attachments should not include unnecessary sensitive data. If sensitive data is required, users should ensure they have lawful authority to share it.

25. Public Website Content and Media

Super Admin users may upload public website media, blog images, logos, Open Graph images, testimonials, and other public assets.

Users must ensure they have rights to upload, use, publish, and display such content.

We are not responsible for copyright, trademark, privacy, or third-party rights violations caused by content uploaded by authorised platform users.

26. Data Accuracy

Users and tenant organisations are responsible for keeping information accurate and updated.

ProFlow 360 provides tools to manage records, but we do not independently verify the accuracy of all documents, employee records, company records, invoices, or renewal details uploaded by users.

27. Account Security

Users must:

  • Keep login credentials confidential
  • Use secure passwords
  • Avoid sharing accounts
  • Log out from shared devices
  • Notify administrators or support immediately if unauthorised access is suspected

We are not responsible for unauthorised access caused by weak passwords, shared credentials, compromised email accounts, user negligence, or device compromise.

28. Third-Party Services

ProFlow 360 may integrate with third-party services such as:

  • Cloud hosting providers
  • Database providers
  • Storage providers
  • Email delivery providers
  • Analytics tools
  • Payment gateways
  • Communication tools
  • Government or third-party service platforms where applicable

Third-party services are governed by their own privacy policies and terms. We are not responsible for their independent data practices.

29. Legal Disclosure

We may disclose personal data where we reasonably believe it is necessary to:

  • Comply with applicable law
  • Respond to lawful government, regulatory, or court requests
  • Enforce our terms or agreements
  • Protect rights, property, safety, and security
  • Investigate fraud, abuse, or unauthorised activity
  • Defend against legal claims

30. Limitation of Liability

To the maximum extent permitted by applicable law, ProFlow 360 is not liable for:

  • Data entered incorrectly by users
  • Unauthorised sharing by tenant administrators or users
  • Personal data uploaded without lawful authority
  • Losses caused by third-party providers
  • User credential compromise
  • Publicly shared links or files intentionally created by authorised users
  • Content uploaded by users that violates third-party rights
  • Delays, errors, or omissions caused by inaccurate user-provided information

Nothing in this Policy limits liability where such limitation is not permitted by law.

31. Business Transfers

If ProFlow 360 is involved in a merger, acquisition, restructuring, investment, sale of assets, or transfer of business, personal data may be transferred as part of that transaction, subject to appropriate confidentiality and legal safeguards.

32. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

When we update it, we may change the “Last Updated” date and, where appropriate, notify users through the platform, email, or website notice.

Continued use of ProFlow 360 after updates means you accept the revised Policy.

33. Contact Us

For privacy-related questions, requests, or complaints, contact:

Company Name: Manhatin Computer Software Consultancy
Platform: ProFlow 360
Email: info@mc1services.com
Support Email: mzubair@mc1services.com
Phone: +971508322799
Address: HQ, Al majaz 3, 359-1, Sharjah - UAE
Website: mc1services.com
 

This Privacy Policy should be read together with our Terms of Service, Data Processing Agreement, and any subscription, service, or tenant agreement applicable to your use of ProFlow 360.