Formenzoformenzo.The Honest Gateway to UAE Business ← Back to site

Privacy Policy

Last updated: 11 June 2026

1. Who we are

Formenzo (“we”, “us”) helps founders compare UAE free zones and set up their company. The data controller is Formenzo (FZE), licence/approval no. 20232, registered at Sharjah Research, Technology and Innovation Park (SRTI Park), Block C-C01-110, Sharjah, UAE. For any privacy question, contact us at [email protected], call +971 58 829 3781, or WhatsApp +971 58 829 3781. Our office: 258 Central Plaza, Dubai Investment Park, Dubai, UAE.

2. What we collect

3. Why we use it (legal basis)

4. Who we share it with

Only as needed to deliver the service: the relevant free-zone authority and government systems; our infrastructure processors: Supabase (database/storage/auth — see section 5), HighLevel (our CRM, hosted in the United States) for managing enquiries and sending the emails you request, Microsoft Azure for the AI chat (section 9), and Google Analytics for usage statistics (section 8). We do not sell your data or share it for third-party advertising. Processors act on our instructions under data-processing terms. If you choose to message us on WhatsApp, your messages are handled by WhatsApp (Meta) under its own privacy policy.

5. Where it’s stored & for how long

Data is stored on managed cloud infrastructure (Supabase — Tokyo region, Asia Pacific). We keep application and KYC records for as long as needed to provide the service and to meet legal/audit obligations, then delete or anonymise them. Server logs (IP address, browser type, page visited) are kept for a short period for security and troubleshooting, then rotated. You can ask us to delete data we are not legally required to keep.

6. Your rights

Under the UAE Personal Data Protection Law (Federal Decree-Law 45/2021) and, where applicable, the GDPR, you can: access your data; correct it; request deletion; object to or restrict processing; withdraw consent; and request portability. Email [email protected] and we will respond within the statutory period.

7. Security

Access to your data is restricted by row-level security and authentication; documents are held in a private storage bucket accessible only to you and our team. The entire site and client portal are served over HTTPS, so everything you send us is encrypted in transit, and documents are encrypted at rest by our storage provider.

8. Cookies & analytics

We use a secure session cookie for the client portal, and Google Analytics 4 (Google LLC) to understand how the site is used — it sets cookies (e.g. _ga) and sends usage data, including your IP address, to Google. We use it for aggregate statistics only, not advertising, and we do not use advertising or cross-site tracking cookies. You can block analytics in your browser or with Google’s opt-out add-on and the site keeps working. Fonts and scripts are served from our own server.

9. AI chat assistant

Our website chat is powered by an AI model hosted on Microsoft Azure (Azure OpenAI Service). When you use it, the messages you type are sent through our server to Microsoft’s Azure servers to generate a reply. Please don’t put passport numbers, card details or other sensitive information in the chat — use the secure portal or WhatsApp for documents. Microsoft may retain chat content briefly (up to 30 days) for abuse monitoring under the Azure OpenAI data policy; your chats are not used to train AI models. Chat answers are automated guidance, not professional advice — only our written quote is binding.

10. Changes

We may update this policy; the “last updated” date will change. Material changes will be highlighted on this page.