Waafir

Privacy Policy

Last updated: November 2025

Waafir Privacy Policy

At Waafir, we respect your privacy and the confidentiality of your data. This Privacy Policy explains how we collect, use, and protect your personal data when you use our platform.

Last updated: November 2025

By creating an account or using Waafir, you agree to this Policy.

1. Who We Are

Waafir is operated by Nairang ExoCap - FZCO, registered in the United Arab Emirates.

If you have any privacy questions, you can reach us at: Nairang ExoCap – FZCO, IFZA Business Park, Dubai Silicon Oasis, United Arab Emirates Email: support@waafir.io

2. The Data We Collect

When you use Waafir, we may collect:

  • Account and Contact Data: Name, email, company name, role, password, and billing information.
  • User Content: All documents, pitch decks, financial statements, investor profiles, messages, and other information you upload to the VDR.
  • Usage Data: Logins, activity on the platform (e.g., which files are opened, time spent), and analytics.
  • Technical Data: Browser type, device, IP address, and cookies.

3. How We Use Your Data

We use your data to:

  • Provide and Improve Services: Deliver the VDR functionality, enable secure sharing, and enhance platform performance.
  • Security and Compliance: Keep the platform safe (fraud prevention, access control, audits) and meet our legal and regulatory obligations.
  • Communication: Communicate with you regarding updates, support, and billing.

We do not sell your personal data to third parties.

4. Sharing Your Data

We may share your data with:

  • Other Waafir Users: Only as you allow through the platform (e.g., when you grant investors access to your data room).
  • Trusted Service Providers: Hosting, analytics, and security tools who work under strict confidentiality agreements.
  • Legal Authorities: Regulators or authorities, if required by law.

If your data is transferred outside the UAE, we ensure it is protected with appropriate safeguards.

5. Security and Access Control

We use technical and organizational measures to protect your data, including encryption, access controls, and regular monitoring.

Our Access Control Policy ensures that:

  • Access is granted on the principle of least privilege and role-based access.
  • All access is logged and reviewed regularly.
  • Waafir employees may only access client data if required for support or security reasons, and such access is logged and approved.

6. Data Retention and Deletion

Our Data Retention Policy is as follows:

  • Account Data: While the account is active.
  • User Content (Deal Documents): Retained until removed by the owner or account closure.
  • Activity Logs: 12 months, unless required longer by law.
  • Backups: 30 days before secure deletion.

Upon account closure, we delete or anonymize your data within 30 days, unless retention is required for legal, compliance, or security reasons.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Withdraw consent for certain uses.
  • Object to processing or request limits on use.

To exercise these rights, contact us at support@waafir.io.

8. Cookie Policy

We use cookies and similar tools for essential functionality, performance, and analytics. You can manage your cookie preferences through your browser settings, but disabling essential cookies may affect platform functionality.

9. Updates to this Policy

We may update this Privacy Policy from time to time. If we make major changes, we'll notify you through the platform or by email.

Data Processing Agreement (DPA)

For customers subject to specific data protection regulations (such as GDPR or CCPA) who require a formal Data Processing Agreement, we offer a separate DPA that supplements these Terms and this Privacy Policy. Please contact us at support@waafir.io to request a copy and execute the DPA.