Privacy Policy

Effective Date: 2 March 2026

Approval.ink is operated by XIT FIRM FZE LLC, a company registered in the United Arab Emirates, with its registered address at:

Al Zahia Area - Entrance No. 2 - Ground Floor - Sheikh Mohammed Bin Zayed Rd - Sharjah - United Arab Emirates

Email: hello@approval.ink

This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use Approval.ink (the "Service").

We are committed to complying with applicable data protection laws, including:

  • EU General Data Protection Regulation (GDPR)
  • UK GDPR
  • California Consumer Privacy Act (CCPA/CPRA)
  • UAE Federal Personal Data Protection Law (PDPL)
  • KSA Personal Data Protection Law
  • Other applicable data protection regulations

1. Information We Collect

1.1 Account Information

  • Full name
  • Company name
  • Email address
  • Phone number (if provided)
  • Billing address
  • Login credentials

1.2 Customer Content

  • Uploaded design files
  • Comments and annotations
  • Approval records and timestamps
  • Metadata associated with proofs

Users are solely responsible for ensuring they have lawful authority to upload any content.

1.3 Payment Information

Payments are processed securely by Stripe, Inc.

We do not store full credit card numbers or CVV codes.

We may store:

  • Subscription plan information
  • Billing contact details
  • Transaction history

Stripe is PCI-DSS compliant and processes payment data according to its own privacy policy: https://stripe.com/privacy

1.4 Usage & Technical Data

  • IP address
  • Device identifiers
  • Browser type
  • Operating system
  • Log files
  • Referrer URLs
  • Session behavior

1.5 Analytics & Advertising Data

We use:

  • Google Analytics
  • Google Ads (if enabled)
  • Google AdSense (if enabled)

These services may collect:

  • Cookie identifiers
  • Advertising identifiers
  • IP address
  • Interaction data

Google Privacy Policy: https://policies.google.com/privacy

Users may opt out of personalized ads at: https://adssettings.google.com

We comply with Google's EU User Consent Policy where applicable.

2. Legal Bases for Processing (GDPR)

We process personal data under:

  • Performance of a contract
  • Legitimate interests (security, fraud prevention, service improvement)
  • Legal obligations
  • User consent (for marketing and non-essential cookies)

3. How We Use Personal Data

We use personal data to:

  • Provide and maintain the Service
  • Process payments
  • Operate proofing workflows
  • Respond to support inquiries
  • Improve performance and features
  • Prevent fraud and unauthorized access
  • Comply with legal obligations
  • Send service-related communications

We do not sell personal data.

4. Sharing of Personal Data

We may share personal data with:

  • Stripe (payment processing)
  • Cloud hosting providers
  • Analytics providers (Google)
  • Email infrastructure providers
  • Law enforcement where legally required

All third-party processors are contractually bound to protect data.

5. International Data Transfers

Personal data may be processed outside your jurisdiction.

We implement safeguards including:

  • Standard Contractual Clauses (SCCs)
  • Contractual confidentiality agreements
  • Secure hosting practices

6. Data Retention

We retain data:

  • For the duration of your active account
  • As required for legal, tax, or regulatory compliance

Upon account termination:

  • Customer content is deleted within 30 days unless legally required otherwise
  • Billing data retained per UAE tax laws

7. Security Measures

We implement:

  • SSL/TLS encryption
  • Secure hosting infrastructure
  • Access restrictions
  • Monitoring and logging
  • Industry-standard security practices

No method of transmission is completely secure.

8. Your Rights

Under GDPR / UK GDPR

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction
  • Right to data portability
  • Right to object
  • Right to withdraw consent

Under CCPA/CPRA

  • Right to know
  • Right to delete
  • Right to correct
  • Right to opt-out of sale (we do not sell data)
  • Right to non-discrimination

Under UAE & KSA PDPL

  • Right of access
  • Right of correction
  • Right of deletion
  • Right to withdraw consent

Requests may be sent to: hello@approval.ink

9. Cookies

We use:

  • Essential cookies (required for the Service to function)
  • Analytics cookies (Google Analytics)
  • Advertising cookies (if enabled)

Non-essential cookies (analytics, advertising) are only set with your prior consent. You may withdraw consent at any time via our cookie settings or your browser settings. A cookie consent banner is displayed on first visit.

10. Children

Approval.ink is not intended for individuals under 18 years old. We do not knowingly collect children's data.

11. Data Breach Notification

We will notify relevant authorities and affected users as required by applicable law.

12. Changes

We may update this Privacy Policy periodically. Continued use constitutes acceptance of changes.

13. Data Processing Agreements

Enterprise and EU-based customers may request a Data Processing Agreement (DPA) by contacting hello@approval.ink. Our current sub-processors include:

  • Stripe, Inc. — payment processing
  • Google LLC — analytics and advertising
  • AWS — infrastructure and storage
  • AWS SES and Brevo — transactional email
Back to Home