Privacy Policy

baas.com is operated by Staq Technologies (DIFC) Ltd. ("we," "us," or "our"). We are committed to protecting the privacy of individuals who visit our platform and use our services. This Privacy Policy explains how we collect, use, store, and share your personal information when you access or use baas.com.

baas.com is a Banking-as-a-Service (BaaS) industry intelligence platform. We are not a bank, financial institution, or regulated financial services provider. We provide informational and directory services to professionals in the BaaS and embedded finance ecosystem.

By accessing or using baas.com, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our platform.

We collect different categories of information depending on how you interact with baas.com:

Account registration

• Work email address (required for registration)
• Password or authentication credentials

Connect profiles

When you create a profile through our Connect service, we collect:

• Company name
• Contact email address
• Your role or title within the organisation
• Partnership intent and requirements (as described in your Connect profile)

Newsletter and alert subscriptions

• Email address for receiving regulatory alerts, deal digests, and platform updates
• Subscription preferences (e.g. alert frequency, topic filters)

Automatically collected information

• IP address
• Browser type and version
• Device type and operating system
• Pages visited, time spent on pages, and navigation paths
• Referring URL
• Date and time of access

We use the information we collect for the following purposes:

• Providing our services: To operate the platform, process your registration, deliver registry access, send regulatory alerts, and facilitate Connect introductions
• Communications: To send you service-related notices, security alerts, and subscription content you have opted into (regulatory alerts, deal digests, platform updates)
• Connect: To match you with suitable counterparties based on your Connect profile. Your details are not shared with any counterparty until both parties have expressed mutual interest
• Platform improvement: To understand how users interact with baas.com, identify areas for improvement, and develop new features
• Security and fraud prevention: To detect, investigate, and prevent fraudulent or unauthorised access to the platform
• Legal compliance: To comply with applicable laws, regulations, and legal processes

We do not sell your personal information to third parties. We do not use your personal information for automated decision-making or profiling that produces legal effects concerning you.

AI systems used in content generation do not have access to your personal information, account data, or Connect profiles. AI is used solely for editorial content production based on publicly available information (regulatory filings, press releases, and industry publications).

Your personal data is not used to train, fine-tune, or improve any AI model. AI-assisted content generation is entirely separate from the collection and processing of user data described in this Privacy Policy.

baas.com uses cookies and similar technologies to provide and improve the platform experience. Cookies we use include:

• Essential cookies: Required for the platform to function, including session management and authentication. These cannot be disabled
• Analytics cookies: Used to understand how visitors interact with baas.com, including page views, navigation paths, and feature usage. We use this data in aggregate to improve the platform
• Preference cookies: Used to remember your settings, such as subscription preferences and alert configurations

You can manage cookie preferences through your browser settings. Disabling non-essential cookies may affect certain features of the platform. We do not use advertising or tracking cookies.

We share your personal information only in the following limited circumstances:

• Connect counterparties: If you create a Connect profile and both parties express mutual interest, we share your contact information (name, company, email, role) with the matched counterparty. This only occurs when interest is mutual
• Service providers: We use third-party service providers for hosting, email delivery, and analytics. These providers process data on our behalf and are contractually obligated to protect your information
• Legal requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request
• Business transfers: In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity

We do not share your personal information with advertisers. We do not sell, rent, or trade your personal information to any third party for their marketing purposes.

We retain your personal information for as long as necessary to provide our services and fulfil the purposes described in this Privacy Policy. Specific retention periods include:

• Account information: Retained for the duration of your account and for a reasonable period thereafter (up to 12 months) to facilitate account reactivation
• Connect profiles: Retained for 24 months from creation, unless you request earlier deletion
• Email subscription data: Retained until you unsubscribe, after which your email address is removed from active mailing lists within 30 days
• Analytics data: Aggregated and anonymised analytics data may be retained indefinitely. Identifiable analytics data is retained for no more than 24 months

When personal information is no longer required, we securely delete or anonymise it in accordance with our data management procedures.

Depending on your location, you may have the following rights regarding your personal information:

• Access: You may request a copy of the personal information we hold about you
• Rectification: You may request correction of inaccurate or incomplete personal information
• Erasure: You may request deletion of your personal information, subject to certain legal exceptions
• Restriction: You may request that we restrict the processing of your personal information in certain circumstances
• Data portability: You may request a copy of your personal information in a structured, commonly used, and machine-readable format
• Objection: You may object to the processing of your personal information for certain purposes, including direct marketing
• Withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time

To exercise any of these rights, please contact us at legal@baas.com. We will respond to your request within 30 days, or within the timeframe required by applicable law.

If you are located in the European Economic Area (EEA) or the United Kingdom, you also have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.

baas.com is a professional industry platform and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information as promptly as possible.

If you believe that a child under 18 has provided us with personal information, please contact us at legal@baas.com.

baas.com is operated internationally, and your personal information may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your jurisdiction.

Where we transfer personal information from the EEA or the United Kingdom to a country that has not been deemed to provide an adequate level of data protection, we implement appropriate safeguards, such as standard contractual clauses approved by the European Commission, to protect your information.

By using baas.com, you acknowledge and consent to the transfer of your personal information as described in this section.

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit, access controls, and regular security assessments.

However, no method of transmission over the internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. Changes will be published on this page with an updated "last updated" date.

Material changes will be communicated to registered account holders by email where reasonably practicable. Your continued use of baas.com following any changes constitutes your acceptance of the revised Privacy Policy.

We encourage you to review this page periodically to stay informed about how we protect your information.