Storexio

Privacy Policy

Storexio Privacy Policy
Effective Date: 20/04/2026
Last Updated: 20/04/2026

This Privacy Policy explains how Storexio collects, uses, stores, transfers, discloses, and otherwise processes Personal Data in connection with its website, applications, software, hosted platform, merchant tools, storefront technology, and related services (collectively, the “Services”).

Storexio is an application operated by Mehdi Ghazlavi Electronic L.L.C., registered in the United Arab Emirates under registration / licence number 1592588 (“Company”, “Storexio”, “we”, “us”, or “our”). Unless otherwise stated, all rights, title, and interest in and to Storexio, including its software, branding, platform content, design, and related intellectual property, belong to Mehdi Ghazlavi Electronic L.L.C. or its licensors, as applicable.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Scope of this Privacy Policy

This Privacy Policy applies to Personal Data processed by Storexio in connection with:

  • visitors to our website;
  • merchants, businesses, and organizations that use Storexio;
  • merchant staff users and account administrators;
  • prospective customers, partners, and suppliers;
  • end customers who interact with stores powered by Storexio, to the extent Storexio processes their data on behalf of a merchant; and any person who contacts us, submits information to us, or otherwise interacts with the Services.

This Privacy Policy does not apply to third-party services, websites, payment gateways, delivery providers, social-media platforms, or external applications that are not owned or controlled by Storexio, even if they are linked to or integrated with the Services.

2. Applicable Legal Framework

Storexio intends to operate in accordance with applicable laws of the United Arab Emirates relating to privacy, consumer protection, electronic transactions, and digital commerce. UAE official guidance identifies the UAE federal personal-data framework as the principal national regime, while DIFC and ADGM maintain separate data-protection frameworks for entities and processing activities falling within those jurisdictions. ([U.AE][1])

If Storexio, a merchant, or any relevant processing activity is established in, carried out from, or otherwise subject to the rules of DIFC or ADGM, additional or different privacy obligations may apply. Official DIFC materials reference DIFC Law No. 5 of 2020, and ADGM states that registered entities processing personal information in ADGM are subject to the Data Protection Regulations 2021. ([DIFC][2])

3. Definitions

For the purposes of this Privacy Policy:

“Personal Data” means any information relating to an identified or identifiable natural person.

“Processing” means any operation performed on Personal Data, including collection, recording, storage, organization, adaptation, use, disclosure, transfer, restriction, erasure, or destruction.

“Controller” means the party that determines the purposes and means of Processing Personal Data.

“Processor” means the party that processes Personal Data on behalf of a Controller.

“Merchant” means a business, seller, brand, trader, or organization using Storexio to manage a store, catalogue, orders, customers, or related commerce activities.

“Customer” means an end user or buyer who interacts with a Merchant through Storexio-powered technology.

4. Our Role

Depending on the context, Storexio may act as either:

4.1 Controller

Storexio acts as Controller for Personal Data processed for its own business purposes, including:

  • account creation and authentication;
  • merchant onboarding;
  • subscription management;
  • support and communications;
  • analytics and service improvement;
  • fraud prevention and security monitoring; and legal and regulatory compliance.

4.2 Processor / Service Provider

Where a Merchant uses Storexio to collect or manage Customer information through a Storexio-powered store or workflow, Storexio generally processes that data on behalf of the Merchant and under the Merchant’s instructions. In those cases, the Merchant is primarily responsible for its own privacy notices, lawful collection, customer communications, and compliance obligations.

5. Personal Data We Collect

We may collect and process the following categories of Personal Data.

5.1 Information you provide directly

This may include:

  • full name;
  • business name;
  • trade name;
  • email address;
  • phone number;
  • address;
  • login details;
  • billing details;
  • subscription information;
  • support requests;
  • messages and correspondence;
  • other information you choose to provide.

5.2 Merchant account and business data

This may include:

  • store name and business profile information;
  • product catalogues, images, descriptions, prices, and stock data;
  • order records and transaction history;
  • delivery and fulfillment settings;
  • tax and invoice settings;
  • discount and promotion settings;
  • staff-user details and permissions;
  • merchant preferences and operational data.

5.3 Customer data submitted by Merchants

When Merchants use Storexio, we may process, on their behalf:

  • customer name;
  • mobile number;
  • email address;
  • delivery and billing address;
  • order details;
  • payment status data;
  • customer notes and support records;
  • return, refund, or service-related information.

5.4 Technical and usage data

We may automatically collect:

  • IP address;
  • browser type;
  • device information;
  • operating system;
  • session data;
  • page views;
  • timestamps;
  • app and platform usage logs;
  • referral URLs;
  • security and diagnostic information.

5.5 Communication and support data

If you contact us, we may keep records of:

  • emails;
  • messages;
  • call notes;
  • support tickets;
  • attachments;
  • screenshots;
  • issue-resolution history.

6. Sources of Personal Data

We may obtain Personal Data:

  • directly from you;
  • from Merchants using the Services;
  • from Customers interacting with Merchant storefronts;
  • from service providers and integrations;
  • from payment and billing providers;
  • from cookies and analytics tools;
  • from public sources where lawful;
  • from business partners or referral channels.

7. Purposes of Processing

We may process Personal Data for the following purposes:

  • to provide, host, operate, and maintain the Services;
  • to create and manage user accounts;
  • to enable Merchants to build and manage online stores;
  • to process subscriptions, invoices, and billing;
  • to provide support and respond to inquiries;
  • to improve service functionality, reliability, and user experience;
  • to monitor platform performance and diagnose technical issues;
  • to detect, prevent, and investigate fraud, abuse, misuse, and security incidents;
  • to send service notices, account updates, billing notices, and legal communications;
  • to comply with legal, regulatory, and contractual obligations;
  • where permitted, to send marketing and promotional communications.

8. Legal Grounds for Processing

To the extent required by applicable law, we process Personal Data on one or more of the following grounds:

  • performance of a contract or pre-contractual steps;
  • compliance with legal obligations;
  • our legitimate interests in operating, protecting, and improving the Services;
  • consent, where required or appropriate;
  • other lawful grounds recognized under applicable law.

Where consent is required and relied upon, you may withdraw it, subject to legal or contractual restrictions and subject to the lawfulness of processing carried out before withdrawal.

9. Cookies and Similar Technologies

Storexio may use cookies, local storage, tracking tools, and similar technologies to:

  • keep users logged in;
  • remember settings and preferences;
  • support functionality and security;
  • understand usage patterns;
  • improve performance;
  • measure communication and feature effectiveness.

You may control cookies through your browser or device settings. Disabling some cookies may affect the operation of certain features.

10. Marketing Communications

We may send service-related, operational, or promotional communications where permitted by applicable law. You may opt out of promotional communications by using the unsubscribe mechanism or contacting us directly.

UAE official consumer-protection guidance states that consumer data is protected and suppliers are prohibited from using it for marketing in that context. Merchants using Storexio are therefore responsible for ensuring that any marketing they conduct through the platform is lawful and properly authorized where required. ([U.AE][3])

11. Disclosure of Personal Data

We do not sell Personal Data as an independent commercial product.

We may disclose Personal Data to the following categories of recipients:

11.1 Service providers

Including cloud-hosting providers, analytics providers, communication tools, payment processors, support tools, security providers, and contractors who assist us in operating the Services.

11.2 Merchants

Where a Customer places an order, sends an inquiry, requests delivery, or otherwise interacts with a Merchant through Storexio, the relevant information is shared with that Merchant.

11.3 Affiliates and professional advisers

Where needed for internal administration, finance, legal advice, audit, compliance, governance, or restructuring.

11.4 Authorities and legal recipients

Where required by law, court order, lawful authority request, or where necessary to protect rights, investigate wrongdoing, prevent fraud, or respond to legal claims.

11.5 Business transactions

In connection with a merger, investment, acquisition, restructuring, financing, or sale of assets, subject to appropriate confidentiality and legal protections.

12. International Transfers

Your Personal Data may be processed in the UAE and in other jurisdictions where we or our service providers maintain operations or technical infrastructure.

Where transfers occur across borders, we will seek to apply reasonable safeguards required by applicable law. DIFC official materials specifically address international data sharing and export controls, and ADGM officially maintains a framework for adequate jurisdictions under its 2021 regulations. ([DIFC][2])

13. Data Retention

We retain Personal Data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to:

  • provide the Services;
  • maintain account and transaction records;
  • comply with legal, tax, audit, and regulatory obligations;
  • resolve disputes;
  • enforce agreements;
  • detect fraud and preserve security evidence;
  • establish, exercise, or defend legal claims.

After the relevant retention period, we may delete, anonymize, aggregate, or securely isolate the data, unless continued retention is required or permitted by law.

14. Data Security

We implement technical, organizational, and administrative measures designed to protect Personal Data against unauthorized access, disclosure, misuse, alteration, loss, or destruction.

Such measures may include:

  • encrypted connections;
  • access-control measures;
  • role-based permissions;
  • logging and monitoring;
  • security reviews;
  • system patching;
  • backup procedures;
  • incident-response processes.

UAE official guidance on electronic transactions and trust services recognizes the legal framework around secure digital processes, electronic records, and trust services in the UAE. ([U.AE][4])

No system can be guaranteed to be completely secure, and we do not warrant absolute security.

15. Data Breach Handling

If we become aware of a Personal Data breach affecting data under our control, we will assess the incident and take steps we consider appropriate under the circumstances, including containment, investigation, remediation, and notifications where legally required.

Official DIFC and ADGM materials include guidance relating to breach-notification and regulatory obligations under their respective data-protection regimes. ([ADGM][5])

Where we process data on behalf of a Merchant, we may notify the Merchant in accordance with applicable agreements and legal requirements.

16. Your Rights

Subject to applicable law, you may have rights to:

  • request access to Personal Data;
  • request correction of inaccurate information;
  • request deletion in certain circumstances;
  • object to or restrict certain Processing;
  • withdraw consent where consent is the basis for Processing;
  • complain to a competent authority where available.

ADGM officially states that individuals should be given access to personal information held about them on request, and both DIFC and ADGM publish rights-focused guidance for individuals under their respective privacy regimes. ([ADGM][6])

If Storexio processes your data on behalf of a Merchant, you should normally direct your request first to that Merchant.

17. Merchant Responsibilities

If you are a Merchant using Storexio, you are responsible for:

  • providing an appropriate privacy notice to your customers;
  • obtaining any consents required by law;
  • ensuring that your collection and use of customer data is lawful;
  • ensuring that your marketing practices comply with applicable law;
  • responding to customer privacy requests where required;
  • ensuring that data entered into the platform is accurate, relevant, and lawfully obtained.

Storexio provides the technology platform, but Merchants remain responsible for their independent legal obligations unless otherwise agreed in writing.

18. Third-Party Services

The Services may integrate with or link to third-party services such as payment gateways, delivery companies, messaging tools, social platforms, ERP tools, and analytics services.

We are not responsible for the independent privacy or security practices of third parties. You should review their own policies and terms separately.

19. Children’s Privacy

The Services are intended for business and commercial use and are not directed to children. We do not knowingly collect children’s Personal Data in a manner requiring special authorization under applicable law.

If you believe that data relating to a child has been submitted improperly, please contact us so we can review the matter and take appropriate action.

20. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, regulation, technology, business practices, or the Services.

When we do, we will update the “Last Updated” date above. Where appropriate, we may provide additional notice by email, in-platform notification, or other suitable means.

21. Contact Details

For questions, requests, complaints, or notices relating to this Privacy Policy or the processing of Personal Data, please contact:

Mehdi Ghazlavi Electronic L.L.C.
Trading as: Storexio
Registration / Licence No.: 1592588
Email: [email protected]
Phone: +971 56 472 1229
Website: storexio.ae
Address: Dubai, Health Care City, City Bank Building

22. Language

This Privacy Policy may be made available in more than one language. In the event of inconsistency, the version designated by the Company as controlling shall prevail, subject to applicable law.