Privacy Policy

Inflection Club FZ-LLC — RAKEZ

Version 1.1 — March 2026

1. Purpose and Scope

This Privacy Policy explains how Inflection Club FZ-LLC ("Inflection Club," "we," "us," or "our") collects, uses, stores, and protects personal data of its members ("Members") and visitors in connection with membership services, the Member Portal, and the public website (together, the "Platform").

The Club is committed to complying with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), and where applicable, other international data-protection standards.

This Policy also applies to applicants whose membership applications are not accepted. Personal data submitted as part of an unsuccessful application is retained for the minimum period required by applicable AML/KYC law and then securely deleted.

2. Definitions

  • Personal Data means any information relating to an identified or identifiable natural person.
  • Processing means any operation performed on Personal Data such as collection, recording, storage, use, or disclosure.
  • Data Subject means any individual whose Personal Data is processed by the Club.
  • Controller means the Inflection Club entity that determines purposes and means of processing.
  • Processor means any third party that processes Personal Data on behalf of the Controller.

3. Legal Basis for Processing

The Club processes Personal Data only where one or more of the following legal bases apply:

  1. Contract performance: identification, contact, membership, payment, and accredited investor verification data are processed to perform the Membership Agreement. This is the primary legal basis for mandatory membership data.
  2. Legal obligation: AML/KYC records, regulatory filings, and tax-related data are processed to comply with UAE Federal Decree-Law No. 20 of 2018 on AML and other applicable obligations. Members cannot withdraw consent to this processing.
  3. Legitimate interests: fraud prevention, platform security, and defence of legal claims, where not overridden by the rights of the Data Subject.
  4. Consent: analytics cookies and non-essential marketing communications only. Consent may be withdrawn at any time without affecting membership status.

4. Personal Data Collected

Depending on the service used, the Club may collect the following categories of Personal Data:

  • Identification data (name, nationality, date of birth, passport or ID number);
  • Contact data (address, email, telephone number);
  • Membership and payment details (including proof of funds for AML/KYC purposes);
  • Professional information (occupation, employer, investment experience);
  • Platform usage data (login details, IP address, device type, cookies);
  • Communications and correspondence exchanged with the Club;
  • Accredited investor verification data (income statements, net worth documentation, professional certifications, and third-party verification records provided in connection with Rule 501(a) status verification and SPV participation).

5. Purpose of Processing

Personal Data is processed solely for specific and legitimate purposes, including to:

  1. Administer membership applications and verifications;
  2. Provide access to the Member Portal and associated services;
  3. Ensure legal and regulatory compliance (AML/KYC reporting);
  4. Communicate information about membership events, updates, and services;
  5. Enhance member experience and security of the Platform; and
  6. Establish, exercise, or defend legal claims.

The Club does not sell, lease, or commercially exploit Personal Data.

6. Cookies and Analytic Tools

The Platform uses two categories of cookies: (a) Strictly necessary cookies, which are essential for Platform operation and security and cannot be disabled; and (b) Analytics cookies, which measure usage patterns to improve the Member experience and are deployed only with the Member's active consent via the cookie consent banner displayed on first access.

Consent to analytics cookies may be withdrawn at any time via the cookie settings link in the Platform footer. Withdrawing consent does not affect membership status or access to core services.

7. Data Retention

Personal Data is retained only for as long as necessary to fulfil the purpose for which it was collected, and subsequently archived or anonymised in accordance with PDPL. The following tiered retention schedule applies:

  • Identification and membership data: 5 years after membership ends.
  • AML/KYC records and accredited investor verification data: minimum 5 years as required by UAE Federal Decree-Law No. 20 of 2018.
  • SPV investment and transaction data: 7 years after the relevant SPV closes.
  • Platform technical and usage data (IP logs, cookies): up to 2 years.
  • Marketing consent records: until consent is withdrawn, plus 1 year.

8. Data Security

The Club uses appropriate technical and organizational measures to protect Personal Data against unauthorized access, use, disclosure, alteration, or destruction. This includes encryption, access controls, and secure hosting within the UAE or approved jurisdictions.

9. Disclosure to Third Parties

Personal Data may be shared only with:

  • Authorized employees and service providers who require data to perform Club operations;
  • Affiliated SPV Managers in connection with specific investment opportunities (under written data processing agreements compliant with PDPL Article 13); and
  • Government authorities or regulators where required by law.

All third parties are required to implement data-protection standards equivalent to PDPL.

10. Members' Rights under PDPL

Each Data Subject has the right to:

  1. Access their Personal Data and request a copy;
  2. Request correction or deletion of inaccurate data;
  3. Withdraw consent to processing at any time (subject to contractual requirements);
  4. Object to processing for direct marketing purposes;
  5. File a complaint with the UAE Data Office if unsatisfied with Club responses; and
  6. Request a portable copy of their Personal Data in a structured, commonly used, and machine-readable format where technically feasible.

Requests should be sent to [email protected] and will be addressed within 30 calendar days.

11. Children's Data

Membership and Platform access are restricted to individuals over eighteen (18) years of age. The Club does not knowingly collect Personal Data from minors.

12. Cross-Border Data Transfers

Where Personal Data is transferred outside the UAE (e.g., to data-hosting or verification vendors), the Club ensures that the recipient state has adequate protection standards or that approved contractual safeguards are in place in accordance with Articles 22–24 of the PDPL.

13. Breach Notification

In the event of a Personal Data breach likely to affect Data Subjects' rights, the Club shall notify the UAE Data Office and affected persons without undue delay, as required by law.

14. Data Controller and Contact

Controller: Inflection Club FZ-LLC

Address: Registered Office, RAKEZ, United Arab Emirates

Email: [email protected]

The Club has designated a privacy contact responsible for data protection compliance and for handling Data Subject requests under this Policy and applicable law.

15. Governing Law and Dispute Resolution

This Policy is governed by the laws of the Dubai International Financial Centre (DIFC).

Any dispute relating to data processing or privacy obligations shall be resolved by binding arbitration under DIAC Rules, seat Dubai, language English.

The arbitral award is final and binding on the parties.

16. Updates to this Policy

The Club may amend this Policy from time to time to reflect legal or operational changes. Members will be notified of material changes by email or Platform notice at least 30 days before the effective date. Continued use after such notice constitutes acceptance of the updated Policy.

17. Effective Date and Version Control

Version 1.1 — March 2026. Supersedes all previous Privacy Policies.

© Inflection Club FZ-LLC — All Rights Reserved