Fadl Corp
Fadl
Shariah-Compliant Real Estate Tokenization Platform
Privacy policy
Effective Date: 13 March 2026 | Last Updated: 13 March 2026 | Version 1.0
Introduction
Fadl Corp (hereinafter referred to as "the Company," "we," "us," or "our") is a Shariah-compliant real estate tokenization platform incorporated under the laws of Delaware, United States, with its registered office at 300 Creek View Road, Suite 209, Newark, County of New Castle, Delaware, 19711 (File Number: 10409653). The Platform facilitates fractional investment in real estate assets through blockchain-based digital tokens issued and managed in accordance with Islamic finance principles.
This Privacy Policy ("Policy") describes how the Company collects, processes, stores, shares, and protects personal data and other information relating to individuals who access or use our Platform at www.fadl.ai, mobile applications, and related services (collectively, the "Services"). It applies to all users, registered investors, prospective clients, business partners, and any other natural persons whose data we process in connection with the operation of our Services.
We are committed to maintaining the highest standards of data privacy, transparency, and ethical conduct in all aspects of our operations. Our approach to data handling reflects not only applicable legal requirements but also the Islamic ethical principles of trust (Amanah), transparency (Wuduh), and non-harm (La Darar wa La Dirar), which are foundational to our business philosophy.
By accessing or using our Services, you acknowledge that you have read, understood, and agree to the collection and use of your information as described in this Policy. If you do not agree with the terms of this Policy, you must discontinue use of the Platform immediately.
This Policy should be read in conjunction with our Terms and Conditions, Token Subscription Agreement, and any other agreements you have entered into with the Company in connection with your use of the Services.
Text automatically formatted with Format Magic - https://formatmagic.ai
Definitions
For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below:
"Data Controller": means Fadl Corp, which determines the purposes and means of processing personal data collected through the Platform.
"Data Processor": means any third party that processes personal data on behalf of the Data Controller pursuant to a written agreement.
"Data Subject": means any identified or identifiable natural person whose personal data is processed by the Company.
"Personal Data": means any information relating to an identified or identifiable natural person, including but not limited to name, identification number, location data, online identifiers, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
"Processing": means any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, storage, adaptation, retrieval, use, disclosure, dissemination, restriction, erasure, or destruction.
"Blockchain": means a distributed, decentralized, and immutable digital ledger on which transaction records and token ownership data are recorded.
"Digital Token" or "Property Token": means a blockchain-based digital asset representing a fractional ownership interest in an underlying real estate asset managed by Fadl Corp.
"KYC": means Know Your Customer, referring to the mandatory identity verification procedures conducted prior to onboarding investors to the Platform.
"AML": means Anti-Money Laundering, referring to regulatory requirements and procedures designed to detect and prevent financial crimes.
"Shariah Supervisory Board": means the body of qualified Islamic scholars appointed to supervise and certify the Shariah compliance of the Company's products, operations, and data practices. Note: The Shariah Supervisory Board appointment is currently under review.
"GDPR": means the General Data Protection Regulation (EU) 2016/679, as amended or supplemented from time to time.
"Platform": means Fadl Corp's website at www.fadl.ai, web application, mobile application, and all associated digital interfaces through which users access the Services.
"Sensitive Personal Data": means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, or data concerning sexual orientation.
Information We Collect
We collect information necessary for the lawful, ethical, and efficient operation of our Platform. We collect only such information as is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
We collect information necessary for the lawful, ethical, and efficient operation of our Platform. We collect only such information as is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
3.1 Personal Information
When you register for an account, complete the KYC/AML verification process, or engage with our Services, we may collect the following categories of personal information:
Full legal name, preferred name, and any aliases used for identity verification purposes;
Date of birth and nationality;
National identification number, passport number, or other government-issued identification details;
Residential and mailing addresses, including historical addresses where required by applicable regulations;
Email address, telephone number, and other contact details;
Biometric data collected for identity verification, including facial recognition data where processed through third-party verification providers (subject to applicable law and explicit consent);
Professional background, employment status, and source of funds or wealth declarations;
Politically Exposed Person (PEP) status and sanctions screening results;
Investor accreditation status, investment experience, and risk tolerance declarations.
3.2 Financial Information
To facilitate investment transactions and comply with financial regulatory obligations, we collect the following financial information:
Bank account details, including International Bank Account Number (IBAN), Sort Code, Routing Number, and account holder name;
Credit or debit card details (processed exclusively through PCI-DSS compliant third-party payment processors; the Company does not store raw card data);
Transaction histories, investment amounts, and portfolio composition;
Tax identification numbers and tax residency declarations, including declarations required under the Common Reporting Standard (CRS) or Foreign Account Tax Compliance Act (FATCA);
Dividend and profit-sharing distribution records;
Source of funds and wealth documentation as required under AML regulations;
Zakat calculations and charitable distribution preferences, where voluntarily provided.
3.3 Blockchain and Wallet Data
As a blockchain-based platform, we necessarily process data associated with distributed ledger technology. This includes:
• Public blockchain wallet addresses used to receive, hold, or transfer Digital Tokens;
• Transaction hashes, block numbers, and timestamps recorded on the blockchain in connection with token issuance, transfer, or redemption;
• Smart contract interaction data, including function calls and parameters relevant to your token holdings;
• On-chain token balances and historical ownership records;
• Digital signatures used to authenticate blockchain transactions;
• Custodial wallet data where we provide or arrange custodial services for your Digital Tokens.
Text automatically formatted with Format Magic - https://formatmagic.ai
Users are advised that blockchain transactions are recorded on a public, immutable ledger. While the Company does not publish the association between your personal identity and your public wallet address, we cannot guarantee that such nassociation cannot be inferred by third parties through blockchain analysis. Please refer to Section 7 of this Policy for further information.
3.4 Technical and Device Data
When you access the Platform, we automatically collect certain technical and device-related information, including:
Internet Protocol (IP) address and approximate geographic location derived therefrom;
Browser type, version, and language settings;
Operating system and device type, model, and manufacturer;
Unique device identifiers and mobile advertising identifiers;
Session data, including pages visited, features accessed, time spent, and referring URLs;
Log files generated by our servers recording access requests, error events, and system activity;
Cookie identifiers and similar tracking technology data, as described in Section 13 of this Policy.
How We Use Your Information
We process personal data for specified, explicit, and legitimate purposes. The primary purposes for which we use your
information are as follows:
Account Creation and Management: To establish, verify, and maintain your investor account on Fadl, including
identity verification and the assignment of your unique investor profile.
KYC/AML Compliance: To conduct legally required identity verification, sanctions screening, PEP checks, and
ongoing monitoring of your account activity to detect and prevent financial crime, money laundering, terrorist
financing, and fraud.
Investment Services: To process investment orders, facilitate token issuance and transfers, distribute
profit-sharing payments, and manage your investment portfolio on the Platform.
Contractual Performance: To fulfill the obligations of any agreements entered into with you, including Token
Subscription Agreements and other contractual documentation.
Regulatory Compliance: To comply with applicable laws and regulations, including financial services regulations,
tax reporting obligations, and requirements imposed by regulatory authorities in Delaware, United States and other
applicable jurisdictions.
Shariah Compliance Oversight: To enable our Shariah Supervisory Board to review and certify the ethical and
Shariah-compliant conduct of investment transactions and data handling practices.
Customer Support: To respond to your inquiries, resolve complaints, and provide technical assistance in
connection with your use of the Platform.
Security and Fraud Prevention: To detect, investigate, and prevent unauthorized access, fraud, abuse, and other
illegal or harmful activities affecting the Platform or our users.
Platform Improvement: To analyse usage patterns, conduct internal research, and improve the functionality,
performance, and user experience of our Services.
Marketing and Communications: To send you relevant information about our products, services, and investment
opportunities, where you have provided your consent or where we have a legitimate interest in doing so, subject
always to your right to opt out at any time.
Legal Claims: To establish, exercise, or defend legal rights and claims in the event of disputes, litigation, or
regulatory proceedings.
Legal Basis for Processing
We process your personal data only where a valid legal basis exists for such processing. The legal bases we rely upon, consistent with applicable data protection legislation including the GDPR and equivalent frameworks, are as
follows:
Contractual Necessity: Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract. This applies to account creation, investment processing, and portfolio management.
Legal Obligation: Processing is necessary for compliance with a legal obligation to which Fadl Corp is subject, including KYC/AML obligations, tax reporting duties, and regulatory requirements imposed by competent financial authorities.
Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Legitimate interests relied upon include fraud prevention, network and information security, and the improvement of our Services.
Consent: Where processing is not otherwise permitted under another legal basis, we will seek your freely given, specific, informed, and unambiguous consent. You have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.
Vital Interests: In exceptional circumstances, processing may be necessary to protect the vital interests of you or another natural person.
Where we process Sensitive Personal Data, we rely on explicit consent, substantial public interest (where applicable
under national law), or another additional condition as required by applicable legislation.
KYC / AML Compliance
As a regulated financial services platform, Fadl Corp is subject to mandatory Know Your Customer (KYC) and
Anti-Money Laundering (AML) obligations under applicable regulatory frameworks, including the Financial Action Task
Force (FATF) Recommendations and applicable U.S. federal and state laws. Compliance with these obligations is a prerequisite to accessing investment services on the Platform.
6.1 KYC Verification Process
Prior to activating your investor account, we are required to verify your identity using reliable, independent source documents, data, or information. The KYC process may include:
Government-issued photo identification (passport, national identity card, or driving licence);
Proof of residential address (utility bill, bank statement, or official government correspondence dated within three
months);
Biometric liveness checks and facial recognition matching, conducted through accredited third-party identity
verification providers;
Source of funds and source of wealth documentation (bank statements, employment records, business
ownership documentation, or inheritance documentation, as applicable);
Enhanced Due Diligence (EDD) documentation for high-risk investors, PEPs, or investors from high-risk
jurisdictions as classified by FATF or applicable regulatory guidance.
6.2 Ongoing Monitoring and Periodic Review
KYC compliance is not a one-time event. We conduct ongoing monitoring of transactions and investor activity
throughout the business relationship, including:
Continuous transaction monitoring to detect unusual or suspicious activity;
Periodic review of investor profiles, particularly upon material changes in transaction patterns, risk classification, or applicable regulatory requirements;
Sanctions list screening against applicable lists, including UN, OFAC, EU, and other relevant designations,
conducted at onboarding and on an ongoing basis.
6.3 Suspicious Activity Reporting
Where required by applicable law, Fadl Corp is legally obligated to report suspicious transactions or activities tO relevant financial intelligence units or regulatory authorities without notifying the affected data subject (a process known as "tipping-off prohibition"). This obligation may override your data protection rights in specific circumstances as permitted by law.
6.4 Third-Party KYC Providers
We engage third-party KYC/AML service providers who process your identity data on our behalf pursuant to data processing agreements. Such providers are required to maintain equivalent data protection standards and are prohibited from using your data for any purpose other than providing KYC/AML services to Fadl Corp.
Blockchain and Tokenization Data Considerations
7.1 Immutability of Blockchain Records
Transactions recorded on a public blockchain are, by their technical nature, permanent and cannot be altered or deleted once confirmed. As a result, certain transaction data, including public wallet addresses, transaction amounts, timestamps, and smart contract interactions, cannot be deleted or rectified upon request.
The Company acknowledges the tension between blockchain immutability and data subject rights such as erasure (the "right to be forgotten"). We mitigate this tension by recording only wallet addresses (as pseudonymous identifiers) on-chain, while personal identity data and the linkage between identity and wallet address are maintained off-chain in our secure, controlled data environment, where full data subject rights apply.
7.2 Pseudonymisation and Privacy Architecture
The Platform is designed to minimise the exposure of personal data on the public blockchain. We employ the following privacy-preserving measures:
Only public wallet addresses (pseudonymous identifiers) are recorded on-chain; no name, identification number, or other directly identifying personal data is broadcast to the blockchain;
The association between personal identity and wallet address is maintained exclusively in our off-chain database, subject to the full protections of this Policy;
Smart contracts are designed to process only the minimum data necessary to execute tokenization functions;
Where technically feasible, zero-knowledge proof technologies or other privacy-enhancing cryptographic methods may be employed to further reduce on-chain data exposure.
7.3 Token Ownership Registers
Notwithstanding blockchain records, Fadl Corp maintains an authoritative Token Ownership Register in compliance with applicable securities and property laws of Delaware, United States. This Register constitutes the definitive record of investor rights and is maintained in our controlled, secure off-chain database. The Register is subject to all applicable data protection obligations and may be audited by regulatory authorities upon lawful request.
7.4 Smart Contract Transparency
Smart contracts deployed by Fadl Corp on the blockchain are publicly visible and auditable. While this transparency supports Shariah compliance principles of disclosure, it means that the logic governing token issuance, distribution, and transfer is accessible to any party with access to the blockchain. Users are encouraged to review published smart contract audit reports available on the Platform.
Data Sharing and Third Parties
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We share your personal data only in the circumstances described below, and only to the extent necessary for the specified purpose.
8.1 Service Providers and Data ProcessorsWe engage carefully selected third-party service providers who process personal data on our behalf as data processors, subject to binding data processing agreements. These providers include:
Identity verification and KYC/AML providers: for identity verification, document authentication, biometric matching, and sanctions screening;
Payment processors and banking partners: for processing investments, distributions, and financial transactions;
Cloud infrastructure and hosting providers: for the secure storage and processing of Platform data;
Cybersecurity and fraud prevention providers: for real-time threat detection, fraud analysis, and platform security
monitoring;
Legal, accounting, and auditing firms: for corporate governance, financial reporting, and legal compliance;
Customer support and communication platforms: for managing user inquiries and service communications.
8.2 Regulatory and Law Enforcement Authorities
We may be required by law to disclose your personal data to competent regulatory authorities, financial intelligence
units, law enforcement agencies, or courts. Such disclosures may include:
Mandatory reporting of suspicious transactions to financial intelligence units pursuant to AML legislation;
Disclosure to regulatory authorities in response to formal information requests, investigations, or supervisory reviews;
Compliance with court orders, subpoenas, or other legally binding judicial process.
Where legally permissible, we will notify you of such disclosure requests. However, applicable law, including AML tipping-off prohibitions, may restrict our ability to do so.
8.3 Shariah Supervisory Board
Aggregated, anonymised, or pseudonymised transaction data may be shared with our Shariah Supervisory Board (currently under review) for the purpose of reviewing and certifying the ongoing Shariah compliance of our investment structures and operational practices. The Shariah Supervisory Board does not receive individually identifiable personal data except where strictly necessary and subject to appropriate confidentiality obligations.
8.4 Corporate Transactions
In the event of a merger, acquisition, reorganisation, insolvency, or sale of all or a substantial portion of Fadl Corp's assets, your personal data may be transferred to the acquiring entity as part of such transaction. You will be notified of any such transfer and the acquiring entity will be required to honour the commitments made in this Policy.
8.5 Consent-Based Disclosure
With your explicit consent, we may share your information with third parties not otherwise described in this Policy. You may withdraw such consent at any time by contacting us at info@fadl.ai.
International Data Transfers
Given the global nature of our Platform and its technology infrastructure, your personal data may be transferred to, stored in, or processed in countries other than your country of residence. These countries may have data protection laws that differ from those applicable in your jurisdiction.|
Where we transfer personal data outside the European Economic Area (EEA) or from jurisdictions with equivalent transfer restrictions, we ensure that such transfers are subject to appropriate safeguards, including:
Adequacy Decisions: Transfers to countries or territories recognised by the European Commission or relevant supervisory authority as providing an adequate level of data protection;
Standard Contractual Clauses (SCCs): Execution of the European Commission's approved Standard Contractual Clauses or equivalent mechanisms recognised under applicable law;
Binding Corporate Rules: Where applicable, adherence to approved Binding Corporate Rules governing
ntra-group international data transfers;
Other Approved Transfer Mechanisms: Any other transfer mechanism approved by the competent data protection supervisory authority.
You may request further information about the specific safeguards applicable to international transfers of your personal data by contacting us at info@fadl.ai.
Data Security Measures
The security of your personal data is of paramount importance to us. We implement appropriate technical and
organisational measures designed to protect your data against unauthorised access, accidental loss, destruction, or alteration, consistent with industry best practices and applicable regulatory requirements.
10.1 Technical Security Measures
Encryption: All personal data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2 or higher protocols;
Access Controls: Role-based access controls restrict access to personal data to authorised personnel with a legitimate need to process such data in the course of their duties;
Multi-Factor Authentication (MFA): MFA is enforced for all administrative access to systems containing personal data and is available to all Platform users;
Network Security: Firewalls, intrusion detection systems, and regular penetration testing are employed to protect our infrastructure;
Smart Contract Audits: All smart contracts deployed on the blockchain are independently audited by reputable cybersecurity firms prior to deployment, and audit reports are published on the Platform;
Data Minimisation: Our systems are designed to collect and retain only the minimum personal data necessary for the stated purposes.
10.2 Organisational Security Measures
Data Protection Officer: Fadl Corp has appointed a Data Protection Officer (DPO) responsible for overseeing compliance with this Policy and applicable data protection laws. The DPO may be contacted at info@fadl.ai;
Staff Training: All personnel who handle personal data receive regular training on data protection obligations, security practices, and incident response procedures;
Vendor Management: Third-party service providers undergo security assessments prior to engagement and are subject to contractual data protection and security obligations;
Incident Response: Fadl Corp maintains a documented data breach response plan and will notify affected data subjects and competent authorities of material security breaches in accordance with applicable legal requirements.
10.3 Limitation of Liability
Notwithstanding the foregoing, no method of electronic transmission or data storage is completely secure. We cannot guarantee the absolute security of your personal data. You are responsible for maintaining the confidentiality of your account credentials, private keys, and wallet access information. If you suspect any unauthorised access to your account, please notify us immediately at info@fadl.ai.
Data Retenation
We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, to comply with our legal obligations, to resolve disputes, and to enforce our contractual rights. The specific retention periods we
apply are as follows:
Investor Account and KYC/AML Records: Personal data collected during the account registration and KYC/AML process is retained for a minimum of five (5) years following the termination of the business relationship, or such longer period as may be required by applicable AML regulations, which in certain jurisdictions may require retention for up to ten (10) years;
Transaction Records: Records of investment transactions, token transfers, and financial activity are retained for a minimum of seven (7) years following the date of the relevant transaction, or such longer period as required by applicable financial regulatory or tax law;
Communications: Correspondence, emails, and support records are retained for three (3) years following the conclusion of the relevant inquiry or interaction, subject to legal hold requirements;
Technical and Log Data: Server log files, device data, and technical usage records are retained for twelve (12) months from the date of generation, unless required for longer periods for security investigation purposes;
Marketing Preferences: Records of your marketing consent preferences are retained for the duration of the business relationship and for three (3) years thereafter;
Legal Claims: Where personal data is relevant to actual or anticipated legal proceedings, arbitration, or regulatory investigations, such data may be retained for the duration of such proceedings plus any applicable statutory limitation period.
Please note that on-chain blockchain transaction data cannot be deleted due to the inherent technical immutability of the blockchain. However, the Company will take all practicable steps to de-link your personal identity from on-chain records upon expiry of the applicable retention period.
User Rights
Subject to applicable data protection law and certain statutory limitations and exceptions, you have the following rights in relation to your personal data:
12.1 Right of Access
You have the right to request confirmation of whether we process personal data concerning you, and to obtain a copy of that personal data together with information about the purposes of processing, the categories of data processed, recipients of the data, and the applicable retention periods. We will provide this information within thirty (30) days of receipt of a valid request.
12.2 Right to Rectification
You have the right to request the correction of inaccurate personal data concerning you and the completion of incomplete personal data. We will action valid rectification requests without undue delay. Please note that rectification of on-chain blockchain data is technically impossible due to immutability; however, we will update our off-chain records and, where appropriate, issue corrective annotations.
12.3 Right to Erasure ("Right to Be Forgotten")
You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where consent has been withdrawn and no other legal basis applies, or where the data has been unlawfully processed. KYC/AML retention obligations will in most circumstances take precedence over erasure requests during mandatory retention periods.
12.4 Right to Restriction of Processing
You have the right to request that we restrict the processing of your personal data in certain circumstances, including where the accuracy of the data is contested, where processing is unlawful, or where you have objected to processing and the verification of overriding legitimate grounds is pending.
12.5 Right to Data Portability
Where processing is based on your consent or on contractual necessity, and is carried out by automated means, you have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller without hindrance.
12.6 Right to Object
You have the right to object at any time to the processing of your personal data on the basis of legitimate interests, including profiling. You have an absolute right to object to processing for direct marketing purposes, which will be honoured without exception.
12.7 Rights Related to Automated Decision-Making
Where we make decisions that produce significant effects on you using solely automated processing (including profiling), you have the right not to be subject to such decisions, the right to obtain human intervention, to express your point of view, and to contest the decision.
12.8 How to Exercise Your Rights
To exercise any of the above rights, please submit a written request to our Data Protection Officer at info@fadl.ai or
via post to 300 Creek View Road, Suite 209, Newark, County of New Castle, Delaware, 19711. We may require you to verify your identity before processing your request. We will respond to all requests within thirty (30) calendar days, with a possible extension of two (2) additional months for complex or multiple requests, of which we will notify you.
If you are dissatisfied with our response or believe that we are processing your personal data in breach of applicable data protection law, you have the right to lodge a complaint with the competent data protection supervisory authority in your jurisdiction.
Cookies and Tracking Technologies
Our Platform uses cookies and similar tracking technologies to enhance user experience, analyse usage, and support security functions.
13.1 Types of Cookies We Use|
Strictly Necessary Cookies: These cookies are essential for the Platform to function and cannot be disabled. They are used for session management, security authentication, and load balancing. No consent is required for these cookies.
Functional Cookies: These cookies remember your preferences and settings, such as language selection and accessibility preferences, to provide a personalised experience.
Analytical and Performance Cookies: These cookies collect aggregated, anonymised information about how visitors use the Platform, enabling us to improve our Services. Where these cookies are not strictly necessary, we obtain your consent before placing them.
Security and Fraud Prevention Cookies: These cookies assist in detecting and preventing fraudulent activity, bot attacks, and unauthorised access attempts.
13.2 Third-Party Cookies
Certain third-party services integrated into our Platform, such as analytics providers and customer support tools, may set their own cookies. The use of such cookies is governed by the respective third parties' privacy policies.
13.3 Cookie Management
Upon your first visit to the Platform at www.fadl.ai, you will be presented with a cookie consent banner enabling you to accept, reject, or customise your cookie preferences. You may update your preferences at any time through the Cookie Settings page accessible from the footer of our website.
Children's Privacy
The Platform and Services are not directed at, and are not intended for use by, individuals under the age of eighteen (18) years (or the applicable age of majority in the user's jurisdiction of residence, if higher). We do not knowingly solicit, collect, or process personal data from minors.
If you are a parent or guardian and believe that your child has provided personal data to the Company without your consent, please contact us immediately at info@fadl.ai. Upon verification, we will take prompt steps to delete any such data from our systems.
Shariah Compliance and Ethical Data Handling
The Company is founded upon the principles of Islamic finance and is committed to integrating Shariah ethical standards into every dimension of its operations, including its data handling practices.
15.1 Amanah (Trust and Fiduciary Duty)
We regard the personal data entrusted to us by our investors as a sacred trust (Amanah). We will not exploit, misuse, or monetise your personal data in any manner inconsistent with the purposes for which it was provided and the legitimate expectations you hold as our investor. This commitment extends to ensuring that all employees, service providers, and third parties who access your data are bound by stringent confidentiality and data protection obligations.
Islamic Principle: Amanah: Your data is held as a trust — never exploited, never misused.
15.2 Wuduh (Transparency and Disclosure)
Transparency is a cardinal principle in Islamic commercial ethics. We are committed to clear, honest, and accessible communication about how we collect and use your data. We do not engage in hidden data collection, opaque profiling, or undisclosed sharing of personal information. This Privacy Policy is written in clear language and published prominently on the Platform at www.fadl.ai.
Islamic Principle: Wuduh: Full transparency in all data practices — no hidden collection or profiling.
15.3 La Darar wa La Dirar (Do No Harm)
The Islamic legal maxim that no harm shall be inflicted or reciprocated guides our approach to data security and the responsible use of technology. We design our data practices to minimise risk to individuals, avoid uses of data that could harm investors' interests, and never process data for purposes that could facilitate exploitation, discrimination, or financial harm.
Islamic Principle: La Darar wa La Dirar: Data practices designed to protect, not harm.
15.4 No Data-Driven Usury or Exploitation
Consistent with the prohibition of Riba (usury) and Gharar (excessive uncertainty or deception) in Islamic finance, the Company commits that data collected from investors will not be used to facilitate, enable, or encourage any interest-bearing financial product, speculative transaction, or exploitative commercial practice. Analytical data is used solely to improve the Shariah-compliant investment products and services offered through the Platform.
15.5 Shariah Supervisory Board Oversight
Our Shariah Supervisory Board (currently under review) retains an oversight function in relation to the ethical
dimensions of our data practices. The Board reviews, on a periodic basis, whether our data handling procedures remain consistent with Shariah principles and investor welfare. Material concerns identified by the Shariah Supervisory Board in relation to data ethics will be addressed by management and, where material, disclosed to investors.
15.6 Zakat and Charitable Giving
Where investors voluntarily provide information regarding their Zakat obligations or charitable giving preferences, such
information will be treated as Sensitive Personal Data and processed exclusively for the purpose of facilitating the relevant Zakat calculation or charitable distribution service. This data will not be shared with any third party other than Zakat collection or charitable distribution entities explicitly authorised by the investor.
Updates to This Privacy Policy
The Company reserves the right to amend this Privacy Policy at any time to reflect changes in applicable law,
regulatory requirements, our business operations, or our data handling practices. All amendments will be effective upon publication of the updated Policy on the Platform at www.fadl.ai.
In the event of material changes to this Policy that may significantly affect your privacy rights or the manner in which we process your personal data, we will provide you with prominent advance notice through one or more of the following means: a notification posted on the Platform, an email to the address registered with your investor account, or an in-application notification. We will provide at least thirty (30) calendar days' notice before material changes take effect.
Your continued use of the Platform following the effective date of any amendment to this Policy constitutes your acknowledgement of and agreement to the amended terms. We maintain an archive of prior versions of this Privacy Policy, which is available upon request to info@fadl.ai.
Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or the exercise of your data subject rights, please contact us through any of the following channels:
Data Protection Officer
Fadl Corp
300 Creek View Road, Suite 209, Newark, County of New Castle, Delaware, 19711
Email (Data Protection Enquiries): info@fadl.ai
Email (General Enquiries): info@fadl.ai
Website: www.fadl.ai
Regulatory Complaints: Competent supervisory authority in your jurisdiction
We aim to acknowledge all data protection enquiries within five (5) business days and to provide a substantive response within thirty (30) calendar days of receipt.
This Privacy Policy was approved by the Board of Directors of Fadl Corp on 13 March 2026. Shariah Supervisory Board
review is currently pending.
© 2026 Fadl Corp. All rights reserved. | www.fadl.ai | info@fadl.ai
Registered in Delaware, United States | File Number: 10409653 | 300 Creek View Road, Suite 209, Newark, County of New Castle,
Delaware, 19711