Data Categories
EB1 may collect and process the following categories of personal data, where applicable:
Identity data (such as name, date of birth, and government-issued identifiers)
Contact information (such as email address, telephone number, and mailing address)
Account, onboarding, and compliance-related information (including KYC and sanctions screening data)
Financial and transactional metadata, where relevant
Device, usage, and technical data
Fraud prevention, risk assessment, and compliance records
Legal Basis
EB1 processes personal data on one or more of the following legal bases, as applicable:
Contractual necessity, where processing is required to provide services or take steps at your request prior to entering into a contract
Legal and regulatory obligations, including compliance with applicable anti-money laundering (AML), counter-terrorist financing (CTF), sanctions, and record-keeping requirements
Legitimate interests, such as maintaining platform security, preventing fraud, managing risk, and improving services, provided such interests are not overridden by your rights and freedoms
Consent, where required, including for marketing communications, which may be withdrawn at any time
Data Sharing
EB1 may share personal data with the following categories of recipients, where necessary for the provision of its services and in compliance with applicable law:
Financial institutions and licenced issuers responsible for card issuance and payment processing
Compliance, KYC and AML service providers conducting identity verification and sanctions screening
Authorized custodians or collateral service providers maintaining digital assets as security
Governmental, regulatory and supervisory authorities, where required for legal, AML, CTF or regulatory compliance purposes
Professional advisers, auditors, and service providers supporting EB1’s operational and compliance functions
All such data sharing is carried out in accordance with applicable data protection laws and limited to what is necessary for the relevant purpose.
Cross-Border Transfers
Personal data may be transferred to, processed, or accessed in jurisdictions outside your country of residence, including by the categories of recipients listed in the “Data Sharing” section above. Where such transfers occur, EB1 ensures that appropriate legal safeguards are in place, including the use of Standard Contractual Clauses (SCCs) or other legally recognised transfer mechanisms, in accordance with applicable data protection laws and the requirements of the competent UAE data protection authority.
Security
EB1 implements appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures include security controls aligned with ISO 27001 standards, encryption of data in transit and at rest, role-based access controls, and continuous monitoring of systems and infrastructure.
Retention
EB1 retains personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, and compliance obligations.
Where required under applicable anti-money laundering, sanctions, or financial crime regulations, certain records may be retained for a minimum period of five (5) years following account closure or the end of the business relationship, or longer where required by applicable law.
User Rights
Subject to applicable data protection laws, you may have the right to:
Request access to your personal data
Request correction or rectification of inaccurate or incomplete data
Request deletion or erasure of personal data, where applicable
Request restriction of processing or object to certain processing activities
Request data portability, where applicable
Withdraw consent at any time where processing is based on consent
Request information regarding the types of personal data being processed, the purposes of processing, and the categories of recipients with whom your personal data is shared
Request information regarding the retention period and applicable storage criteria for your personal data
Object to processing for direct marketing purposes, including profiling related to direct marketing
Object to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significant impacts, and request human review of such decisions
Request information regarding cross-border transfers of personal data and the applicable safeguards
Request information on how to submit a complaint to the competent data protection authority
Requests may be subject to identity verification and applicable legal limitations and will be addressed within the timeframes required by applicable law.
Breach Notification
In the event of a personal data breach, EB1 will assess the impact and, where required under applicable data protection laws, notify the relevant supervisory authority at the time it becomes aware of the breach, in accordance with the timeframes, measures and requirements set out in the applicable Executive Regulations.
Where the breach would prejudice the privacy, confidentiality or security of personal data, affected users will be notified within the period and in accordance with the measures and requirements set by the applicable Executive Regulations, and informed of the corrective actions taken.
Common Law Applicability
These Commercial Card Terms and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with them or their subject matter or formation shall be governed by and construed in accordance with the substantive laws of the Dubai International Financial Centre (DIFC), without regard to its conflict of laws principles.
Each party irrevocably agrees that the courts of the Dubai International Financial Centre (DIFC Courts) shall have exclusive jurisdiction to settle any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with these Terms and Conditions or their subject matter or formation. Nothing in this clause shall limit the right of EB1 to take proceedings against the Customer in any other court of competent jurisdiction, nor shall the taking of proceedings in any one or more jurisdictions preclude the taking of proceedings in any other jurisdictions, whether concurrently or not, to the extent permitted by the law of such other jurisdiction.
The parties hereby elect and agree in writing that any claim or dispute (including non-contractual disputes or claims) where the amount or value in dispute does not exceed AED 500,000 (excluding interest, costs, and fees) shall be referred to and finally resolved by the DIFC Small Claims Tribunal (SCT) in accordance with its rules and procedures.
Contact Us
If you have any questions about this privacy policy, please contact us at contact@eb1.io
EB1 FAQ
What is EB1?
EB1 is a fintech company based in Dubai, UAE. Launching in Q3 2026, EB1 offers a crypto-native Visa card that lets users spend digital assets globally, integrated with premium lifestyle services available through the EB1 app.
What is the EB1 Card?
How do I become a member?
What are the membership benefits?
Who is behind EB1?
Which cryptocurrencies are supported?