Legal

Data Residency

Last updated: March 2026

ContractorPass is committed to keeping your data within the United Arab Emirates. This page explains where your data is stored, how it is protected, and how we meet UAE data residency requirements.

1. Hosting Location

All ContractorPass infrastructure is hosted in Microsoft Azure UAE North (Dubai). This includes:

  • Application servers and APIs
  • Databases (Azure SQL)
  • File storage (Azure Blob Storage) for the optional document vault
  • Backups and disaster recovery replicas

Your data never leaves the UAE region unless you explicitly export it.

2. Data Sovereignty

We chose Azure UAE North specifically to ensure compliance with UAE data sovereignty expectations:

  • All data at rest resides within UAE borders
  • Data processing occurs exclusively in the UAE North region
  • No data is transferred to, replicated in, or processed by servers outside the UAE
  • We do not use global CDN edge nodes that could cache your data outside the UAE

3. Encryption

In Transit

  • All connections use TLS 1.2 or higher
  • HTTPS is enforced for all web traffic — HTTP requests are automatically redirected
  • API calls between internal services use encrypted channels

At Rest

  • Database encryption using Azure Transparent Data Encryption (TDE) with service-managed keys
  • Blob storage encryption using AES-256 encryption
  • Backup encryption using the same standards as primary storage

4. Backups and Recovery

  • Automated daily backups retained for 30 days
  • Point-in-time restore capability for databases
  • All backups stored within Azure UAE North — no cross-region replication
  • Regular backup restoration testing to verify data integrity

5. Access Controls

  • Role-based access control (RBAC) limits who can access infrastructure
  • Multi-factor authentication required for all administrative access
  • Access logs are maintained and audited regularly
  • No third-party vendors have direct access to customer data

6. Azure Compliance

Microsoft Azure UAE North holds the following certifications relevant to our operations:

  • ISO 27001 (Information Security Management)
  • ISO 27017 (Cloud Security)
  • ISO 27018 (Protection of Personal Data in the Cloud)
  • SOC 1, SOC 2, and SOC 3 reports
  • CSA STAR certification

7. Data Export

You retain full ownership of your data and can export it at any time:

  • Export company records, staff details, and subcontractor data in standard formats
  • Download any documents stored in the optional document vault
  • Request a complete data export by contacting support

8. Data Deletion

  • When you delete data from ContractorPass, it is removed from active systems within 24 hours
  • Deleted data is purged from backups within the 30-day backup retention window
  • Upon account termination, all data is deleted per our retention policy outlined in our Privacy Policy

9. Subprocessors

We minimise the use of subprocessors that handle customer data. Currently:

  • Microsoft Azure — cloud infrastructure provider (UAE North region)
  • Stripe — payment processing (processes payment card data only; no access to your compliance data)

We will notify customers before adding any new subprocessors that handle customer data.

10. Contact

For questions about data residency or to request a data processing agreement, contact us at info@contractorpass.ae.