Invest in Gold

This Privacy Policy (“Policy”) expresses our firm commitment to aid our users and visitors better understand what information we collect about them and what may happen to that information.

This Policy explains what we collect and how we use your personal data when you use our website https://www.aspora.com/, our mobile application (available on Android and IOS), (jointly referred as “Website” or “Platform”). and provide your information while using the services available on the Website and other services provided by Aspora (formerly known as ‘Vance’) (“Services”), and how we use and disclose that information. If anything here applies to only one of our Services or to customers in a particular country, we’ll explicitly point this out to you.

If you have any questions or comments about the Policy, please contact us at dpo@aspora.com. Your use of the Website and/or Services and any personal information you provide on the Website remains subject to the terms of the Policy and our term of use policy available on our website. Any grievance or complaint may be intimated to grievance officer, who may be reached at dpo@aspora.com. The complaint shall be redressed within a period of 1 (one) month.

1. Data controller

The Data Controller for the collection and use of the Personal Information (as defined below) is Aspora Information Technology Services LLC SOC, a company incorporated in Dubai, UAE and having its office at Rigga Business Centre - 1001-04, Office No 1004-178, Deira, Al Muraqqabat, Dubai, UAE, operating under the brand name ‘Aspora’ (formerly known as ‘Vance’).

2. Gathering of your personal information

2.1 “Personal information” is defined to include information that whether on its own or in combination with other information may be used to readily identify or contact you such as: name, address, email address, phone number etc.

2.2 The specific personal details we gather from you depend on how you interact with our Platform. This includes but is not limited to information such as your name, gender, age, mailing address, phone number, email address, contact preferences, identification proof, photo, bank account/credit card/debit card details, Know Your Customer (KYC) details, Emirates Identification Number and related data, and any other relevant information that helps us or our partners verify your identity. In connection with our gold services, we may additionally collect information relating to: gold purchase and sale transaction history; gold holdings and vault/custody account details; gold delivery or redemption preferences; source of funds information required for AML/CFT compliance; and risk profile information relevant to your use of our gold investment services. We may also collect your marketing communication preferences, including which Marketing Channels you have consented to receive communications through.

2.3 If we determine it necessary, at our own discretion, we may also request and collect additional information from third parties. This could involve obtaining credit-related information from a credit bureau (to the extent permitted by law) or verifying the identification details you provided during registration.

2.4 You acknowledge that it is your responsibility to ensure that your personal information is always accurate, complete, and up-to-date. We will also make reasonable efforts to give you the opportunity to request corrections to your personal information if it is found to be inaccurate. Additionally, you can request the deletion of your personal information, subject to applicable law. However, we reserve the right to reject requests that contravene the terms outlined in this policy, our website’s terms and conditions, or any relevant laws. We may also decline requests that require disproportionately extensive technical efforts, endanger the privacy of others, or are highly impractical.

3. Information obtained through your usage of our service

3.1 We offer various Services that help you efficiently manage the contact information you provide to us as part of our Services. Typically, these contacts include details about individuals (or organizations), such as their names, email addresses, phone numbers, and online identifiers. In addition to this basic information, your Contacts may also include supplementary details about individuals, including their affiliations with organizations, job titles, birthdays, important dates, age, gender, general location, relationships, skills, interests, preferences, personal notes, photos, tags, and other categorizations.

3.2 Through our Services, we provide tools to effectively manage the contact information you provide. Your Contacts play a crucial role in establishing connections and relationships. They contain information about individuals (or organizations), including names, email addresses, phone numbers, and online identifiers. Moreover, your Contacts may include additional details, such as organizational affiliations, job titles, birthdays, important dates, age, gender, general location, relationships, skills, interests, preferences, personal notes, photos, tags, and other categorizations.

(a) Contact book access: The Contacts you create reflect certain relationships between you and the people or organizations they represent. These Contacts may explicitly indicate the nature of the relationship. Additionally, we may deduce the strength or nature of a relationship based on the presence or absence of specific contact information, such as mobile numbers or key dates, as well as shared elements like physical addresses or organizational affiliations. Inferred relationship information can also be derived from your interactions with individual Contacts, such as frequency of access or modification.

(b) Connected Services: Many of our Services allow you to connect with external systems or databases that might contain information about your relationships. This includes “connections” on social networks or other platforms.

4. Gathering of automatic information, utilization of cookies and similar tracking technologies

4.1 We collect browser and cookie information when you first navigate to our websites. We use cookies to give you a better customer experience and for use of access. Certain cookies will allow you to leave and re-enter the Platform without re-entering your password. This will be monitored by a web server.

4.2 Cookies are text files stored, either on a temporary or persistent basis on the hard drive of your computer. Cookies are used for authenticating, session tracking and maintaining specific information about the use and users of the Platform (including user site preferences or the contents of electronic shopping carts). Cookie files may also be placed on your computer by Google Analytics for the purposes as set out in this paragraph.

4.3 The data collected by cookies is anonymous. You can delete all cookies that are already on your computer’s hard drive by searching for files with “cookie” in it and deleting them. In addition, if you want to stop cookies from being stored on your computer, you can edit your browser settings so that cookies are blocked. Unfortunately, if you block cookies, you may not be able to use the full functionality of the Platform.

4.4 Web beacons consist of a small string of software code that represents a graphic image request on a Web page or email. There may or may not be a visible graphic image associated with the web beacon and often the image is designed to blend into the background of a Web page or email. Web beacons can be used for many purposes – including site traffic reporting, unique visitor counts, advertising auditing and reporting, and personalization. Web beacons used by Aspora collect only anonymous data.

4.5 In order to improve the Platform and the Services, we use (temporary and persistent) cookies, authorised third parties cookies, web beacons and/or other technologies to collect non-personally identifiable data. This non-personally identifiable data helps us to track browsing behaviour, to create specific or tailor-made offers or advertisements, and to monitor and record the visits and use of the Platform.

4.6 In order to understand how people use the Platform and for marketing analysis and quality improvement purposes, we (and/or third party service providers) may collect, record, and use on an anonymous basis certain information (including the total number of transactions, viewed web pages, referring/exit pages, platform type, date/time stamp information and details like the number and location of mouse clicks on a given page, mouse movements, scrolling activity and the search words you use while being on and using the Platform.

4.7 If you register with us or if you continue to use the Platform, you agree to our use of cookies. You further agree to use the Platform only for lawful purposes.

4.8 From time to time you may find links to third party websites on the Platform. These links are provided for your information only and are not recommended by Aspora. Aspora has no control over the content of third party sites and accepts no responsibility or liability for them or for any loss or damage that may arise from your use of them. When accessing a third party website, you are advised to check such website’s terms of service and privacy policy to ensure compliance with applicable laws.

5. Gathering of personal information from social networking platforms

5.1 You may at times be permitted to log into our Website through your other social networking accounts. If you choose to do so, you will need to provide your email address and password associated with those social networking accounts. In order to proceed, we will request your permission to access and gather your basic information, which includes your name, profile picture, gender, networks, user IDs, date of birth, email address, and any other publicly available information on your account. If you grant us access to this information, we will be able to retrieve it even if you have not made it publicly visible. The information we receive from these social networking sites is stored along with the other information we collect or receive from you.

5.2 Please note that the information collected by these social networking sites is governed by their own policies. If you would like to understand how these sites utilize and disclose your information, including any publicly shared information, we recommend referring to the respective privacy policies of the social networking sites. We have no control over how any third-party site utilizes or discloses the personal information it gathers about you.

6. How Aspora uses the collected information

6.1 How Personal Information Is Used

We collect your personal information and aggregate information about the use of our Website and Services to better understand your needs and to provide you with a better Website experience. Specifically, we may use your personal information for any of the following reasons and you consent to the same:

(a) To provide our Services to you, including registering you for our Services, verifying your identity and authority to use our Services, facilitating the purchase, sale, and holding of digital gold through our Platform, processing gold transactions and associated settlement instructions, and to otherwise enable you to use our Website and our Services;

(b) For customer support and to respond to your inquiries;

(c) For internal record-keeping purposes;

(d) To process billing and payment, including sharing with third party payment gateways in connection with Website and/or Services;

(e) To improve and maintain our Website and our Services (for example, we track information entered through the “Search” function; this helps us determine which areas of our Website users like best and areas that we may want to enhance; we also will use for trouble-shooting purposes, where applicable);

(f) Where you have provided your explicit consent in accordance with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and Cabinet Resolution No. 56 of 2024 on Regulation of Telemarketing, to send you marketing and promotional communications regarding our gold services, special offers, gold price alerts, new product launches, and other information about Aspora that we think you may find interesting, through any or all of the following channels: email, telephone calls, SMS/text messages, WhatsApp, and other social media platforms and electronic messaging services (collectively, “Marketing Communications”);

(g) To contact you via email, telephone (including telemarketing calls), facsimile, mail, SMS/text message, WhatsApp, and other electronic messaging platforms and social media channels, to deliver certain services or information, including service-related notifications regarding your gold holdings, transaction confirmations, gold price movements, or other matters relevant to your use of our Services; and, where you have provided consent, for Marketing Communications;

(h) For Aspora’s market research purposes, including, but not limited to, the customization of the Website or Services according to your interests;

(i) To share your personal information with our gold product partners, within the UAE or outside the UAE (including but not limited to partners in the United States and the United Kingdom, subject to applicable laws), for the purpose of making available to you gold leasing options and related gold yield products through the Platform. Such sharing will be carried out on the basis of our contract with you and, where required by applicable law, subject to appropriate safeguards governing the international transfer of your personal data. By using the gold leasing features of the Platform, you acknowledge that your personal data may be transferred to and processed by such partners in jurisdictions outside the UAE.

(j) We may use your demographic information (i.e., age, postal code, residential and commercial addresses, and other various data) to more effectively facilitate the promotion of goods and services to appropriate target audiences and for other research and analytical purposes;

(k) To resolve disputes, to protect ourselves and other users of our Website and/or Services, and to enforce our Website’s terms and conditions;

(l) We also may compare personal information collected through the Website and/or Services to verify its accuracy with personal information collected from third parties; and

(m) We may combine aggregate data with the personal information we collect about you.

6.2 From time to time, Aspora may seek to use personal information for purposes not previously disclosed in this Policy. Where any such new purpose is closely related to the original purpose for which the information was collected, Aspora will update this Policy and provide you with advance notice of the change before commencing the new processing. Where the new purpose is not closely related to the original purpose and does not fall within a permitted exception under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021), Aspora will not commence such processing until it has provided you with advance notice and obtained your explicit consent. This Policy will be updated to reflect any such changes, and the updated version will be posted on our Platform with the revised effective date.

6.3 Where you have provided your explicit and informed consent through a separate, unbundled consent mechanism at the point of registration or at any later stage, you agree and provide consent to Aspora sharing marketing and promotional details with you through telemarketing, including but not limited to: emails, telephone calls, SMS/text messages, WhatsApp messages, and other social media platforms and electronic communication channels (“Marketing Channels”). Such consent is given freely, specifically, and with full knowledge of its scope, in accordance with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, as amended) and Cabinet Resolution No. 56 of 2024 on Regulation of Telemarketing. Registration or provision of information on the Platform alone shall not be construed as consent to receive Marketing Communications; consent must be actively and separately provided. Where you have registered with the UAE Do Not Call Registry (DNCR), Aspora will only contact you for marketing purposes via the Marketing Channels where you have separately and explicitly opted in to receive such communications notwithstanding your DNCR registration, which opt-in you may record by checking the relevant consent box at the time of registration or account settings.

7. Marketing and promotional communications

Aspora may contact you with marketing and promotional details relating to our gold purchase, sale, and investment services, as well as other products and services offered by Aspora, through telemarketing channels including but not limited to: (i) email; (ii) telephone calls; (iii) SMS and text messages; (iv) WhatsApp and instant messaging platforms; and (v) other social media platforms and electronic communication channels (collectively, “Marketing Channels”). Such Marketing Communications will only be sent where you have provided your prior, explicit, and freely given consent in accordance with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, as amended, “UAE PDPL”) and Cabinet Resolution No. 56 of 2024 on Regulation of Telemarketing via Telephone Calls (“Telemarketing Regulation”). Your consent to receive Marketing Communications is separate from, and does not form part of, your acceptance of these Terms or your registration on the Platform.

7.1 Nature of Consent. By checking the designated marketing consent checkbox at the time of registration on the Platform or at any time thereafter in your account settings, you explicitly agree and provide your consent to Aspora contacting you with marketing and promotional details through the Marketing Channels selected by you. Your consent is: (i) freely given — it is not a condition of registration or use of the Platform; (ii) specific — it relates to marketing communications from Aspora regarding its gold and financial services; (iii) informed — you have read this Policy and understand the nature and channels of communications; and (iv) unambiguous — it is given through a clear, affirmative action (an active tick-box). Pre-ticked or pre-selected consent checkboxes are not used by Aspora. Consent will not be inferred from your mere registration or use of the Platform.

7.2 Telemarketing Compliance. Where Aspora makes or facilitates marketing telephone calls, it shall comply with Cabinet Resolution No. 56 of 2024 on Regulation of Telemarketing, including by: (i) only making calls between 9:00 am and 6:00 pm UAE time; (ii) identifying itself and the purpose of the call at the outset of each call; (iii) disclosing the source of your telephone number to the relevant competent authority upon request; and (iv) not making telemarketing calls to numbers registered on the UAE Do Not Call Registry (DNCR), unless you have separately and explicitly consented to receive calls notwithstanding your DNCR registration. Any complaints regarding unsolicited marketing calls may be directed to Aspora at dpo@aspora.com or to the relevant UAE regulatory authority.

7.3 Withdrawal of Consent. You may withdraw your consent to receive Marketing Communications at any time, without affecting the lawfulness of any marketing carried out prior to your withdrawal, by: (i) following the unsubscribe link in any marketing email; (ii) replying “STOP” to any marketing SMS; (iii) updating your communication preferences in your account settings on the Platform; or (iv) emailing dpo@aspora.com. Withdrawal of marketing consent will not affect your ability to use the Platform or our Services, and Aspora will continue to send you transactional and service communications necessary for the provision of our Services to you.

8. Security

We employ procedural and technological security measures, which are reasonably designed to help protect your personal information from unauthorized access or disclosure. Aspora may use encryption, passwords, and physical security measures to help protect your personal information against unauthorized access and disclosure. No security measures, however, are 100% complete. Therefore, we do not promise and cannot guarantee, and thus you should not expect, that your personal information or private communications will not be collected and used by others. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. Aspora is not responsible for the unauthorized use of your information or for any lost, stolen, compromised passwords, or for any activity on your account via unauthorized password activity.

9. Disclosure

We may share the information that we collect about you, including your personal information, as follows:

9.1 Information Disclosed To Protect Us And Others: We may disclose your information including Personal Information if: (i) it is pursuant to Services that you have requested; (ii) Aspora reasonably believes that disclosure is necessary in order to comply with a legal process (such as a court order, search warrant, etc.) or other legal requirement of any governmental authority, (iii) disclosure would potentially mitigate our liability in an actual or potential lawsuit, (iv) reasonably necessary to enforce this Policy, our terms and conditions etc. (v) disclosure is intended to help investigate or prevent unauthorized transactions or other illegal activities, or (vi) necessary or appropriate to protect our rights or property, or the rights or property of any person or entity.

9.2 Information Disclosed To Third Party Service Providers And Business Partners: We may contract with various third parties for the provision and maintenance of the Website, Services and our business operations, and Aspora may need to share your personal information and data generated by cookies and aggregate information (collectively, “information”) with these vendors and service agencies. For example, we may provide your information to a credit card processing company to process your payment. The vendors and service agencies will not receive any right to use your personal information beyond what is necessary to perform its obligations to provide the Services to you. If you complete a survey, we also may share your information with the survey provider; if we offer a survey in conjunction with another entity, we also will disclose the results to that entity.

9.3 Information Disclosed To Law Enforcement Or Government Officials: We will disclose your information, including, without limitation, your name, city, state, telephone number, email address, user ID history, quoting and listing history, and fraud complaints, to law enforcement or other government officials if we are required to do so by law, regulation or other government authority or otherwise in cooperation with an investigation of a governmental authority.

9.4 Information Disclosed At Your Request: We may share your personal information with other users or third parties to whom you explicitly ask us to send your information or if you explicitly consent to such disclosure upon receipt of a specific Service.

10. Links to external websites

The Website may contain links to other websites or resources over which Aspora does not have any control. Such links do not constitute an endorsement by Aspora of those external websites. You acknowledge that Aspora is providing these links to you only as a convenience, and further agree that Aspora is not responsible for the content of such external websites. We are not responsible for the protection and privacy of any information which you provide while visiting such external websites and such sites are not governed by this Policy. Your use of any external website is subject to the terms of use and privacy policy located on the linked to external website.

11. Updating, deleting and correcting your personal information

11.1 You may choose to restrict the collection or use of your personal information in the following ways: You can review, correct and delete your personal information by emailing us at dpo@aspora.com. You must promptly reach out to us to change your information if your personal information changes or is inaccurate. Typically, we will not manually alter your personal information because it is very difficult to verify your identity remotely.

11.2 Nonetheless, upon your request we may close your account and remove/restrict access to your personal information from view as soon as reasonably possible, based on your account activity and in accordance with applicable law. We doNotwithstanding account closure or a request for erasure, we are required to retain information from closed accounts certain categories of personal data for the mandatory periods set out in order the DATA RETENTION section of this Policy, including to comply with the law,our anti-money laundering and counter-terrorist financing obligations (Federal Decree-Law No. 10 of 2025 and the CBUAE AML/CFT Rulebook), our corporate tax and VAT record-keeping obligations (Federal Decree-Law No. 47 of 2022 and Federal Decree-Law No. 8 of 2017), our obligations under the UAE Commercial Transactions Law, and to prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations of any user, enforce our terms and conditions, and take any other actions otherwise permitted by applicable law. Where we are required by law to retain data that we deem necessary in our sole and absolute discretion.is the subject of an erasure request, we will inform you of this and will restrict processing of that data to the extent possible pending the expiry of the relevant mandatory retention period, after which it will be securely deleted or anonymised. Once we have deleted or removed your account, you agree (including at the end of any applicable retention period), you acknowledge that Aspora shall not be responsible for any personal information that was not included within your deleted and/or removed account.

12. What choices do I have regarding use of my personal information?

Where you have consented to receive Marketing Communications, we may send you promotional or informational messages regarding our gold services, special offers, gold price updates, and other matters of interest via the Marketing Channels you have consented to. You may withdraw your consent or opt-out of any or all Marketing Channels at any time by: (i) following the unsubscribe instructions in any email we send you; (ii) replying “STOP” to any SMS we send you; (iii) updating your communication preferences in your account settings on the Platform; or (iv) contacting us at dpo@aspora.com. Please note that it may take up to 15 business days for us to process opt-out requests. Withdrawal of marketing consent does not affect the lawfulness of processing carried out prior to withdrawal. Even if you opt-out of Marketing Communications, we may still send you transactional or service-related communications regarding your gold holdings, account activity, or any Services you have requested or received from us, as these are necessary for the performance of our contract with you.

13. Data retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy our legal, regulatory, tax, accounting, and reporting obligations. The specific retention period applicable to your personal data depends on the category of data and the purpose for which it is held. In all cases, where multiple legal obligations apply to the same record, we will retain it for the longest applicable period. The following periods apply to the principal categories of personal data we hold:

13.1 Identity, KYC and Customer Due Diligence (CDD) Records. This includes government-issued identity documents, proof of address, source of funds documentation, and all records obtained through our KYC/CDD process. These are retained for a minimum of five (5) years from the later of: (i) the date of completion of the relevant transaction; or (ii) the date of termination of our business relationship with you or closure of your account. This period is mandated by Federal Decree-Law No. 10 of 2025 on Anti-Money Laundering, Combating the Financing of Terrorism and Proliferation Financing and the CBUAE AML/CFT Rulebook.

13.2 Gold Transaction Records. This includes records of all gold purchase and sale transactions, settlement instructions, gold holding balances, transaction confirmations, and related financial data. These are retained for a minimum of seven (7) years from the date of the relevant transaction. This period reflects the longer of the AML/CFT minimum of five (5) years (Federal Decree-Law No. 10 of 2025) and the record-keeping requirement of seven (7) years under the UAE Corporate Tax Law (Federal Decree-Law No. 47 of 2022), which governs financial records for tax purposes.

13.3 Account and Platform Data. This includes your account registration details, profile information, login credentials, contact preferences, and usage data generated through your interaction with the Platform. This data is retained for the duration of your account relationship with us and for a further period of five (5) years following account closure, to the extent required by our AML/CFT obligations and to enable us to handle any post-closure queries, complaints, or legal claims arising from the relationship.

13.4 Marketing Consent Records. Records of your consent to receive Marketing Communications — including the date and means by which consent was given, the version of the consent language in force at that time, and records of any subsequent withdrawal — are retained for the duration of our business relationship and for a further period of five (5) years following withdrawal or account closure. This enables us to demonstrate compliance with our obligations under the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and Cabinet Resolution No. 56 of 2024 on Regulation of Telemarketing, and to respond to any regulatory enquiries or complaints regarding Marketing Communications sent during the consent period.

13.5 Business Correspondence and Communications. This includes emails, in-app messages, customer support records, and other correspondence between you and Aspora in connection with your use of the Platform or Services. These are retained for a minimum of five (5) years from the date of issue or receipt, in accordance with the UAE Commercial Transactions Law (Federal Law No. 18 of 1993, as amended).

13.6 Legal Claims and Dispute Records. Where personal data is relevant to an actual or anticipated legal claim, regulatory investigation, or dispute, we will retain that data for as long as is necessary to pursue or defend the relevant proceedings, including any applicable limitation and appeal periods under UAE law.

13.7 Deletion, Anonymisation and Erasure Requests. At the end of the applicable retention period, we will securely delete or anonymise your personal data so that it can no longer be attributed to you. Where you exercise your right to erasure under the UAE PDPL, we will honour that request unless retention is required or permitted by applicable law — including our AML/CFT, tax, and commercial record-keeping obligations set out above — in which case we will inform you of the basis on which the request cannot be fulfilled and restrict processing of the retained data to the extent possible pending the expiry of the relevant retention period.

14. Use of Aspora information

14.1 In order to facilitate the provision and utilization of services, the Website allows you to share personal information with Aspora. When entering into a service agreement, it may be necessary to provide Aspora with your name, email address, phone number, or personal address.

14.2 Your password serves as the key to access your account. It is important to create a password that includes unique combinations of numbers, letters, special characters, and the like. Furthermore, it is crucial that you do not disclose your password to anyone. If you choose to share your password or personal information with others, you bear sole responsibility for any actions performed through your account. If your password is compromised in any way, it is imperative that you promptly notify Aspora in order to change your password. This will help you regain control over your personal information and prevent any legally binding actions from being taken on your behalf.

15. Contact us

For full details about the Aspora group members and where they operate, please contact us at: dpo@aspora.com. If at any time you believe that we have not adhered to this Policy, please contact us at dpo@aspora.com and we will seek to promptly determine and correct the problem.

16. Changes to this policy

Please note that this Policy may change from time to time. If we change this Policy in ways that affect how we use your Personal Information, we will advise you of the choices you may have as a result of those changes. We will also post a notice that this Policy has changed.