MabrookUGC Back to home
Legal

Privacy Policy

Effective date: 21 April 2026 · Last updated: 21 April 2026

This Privacy Policy explains how VM MEDIA LLC ("MabrookUGC", "we") — a limited liability company registered in Sharjah Media City (Shams), Sharjah, UAE, License No. 2322072.01 — collects, uses, shares, retains, and protects personal data when you use our website, Platform, or services (the "Services"). It applies to Brands, Creators, website visitors, and prospective users, and is issued in compliance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and, where applicable, the GDPR.

1. Data controller & contact

Data controller: VM MEDIA LLC, Sharjah Media City (Shams), Sharjah, UAE.
License No: 2322072.01
Data protection contact: support@mabrookugc.com

We do not currently have a legal obligation to appoint a Data Protection Officer (DPO), but we maintain a privacy point of contact reachable at the above email.

2. What we collect

2.1 Information you provide

Brands

  • Company name, trade licence number (where applicable), brand name(s).
  • Contact name, job title, email address, phone number.
  • Billing address, VAT number, and payment instrument details (handled by our payment processor — we do not store full card numbers on our servers).
  • Brief content, creative references, product information, and uploaded assets.
  • Account credentials (passwords are stored hashed, not in plain text).

Creators

  • Full legal name, preferred name, date of birth, gender (optional), nationality, country and city of residence.
  • Government ID details (Emirates ID / passport number / national ID) for KYC purposes. ID document images are stored encrypted.
  • Contact details: email, phone, social handles.
  • Creator profile: languages, content categories, prior work samples, rates.
  • Payout details: TikTok One creator handle, IBAN, SWIFT, Wise/Payoneer identifiers as applicable.
  • Tax-related information where required by local law.
  • Delivered Content and related metadata, approval history, performance metrics.

2.2 Information collected automatically

  • Device and connection data: IP address, device type, operating system, browser type and version, screen resolution, language.
  • Usage data: pages visited, features used, clicks, session duration, referrer URL, timestamps.
  • Cookies and similar technologies (see Section 9).
  • Logs for security and fraud prevention.

2.3 Information from third parties

  • Social platform handles and publicly available profile data (e.g. for Creator vetting).
  • Payment processors confirming payment status and limited transaction data.
  • Identity verification providers confirming KYC outcomes.
  • Analytics and marketing partners (e.g. Google Analytics, Meta pixel, where used).

3. How we use your data — and the legal basis

We use personal data for the following purposes, on the following legal bases:

  • Contract performance: onboarding, account management, matching Brands and Creators, delivering Content, processing payments and payouts, customer support.
  • Legitimate interests: fraud prevention, platform security, analytics to improve the Service, internal reporting, marketing our own services to existing users (subject to opt-out), defending legal claims.
  • Legal obligation: KYC / AML, tax reporting, responding to lawful requests from UAE or foreign authorities.
  • Consent: marketing communications to non-users, non-essential cookies, portfolio use of Creator likenesses beyond the operational scope, case studies with a Brand's name. You may withdraw consent at any time; withdrawal does not affect processing already carried out.

4. How we share your data

We share personal data only with the following categories of recipients:

  • Brands (limited Creator profile and delivered Content needed to fulfil the assignment).
  • Creators (limited Brand brief and contact data needed to fulfil the assignment).
  • Payment and payout processors (e.g. Stripe, Telr, Checkout.com, Tap, TikTok One, Wise, Payoneer), each under their own terms.
  • Cloud hosting and infrastructure providers (e.g. AWS, Google Cloud, Vercel, or equivalent).
  • KYC / identity verification providers.
  • Analytics, email, and customer support tools acting as processors on our behalf.
  • Professional advisers (lawyers, auditors, accountants) under confidentiality obligations.
  • Regulators, courts, or law enforcement where required by law or to protect our rights.
  • A successor entity in connection with a merger, acquisition, or sale of assets.

We do not sell personal data. We do not share personal data with advertising networks for cross-context behavioural advertising, except via our own retargeting pixels with consent where required.

5. International data transfers

MabrookUGC is headquartered in the UAE. Some of our processors and sub-processors are based outside the UAE, including in the EEA, UK, United States, and elsewhere. Where we transfer personal data internationally, we rely on (a) adequacy decisions, (b) Standard Contractual Clauses or equivalent safeguards, or (c) the data subject's explicit consent, as required by the PDPL and GDPR.

6. Retention

  • Account data: kept while the account is active and for up to 6 years after closure for tax, accounting, and legal defence purposes, or longer where required by law.
  • KYC documents: retained for the period required by applicable AML regulations (typically 5 years) after the end of the business relationship.
  • Delivered Content: retained indefinitely as part of the commercial record; Brands' licensed copies are retained by the Brand according to their own policies.
  • Marketing data: until you unsubscribe, plus a short suppression period.
  • Analytics logs: typically 14 to 26 months.
  • Backup copies: removed on the next backup rotation cycle after the primary deletion.

7. Your rights

Subject to the PDPL, GDPR, and any other applicable law, you have the right to:

  • Access the personal data we hold about you and receive a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten"), subject to our legal retention obligations.
  • Restrict or object to certain processing (including direct marketing).
  • Data portability, where processing is based on consent or contract and carried out by automated means.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with the UAE Data Office or, if you are in the EEA/UK, with your local supervisory authority.

To exercise rights, email support@mabrookugc.com. We will respond within 30 days (extendable by a further 30 days where complex). We may need to verify your identity before acting.

8. Security

  • Data is encrypted in transit (TLS 1.2+) and at rest where reasonably practicable.
  • Passwords are hashed using industry-standard algorithms.
  • Access to personal data is restricted on a need-to-know basis and logged.
  • We carry out regular security reviews of our vendors.
  • In the event of a personal data breach likely to result in a high risk to affected individuals, we will notify the competent regulator and affected data subjects in accordance with applicable law.

No system is 100% secure. You are responsible for keeping your login credentials safe and for using strong, unique passwords.

9. Cookies & tracking

We use cookies and similar technologies for:

  • Strictly necessary functions (login session, security, load balancing) — always on.
  • Functionality (remembering preferences) — on by default, can be disabled.
  • Analytics (e.g. Google Analytics or equivalent) — only with consent where required.
  • Marketing and retargeting (e.g. Meta, TikTok pixel) — only with consent where required.

You can manage cookies via our cookie banner and/or your browser settings. Blocking strictly necessary cookies may prevent the Platform from working.

10. Children

The Platform is not directed to, and we do not knowingly collect personal data from, individuals under 18. If we discover such data has been collected, we will delete it promptly.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or a prominent notice on the Platform at least 14 days before taking effect. The "Last updated" date at the top reflects the latest revision.

12. Governing law & jurisdiction

This Privacy Policy is governed by the federal laws of the United Arab Emirates. Disputes will be handled by the competent courts of Sharjah, UAE, without prejudice to statutory rights of data subjects to complain to their home-country supervisory authority.

13. Contact

VM MEDIA LLC
Sharjah Media City (Shams), Sharjah, United Arab Emirates
License No: 2322072.01
Email: support@mabrookugc.com