Our Privacy Policy

Our Privacy Policy outlines how we collect, use, and protect your personal information. Your privacy and security are our priorities.

Last Updated on February 1, 2026.

This Privacy Policy explains how DiscGo (“DiscGo”, “we”, “us” or “our”) collects, uses, stores and shares information when you:

  • use the DiscGo mobile application (the “App”);

  • visit our website or web‑based services; or

  • otherwise interact with us in relation to the App or website

(collectively, the “Services”).

This Privacy Policy is separate from our Terms of Use / Terms & Conditions, which govern your use of the Services. Please read both carefully.

By using the Services, you acknowledge that you have read and understood this Privacy Policy. Where required by law (including the UAE Personal Data Protection Law – Federal Decree‑Law No. 45 of 2021 (the “PDPL”)), we will ask for your explicit consent before processing certain types of personal data.

  1. Who we are and how to contact us

The controller responsible for your personal data is:

DISCGO PORTAL
Email: info@discgo.ae

If we are also subject to a free‑zone data protection regime (for example, DIFC Data Protection Law No. 5 of 2020 or the ADGM Data Protection Regulations), this Policy is intended to sit alongside those rules.

If you have any questions, requests or complaints about this Privacy Policy or our handling of your data, you can contact us using the details above.

Where required by law, we may appoint a Data Protection Officer (DPO) or equivalent contact point; if so, you can reach them using the same email address unless we publish a separate DPO contact

  1. Scope of this Privacy Policy

This Privacy Policy applies to:

  • individuals who use the App;

  • visitors to our website(s); and

  • partners and merchants whose offers or cards appear in the App, to the extent we process their contact details and analytics about how users interact with their offers.

It does not apply to:

  • third‑party websites, apps or services that we link to (for example, partner websites);

  • banks, card issuers, loyalty schemes or membership providers whose cards you add to DiscGo; or

  • partners’ own websites, apps, or in‑store systems.

Those third parties are responsible for their own privacy practices and should provide their own privacy notices.

3. Key concepts

For the purposes of this Policy:

  • “Personal data” means any information relating to an identified or identifiable natural person (for example, name, email, phone number, online identifier).

  • “Processing” means any operation performed on personal data (such as collection, storage, use, sharing or deletion).

  • “Controller” means the entity that decides why and how personal data is processed (here, DiscGo).

  • “Processor” means a party that processes personal data on behalf of a controller (for example, our hosting provider).

When we say “you” or “user”, we mean the natural person using the Services.

  1. The data we collect

We aim to collect only the minimum personal data needed to operate the Services, resolve issues and generate non‑identifying statistics about usage.

4.1 Information you provide directly

Account & profile data

When you create or access an account, you may provide:

  • Name (required for registration or for example, as provided by Google when you sign in with Google)

  • Email address (for example, as provided by Google when you sign in with Google);

  • Mobile phone number (for example, when you log in by OTP / passwordless login);

  • Date of birth (DOB) (if you choose to provide it);

  • Country of residence (if you choose to provide it);

  • Login method (e.g. “Google sign‑in”, “OTP login”, or other method we make available);

  • Optional profile information (such as a profile image or display name).

Important: We may use DOB to determine your age/age band (for example, for age eligibility, age‑relevant experiences, and ad targeting controls). Where feasible for our product design, we may rely on an age band rather than your full date of birth.

Membership & loyalty data

If you add cards or memberships to the App, we process:

  • The loyalty, membership, bank or partner programs you select;

  • Basic identifiers you choose to store (e.g. a membership number or program ID);

  • Your in‑app interactions with those cards (for example, viewing benefits, saving an offer, marking an offer as “used” or “favourite”).

Marking an offer as “used” inside DiscGo is an in‑app indicator only and does not prove that you actually redeemed the offer offline.

In‑app actions & preferences

We process information about how you use the App, such as:

  • Categories you’re interested in (e.g. dining, travel, wellness);

  • Offers or partners you view, search, save or mark as “used”;

  • Your settings and preferences (e.g. notifications, language, region settings);

  • Whether you choose an ad‑free subscription (if available).

Support & correspondence

If you contact us (for example, via in‑app chat or email), we process:

  • The content of your messages;

  • Your contact details (such as email address) and any metadata contained in your message;

  • Any attachments you send (e.g. screenshots).

Please avoid including sensitive personal data (such as health data, religion, political opinions, or full card details) in support messages, as we do not need this to assist you.

4.2 Authentication and log‑in data

We use passwordless authentication and third‑party identity providers so that we do not need to store your password.

Depending on what you choose, you may log in using:

  • Google Sign‑In
    Google authenticates you and then shares limited data with us (for example, your name, email address, profile image and a unique identifier). We do not receive your Google password. Your use of Google Sign‑In is also governed by Google’s own terms and privacy policy.

  • OTP / passwordless login (email / SMS)
    A one‑time password (OTP) is generated and delivered by a secure third‑party authentication service acting on our behalf. We do not store OTP codes after they are used. We store only that your email or phone number has been verified, along with technical identifiers needed to maintain your session.

In the future, we may also support other identity providers (for example, Apple ID or other social logins). If we do, they will authenticate you and share limited account data with us (usually name, email and an identifier). We will continue to avoid storing passwords ourselves.

4.3 Information collected automatically

When you use the Services, we automatically collect certain information from your device or browser:

Device & technical data

  • Device model and operating system;

  • App version;

  • Browser type (for website usage);

  • Language and time zone;

  • IP address (used for security, approximate location and fraud prevention).

Usage & diagnostics

  • App open/close events, screens viewed and features used;

  • Timestamps of actions (e.g. log‑in, adding a card, viewing an offer);

  • Crash logs and error reports;

  • Performance metrics (for example, response times).

This information is primarily used for security, performance monitoring, debugging and analytics, usually linked to an internal user or device ID rather than your name.

4.4 Location data

We may process location information in the following ways:

·       Approximate location, derived from your IP address (for example, to understand the city or region from which you access the Services); and/or

·       Precise location, derived from your device’s location services if you grant the App permission to access your location.

When you enable precise location access, we use it to:

·       show offers and retailers closest to your current location; and

·       improve the relevance of location-based content in the App.

Providing precise location data is optional. You can enable or disable location access at any time through your device settings. If you disable precise location access, the App may rely on approximate location or allow you to select a location manually, and some location-based features may be limited or unavailable.

We do not use precise location data for continuous or background tracking outside of the App’s active use, and we do not require location access for the core operation of the Services where location-based features are not being used.

4.5 Advertising and sponsored content data

DiscGo may monetise through Sponsored Listings, banner ads, and full‑screen ads (including video).

Depending on your settings, device permissions, and whether you use the ad‑supported version or an ad‑free subscription, we and/or our advertising partners may collect:

  • Advertising identifiers (where available), such as Apple’s IDFA or Android/Google Advertising ID;

  • Device and network data relevant to ad delivery, such as device type, OS, IP address, app version, language/time zone;

  • Ad interaction data, such as ad impressions, clicks, video start/complete events, skip/close events (if applicable), and attribution data (for example, whether an ad led to an install or other action);

  • Fraud and security signals used to detect invalid traffic and protect advertisers and users.

Sponsored Listings may also generate analytics such as views, clicks, saves, and “used” markers in the same way as other listings.

4.6 Payment and subscription data

If you purchase a paid subscription (for example, an ad‑free plan):

  • Payments are processed by secure third‑party payment service providers (for example, payment gateways or app‑store billing providers) who are responsible for storing your full card details and complying with card security standards such as PCI‑DSS.

  • DiscGo does not store your full card number, CVV or card PIN.

We may receive and process limited payment/subscription information, such as:

  • Subscription plan, billing period and renewal status;

  • Transaction reference, date, amount and currency;

  • Store receipt/transaction identifiers (as applicable);

  • Payment status (success/failed).

We use this to manage your subscription, deliver subscription benefits (for example, removing certain ads), handle billing‑related queries and comply with legal and accounting requirements.

4.7 Data from partners and other third parties

We may receive limited information about you or your device from:

  • Technology and infrastructure providers (hosting, analytics, crash reporting, authentication, communications) – typically technical logs and usage metrics;

  • Platform operators (for example, app stores) – information about installs, subscriptions, refunds and fraud checks;

  • Advertising partners – ad delivery and measurement information;

  • Partners and merchants – in rare cases, where necessary to troubleshoot a technical issue with a specific integration or to understand, in aggregated form, how DiscGo is used in connection with their offers.

We do not receive detailed transactional information from partners (for example, exactly what you bought in a physical store) unless clearly described in a specific feature.

4.8 Special categories and persons below 18

We do not intentionally collect:

  • special categories of personal data (such as health data, biometric data, political or religious beliefs, or criminal records); or

  • data relating to persons below 18 years of age.

The Services are not directed to persons below 18 years of age. If we learn that we have collected personal data from a person below 18 without appropriate consent or legal basis, we will delete it as soon as reasonably possible.

  1. Why we use your data and legal bases

We only process your personal data where we have a lawful basis to do so. Depending on the situation, one or more of the following legal bases may apply under applicable UAE law:

  • Your consent (e.g. certain marketing communications, optional features, certain advertising/personalisation where required);

  • Performance of a contract with you or to take steps at your request before entering into a contract (e.g. providing the App and its core features);

  • Compliance with legal obligations;

  • Protection of your interests or those of another person (e.g. security, fraud, misuse);

  • Statistical or research purposes, where permitted and subject to safeguards.

Below are the main purposes for which we process your data.

5.1 To provide and operate the Services

We use your data to:

  • create and manage your account;

  • allow you to add and manage your cards and memberships;

  • display offers, categories and content;

  • record in‑app actions (for example, views, saves, “used” markers) so the App can function as expected.

Legal bases: performance of a contract with you; your consent where required for certain optional features.

5.2 To personalise content and user experience

We use your data to tailor your experience, including:

  • language and region settings;

  • showing offers that are relevant to your selected cards/memberships;

  • (where enabled) showing nearby offers using approximate location;

  • using DOB/age band, country of residence:

    • improve relevance (for example, showing region‑specific benefits), and/or

    • display eligibility information.

Legal bases: performance of a contract; consent where required.

5.3 To deliver advertising and sponsored content (and to fund the Service)

We use and process certain data to:

  • show Sponsored Listings, banner ads and full‑screen ads in the ad‑supported version;

  • measure ad effectiveness (impressions, clicks, video completions);

  • prevent fraud and invalid traffic;

  • cap frequency (to avoid showing the same ad too often); and

  • where enabled/allowed, personalise ads.

Personalised advertising and profiling:
We may use information such as DOB/age band, country of residence, approximate location, and in‑app behaviour (such as categories viewed) to customise the ads and sponsored content you see. Where required by law, we will request your explicit consent for personalised advertising and/or profiling and provide controls to opt out.

Legal bases: consent where required; otherwise, providing and operating an ad‑supported service and ensuring security/fraud prevention.

5.4 To provide an ad‑free subscription (if offered)

If you purchase an ad‑free subscription, we use subscription and entitlement information to:

  • verify your subscription status;

  • remove or suppress certain ad formats (for example, banner ads and full‑screen ads) while your subscription is active;

  • provide subscription support.

Important: Even on an ad‑free subscription, you may still see:

  • service messages (e.g. security notices, policy updates); and/or

  • listings that are “Sponsored” as part of the offers marketplace experience (unless your subscription explicitly states that it removes Sponsored Listings as well).

Legal bases: performance of a contract; compliance with accounting/legal obligations.

5.5 To maintain security, prevent misuse and fix technical issues

We use data (including logs and diagnostics) to:

  • protect accounts and systems from fraud, abuse and unauthorised access;

  • detect and investigate suspicious activity;

  • monitor performance and reliability;

  • debug and resolve issues, including by sharing limited technical data with trusted IT partners.

We aim to share only what is necessary, preferably in anonymised or pseudonymised form, and to use appropriate contractual safeguards.

Legal bases: protection of interests; compliance with legal obligations; security and fraud prevention.

5.6 To generate aggregated statistics and insights

We process usage information to:

  • understand how users as a group use the App;

  • measure adoption and engagement with partner programmes (for example, how many users added a card or viewed a category);

  • prepare non‑identifying, aggregated reports for ourselves and for partners.

These reports are designed so that partners cannot identify individual users from them. We clarify to partners that in‑app indicators like “used” markers represent interest or self‑reported usage, not verified redemption.

Legal bases: statistical purposes where permitted; performance of a contract; consent where required for certain analytics tools.

5.7 To communicate with you and provide support

We use your data to:

  • send service and transactional messages (e.g. verification codes, security notices, policy updates);

  • respond to support requests, feedback and complaints;

  • handle subscription and billing queries.

Legal bases: performance of a contract; compliance with legal obligations; consent where required for certain communications.

5.8 Marketing and promotions

Where permitted by law, we may:

  • send information about new features, offers or promotions related to DiscGo;

  • show in‑app messages or push notifications.

We will obtain consent where required (for example, for certain electronic marketing). You can withdraw consent or opt out at any time (see Section 12).

Legal bases: consent; other lawful bases where applicable and permitted, subject to your right to opt out.

5.9 To comply with laws and enforce our rights

We may process your data to:

  • comply with legal and regulatory obligations;

  • maintain accounting and tax records;

  • respond to lawful requests from authorities;

  • enforce our Terms of Use and protect our users and business.

Legal bases: compliance with legal obligations; protection of interests; legal claims and defence.

  1. Cookies and similar technologies

Website: We may use cookies or similar technologies to operate the website, remember preferences, perform analytics, and (where applicable) support advertising and measurement. Where required, we will provide a cookie notice and allow you to manage preferences.

App: We may use SDKs and similar technologies for analytics, crash reporting, authentication, advertising delivery and measurement.

You can manage cookies through your browser settings and, where available, through cookie preference tools. For app‑based tracking and advertising identifiers, see Section 12.

  1. Aggregated and anonymised data

We may convert personal data into aggregated or anonymised information that does not identify any individual (for example, usage statistics).

We may use and share such data for legitimate business purposes, including:

  • internal analytics and business planning;

  • reporting to partners;

  • improving and developing the Services.

When we anonymise personal data, we apply reasonable methods designed to prevent re‑identification.

  1. How we share your information

We do not sell your personal data.

We only share personal data in the limited circumstances described below.

8.1 Service providers and IT partners

We use trusted third‑party service providers who help us operate, maintain and support the Services, including:

  • cloud hosting and storage providers;

  • analytics and crash‑reporting services;

  • authentication and OTP providers;

  • payment processors and billing platforms;

  • email, messaging and customer support tools.

These providers are required by contract to process personal data only for agreed purposes, keep it confidential, implement appropriate security measures, and delete or return it where required.

When we work with external developers or IT partners on specific issues, we share only the minimum data needed, preferably anonymised or pseudonymised (for example, logs showing internal IDs instead of names or emails).

8.2 Advertising networks, measurement, and anti‑fraud partners

If you use the ad‑supported version, we may share certain technical and advertising‑related data with advertising partners to:

  • deliver ads, measure ad performance, and prevent fraud/invalid traffic.

This may include ad identifiers (where available), device/network data, and ad interaction events. Some advertising partners may process certain information as independent controllers under their own policies. Where this occurs, their privacy policies apply to their processing.

If you opt out of personalised ads (where available) or subscribe to an ad‑free plan, we aim to reduce or stop the use of advertising identifiers and targeted ad processing as applicable, while still maintaining essential security and fraud prevention controls.

8.3 Partners and merchants on DiscGo

We may share with partners aggregated, statistical information that does not identify individual users, such as:

  • the number or percentage of users who added a specific partner’s card;

  • how often a partner’s offers were viewed or saved;

  • trends by category, region or time period.

We do not routinely share your individual identifying details (such as your name, email, phone number, DOB) with partners for their independent marketing or profiling, unless:

  • we have your explicit consent; or

  • it is strictly necessary to provide a specific feature or service you requested and we have told you your details will be shared.

We clarify to partners that in‑app “used” markers and similar signals are indicative only, not proof of real‑world redemption.

8.4 Legal and regulatory disclosures

We may disclose personal data where we reasonably believe it is necessary to:

  • comply with applicable laws, regulations or legal processes;

  • respond to lawful requests from authorities or regulators;

  • enforce our Terms of Use;

  • investigate and help prevent fraud, security incidents or other unlawful activity; or

  • protect the rights, property and safety of DiscGo, our users, partners or the public.

Where legally permitted, we will consider your interests and the impact on your privacy before responding to such requests.

8.5 Business transfers

If we undergo a merger, acquisition, sale of assets, restructuring or similar transaction, personal data may be transferred as part of that transaction, subject to confidentiality obligations and continued protection consistent with this Privacy Policy (or a policy providing comparable protection).

  1. International data transfers

Our servers and some service providers may be located outside the UAE, and your personal data may be transferred to and processed in other countries.

Where we transfer personal data internationally, we will take reasonable steps to comply with applicable UAE legal requirements and to ensure an appropriate level of protection, for example through contractual safeguards or other lawful mechanisms.

  1. . Data retention

We keep personal data only as long as reasonably necessary for the purposes described in this Privacy Policy, including:

  • providing and maintaining the Services;

  • complying with legal and regulatory obligations;

  • resolving disputes; and

  • enforcing our agreements.

In general:

  • Account data is retained while your account is active. If you delete your account, we will delete or irreversibly anonymise your personal data within a reasonable period, unless we need to keep some information longer for legal, accounting, fraud prevention or legal defence reasons.

  • Technical logs and diagnostics are retained for a limited period appropriate for security and troubleshooting.

  • Advertising logs/events are retained for periods needed for billing, auditing, fraud prevention, and measurement, in line with our contracts and legal obligations, and then deleted or anonymised.

  • Payment and billing records may be kept for the periods required by financial and tax laws.

  • Aggregated or anonymised data may be kept longer because it no longer identifies you.

  1. . Data security

We implement appropriate technical and organisational measures to protect personal data, such as:

  • encryption in transit (HTTPS/TLS);

  • access controls and authentication;

  • limiting access to production systems on a need‑to‑know basis;

  • monitoring and security logging;

  • using trusted service providers with contractual security obligations.

We also reduce risk by avoiding storage of passwords; authentication is handled through third‑party identity providers and OTP services.

No system can be completely secure. We cannot guarantee absolute security, but we take security seriously and will respond promptly to incidents.

Where required by law, we will notify the relevant regulator and, where appropriate, affected individuals in the event of a qualifying data breach.

12. Your Rights

Depending on applicable law, you may have rights such as:

  • access to information about your personal data and how it is processed;

  • access to your personal data;

  • correction of inaccurate or incomplete data;

  • deletion/erasure in certain circumstances;

  • restriction of processing in certain circumstances;

  • data portability for certain data;

  • objection to certain processing (including direct marketing, and profiling related to direct marketing);

  • objection to certain automated decision‑making/profiling that has legal or significant effects;

  • withdrawal of consent where consent is the basis of processing; and

  • the right to complain to a competent authority.

To exercise your rights, contact us at [info@discgo.ae]. We may need to verify your identity before responding.

13. Your choices and controls

You can control certain aspects of how we use your information:

  • Account & profile – update certain details in the App (where available) or contact us.

  • Marketing – opt out using unsubscribe links, App settings (where available), or device notification settings.

  • Location – enable or disable location permissions via your device settings.

  • Personalised ads (where available) – you may be able to opt out via:

    • in‑app settings (if provided); and/or

    • device settings (for example, limiting ad tracking or resetting your advertising identifier).
      If you opt out, you may still see ads, but they may be less relevant.

  • Cookies – manage cookies via browser settings and, where required, through cookie preference tools on our website.

Disabling certain permissions or settings may affect functionality.

14. Persons below 18 years of age

The Services are not intended for persons below 18 years of age, and we do not knowingly collect personal data from them.

If you believe a person below 18 has provided personal data to us, please contact [info@Discgo.ae] so we can delete it.

15. Links to third‑party sites and services

The Services may contain links to third‑party websites, apps or services. We do not control them and are not responsible for their privacy practices. Please review their privacy policies.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the Effective date and/or Last updated date and, where appropriate, notify you through the App, website or email.

Your continued use of the Services after the updated Policy becomes effective means you accept the changes except where we are required by law to obtain your consent for new or materially different processing, in which case we will request consent.

17. How to contact us

Email: [support@Discgo.ae]
Address: Dubai, UAE

Please do not include sensitive personal data or full payment card details in your messages.