FFS Software Solutions L.L.C.
Last Updated: August 2025

1. Our Commitment

At FFS Software Solutions L.L.C. (“FFS”, “we”, “our”, or “us”), protecting customer data is a core responsibility.
We are committed to maintaining the confidentiality, integrity, and availability of data processed through our platforms and services, including DigiCase Cloud, CXLink, DigiXP, DigiCharity, eMasraf, and related solutions.

FFS applies industry-recognized security standards and best practices to safeguard data against unauthorized access, loss, or misuse.

2. Security Measures

FFS implements layered technical and organizational security controls, including but not limited to:

Encryption

• Data in transit: Encrypted using TLS 1.2 or higher

• Data at rest: Encrypted using AES-256 or equivalent standards

Access Control

• Role-based access control (RBAC)

• Principle of least privilege

• Multi-factor authentication (MFA) support

• Segregation of tenant and customer data in multi-tenant environments

Monitoring & Operations

• 24/7 infrastructure and security monitoring

• Logging of system activities and access events

• Regular vulnerability assessments and security reviews

Backup & Recovery

• Automated daily backups

• Secure storage of backup data

• Standard retention period of up to 30 days, unless otherwise agreed

3. Data Residency & Hosting Options

FFS supports multiple hosting and deployment models to meet regulatory and business requirements:

• Cloud hosting regions:

  • United Arab Emirates (UAE)

  • European Union (EU)

  • United States (US)

• Enterprise options:

  • Private cloud deployment

  • On-premises deployment (subject to agreement)

Data residency and hosting location are defined by customer choice and contractual arrangements.

4. Compliance & Standards Alignment

FFS aligns its processes and controls with recognized security and privacy frameworks, including:

• GDPR-compliant data handling practices

• ISO/IEC 27001 aligned information security controls

• SOC 2 Type II aligned operational and security processes

For specific industries:

• HIPAA-aligned controls are available for healthcare customers under Enterprise agreements, where applicable

Formal certifications or audit reports may be provided subject to contractual terms.

5. Incident Response & Breach Management

FFS maintains a documented incident response process to address security events promptly and effectively.

• Security incidents are logged, assessed, and investigated by qualified personnel

• Containment and remediation actions are initiated without undue delay

• Affected customers are notified in accordance with applicable Service Level Agreements (SLAs) and legal requirements

6. Shared Responsibility

While FFS secures the underlying platform and infrastructure, customers are responsible for:

• Managing user access and permissions

• Protecting their credentials

• Ensuring lawful use and compliance of data uploaded or processed within the Services

7. Continuous Improvement

FFS continuously reviews and enhances its security posture through:

• Regular policy reviews

• Technology updates

• Security awareness and training

• Risk assessments and improvement initiatives