GRANITE App Privacy Policy

1. Introduction

This Privacy Policy explains how GRANITE collects, uses, stores, processes, shares, and protects your personal information when you use the GRANITE mobile application, website, dashboards, products, and related services (collectively, the “Platform”).

By accessing or using the Platform, you acknowledge and agree to the practices described in this Privacy Policy.

2. Who We Are

GRANITE Holding for Financial Investments S.A.E. (“GRANITE”, “we”, “our”, or “us”) is an Egyptian joint-stock company licensed and regulated by the Financial Regulatory Authority to receive subscription, purchase, and redemption orders for investment funds.

GRANITE operates digital financial services and related infrastructure in compliance with applicable Egyptian laws and regulatory requirements.

3. Information We Collect

We may collect and process the following categories of information:

A. Personal Identification Information

Full name
National ID or passport details
Date of birth
Nationality
Gender
Signature
Photograph and biometric verification data
Mobile number
Email address
Residential address

B. Financial & Banking Information

Bank account details
Transaction history
Account balances
Fund holdings
Source of funds information where required

C. Corporate Information (for Corporate Accounts)

Company name
Commercial Register
Tax information
Authorized signatories
Beneficial ownership information
KYB/KYC documentation

D. Technical & Device Information

IP address
Device identifiers
Mobile device information
Browser type
Operating system
App usage data
Log files
Location data where permitted

E. Security & Monitoring Information

Login activity
Authentication attempts
Transaction logs
Security alerts
Audit trails
Fraud monitoring records

GRANITE maintains logging, monitoring, and audit systems to support security, operational resilience, fraud prevention, and regulatory compliance.

4. How We Collect Information

We collect information through:

Account registration forms.
Electronic onboarding and KYC processes.
OTP and biometric verification.
Transactions performed on the Platform.
Communications with customer support.
Cookies and analytics tools.
Device and system monitoring technologies.
Third-party verification providers.
Regulatory and compliance checks.

5. How We Use Your Information

We use your information to:

Service Delivery

Open and maintain accounts.
Process subscriptions and redemptions.
Operate and improve the Platform.
Provide customer support.

Regulatory & Compliance Purposes

Perform KYC/KYB verification.
Comply with AML/CTF regulations.
Meet FRA reporting obligations.
Conduct sanctions screening and fraud prevention.

Security & Risk Management

Detect suspicious activity.
Monitor cybersecurity threats.
Prevent unauthorized access.
Conduct audits and investigations.

Operational & Business Purposes

Improve user experience.
Analyze system performance.
Conduct analytics and reporting.
Develop and improve services.

Communications

Send service notifications.
Deliver operational updates.
Provide legal or regulatory notices.
Respond to inquiries and complaints.

6. Legal Basis for Processing

We process your information based on:

Your consent.
Performance of contractual obligations.
Compliance with legal and regulatory obligations.
Legitimate business interests including security, fraud prevention, and operational integrity.

7. Sharing of Information

We may share your information with:

Regulatory Authorities

Including the Financial Regulatory Authority and other authorized governmental or regulatory bodies where legally required.

Licensed Service Providers

Including:

Custodian banks.
Fund administrators.
Identity verification providers.
Payment processors.
Cloud infrastructure providers.
Cybersecurity providers.
Audit and compliance service providers.

FRA-Authorized Reporting Entities

Including entities involved in reporting, reconciliation, audit trails, and regulatory visibility requirements.

Professional Advisors

Including legal, accounting, compliance, audit, and consulting firms.

Law Enforcement & Legal Requests

Where required by law, court order, or governmental request.

We do not sell your personal information.

8. Data Storage & Hosting

GRANITE uses secure hosting and cloud infrastructure providers to support Platform operations and security controls.

Information may be stored and processed within secure cloud environments and backup systems subject to applicable regulatory and security standards.

Security, backup, monitoring, logging, and business continuity controls are implemented as part of GRANITE’s cybersecurity and operational resilience framework.

9. Data Retention

We retain personal information for as long as necessary to:

Provide services.
Comply with regulatory obligations.
Resolve disputes.
Prevent fraud.
Meet audit and legal requirements.

Certain transaction logs, audit trails, and compliance records may be retained for a minimum of five (5) years or longer where required by law or regulation.

10. Information Security

GRANITE implements administrative, technical, organizational, and security measures designed to protect your information, including:

Encryption.
Access controls.
Role-based permissions.
Security monitoring.
SIEM and SOC monitoring.
Incident response procedures.
Backup and recovery systems.
Disaster recovery planning.
Vulnerability management.

GRANITE maintains cybersecurity, risk management, backup, incident response, SDLC, and business continuity frameworks aligned with applicable regulatory standards and industry practices.

However, no system or transmission method can guarantee absolute security.

11. Your Responsibilities

You are responsible for:

Maintaining confidentiality of your credentials.
Securing your device and email access.
Protecting OTPs and authentication methods.
Reporting suspicious activity immediately.
Providing accurate and updated information.

12. Cookies & Analytics

GRANITE may use cookies, device identifiers, and analytics technologies to:

Improve Platform performance.
Remember preferences.
Analyze usage trends.
Detect fraud and abuse.
Enhance security.

You may adjust certain browser or device settings to limit cookie usage, though this may affect Platform functionality.

13. Your Rights

Subject to applicable laws and regulatory obligations, you may have the right to:

Access your personal information.
Request correction of inaccurate information.
Request updates to your information.
Withdraw certain consents where legally permitted.
Request account closure subject to legal retention requirements.

Certain data may continue to be retained after account closure where required for compliance, audit, fraud prevention, or legal purposes.

14. Third-Party Services

The Platform may integrate with or rely on third-party providers.

GRANITE is not responsible for the privacy practices, policies, or security controls of third-party websites, applications, banks, telecom providers, or external services not directly controlled by GRANITE.

15. Children’s Privacy

The Platform is not intended for individuals under 18 years of age.

GRANITE does not knowingly collect personal information from minors.

16. Changes to this Privacy Policy

GRANITE may amend this Privacy Policy from time to time.

Updated versions become effective upon publication through the Platform or other communication channels.

Continued use of the Platform after updates constitutes acceptance of the revised Privacy Policy.

17. Contact Us

If you have any questions regarding this Privacy Policy or your personal information, you may contact us through:

Email: cs@granite.eg
Phone: +20 108 050 5586
Help Center: https://support.granite.eg/en

18. Consent

By accessing or using the Platform, you:

Consent to the collection and processing of your information as described in this Privacy Policy.
Acknowledge electronic communications and electronic records.
Confirm that the information you provide is accurate and lawful to share.