Client Document Handling Policy

Last Updated: May 2026

Client Document Handling & Security

At EXILOZ Management & Tax Consultant LLC, we recognize that bookkeeping, VAT return preparation, and corporate tax structuring require us to collect highly sensitive financial records. This Client Document Handling Policy establishes our corporate security standards and outlines how we receive, store, share, and retain your business files.

1. Types of Corporate Documents Accepted

We receive and process only the documents required to carry out our professional scope. These include:

• Financial Transactions: Sales invoices, purchase bills, general ledger data, payroll records, and bank statements in original format (.xlsx or secure PDF).
• Legal Company Permits: Trade Licenses, Memorandum of Association (MOA), shareholder structures, and VAT/TRN Certificates.
• Signatory Credentials: Emirates ID or passport copies of designated corporate directors and authorized signatories (only when requested for official FTA registrations or company setups).

2. Recommended Secure Submission Channels

We advise clients to send business files solely through secure, traceable corporate channels:

• Direct encrypted email to our designated consultant at `@exiloz.com`.
• Password-protected digital folders (such as secure Google Drive, OneDrive, or Dropbox links shared exclusively with our email addresses).
• Direct physical document delivery to our Deira, Dubai office (by prior appointment).

We strongly advise against sending unencrypted sensitive ledgers, bank credentials, or tax declarations through standard instant messaging apps (such as public WhatsApp threads) for data security reasons.

3. Internal Security Controls & Restrictive Access

To protect client confidentiality, we implement strict, multi-tiered security protocols:

• Restrictive Access: Document access is strictly limited to authorized personnel. Only the dedicated professional accountant or tax consultant assigned to your account can access your files.
• Network Protections: All digital files are saved under password-controlled and firewalled directories on secure local or private cloud servers. We prevent any public folder exposure or accidental leaks.
• No Commercial Utilization: We do not sell, lease, or distribute your corporate ledgers, financial details, or invoices to any third-party marketing companies.

4. Authorized Third-Party Sharing

We only share client documents with third parties in the following specific scenarios:

• To submit tax filings through the official **Federal Tax Authority (FTA) EmaraTax portal** under your explicit authorization and login credentials.
• To process certification reviews with **MoIAT approved certifiers** for ICV Certificate applications (as contracted by the client).
• To fulfill mandatory court, law enforcement, or state audit orders under federal UAE statutes.

5. Document Return & Deletion Requests

Following the completion of our services, clients can request in writing the return of physical files or the secure deletion of digital records from our active servers. Please note that under **Article 7 of the UAE Tax Procedures Law**, we are legally required to maintain client compliance archives and file histories for a minimum of 5 years (or 15 years for real estate matters) to support potential retroactive FTA audits.