Legal

Security Overview

(Last Revised: November 27, 2025 | UAE Orders Only)

At Totot.ae, safeguarding your information is our top priority. We are committed to implementing robust security measures to protect your personal and transactional data in accordance with UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law – PDPL) and UAE Central Bank regulations. This Security Overview outlines our approach to ensuring a secure and trustworthy platform for all UAE users.

🇦🇪 UAE-Specific Security Compliance

Governing Framework: Our security practices comply with:
• UAE PDPL (Federal Decree-Law No. 45 of 2021)
• UAE Central Bank Circular No. 14 of 2021 (Electronic Payments Security)
• UAE Telecommunications Regulatory Authority (TRA) regulations
Regulatory Oversight: Security audits conducted quarterly by UAE-certified firms
Business Registration:
• Commercial License Number: CN-4549043
• Trade Name: Better Tech Mobile Phone & Computers – Sole Proprietorship LLC
• License Validity: October 15, 2025 – October 14, 2026

🔒 Our Security Architecture

Infrastructure Security

Hosting Environment:
• All data hosted on Hostinger UAE servers (Abu Dhabi region)
• Physical security compliant with UAE Central Bank standards
• DDoS protection with 10Gbps capacity (UAE threat landscape focused)
Network Protection:
• Enterprise firewalls with UAE-specific threat intelligence feeds
• Web Application Firewall (WAF) with PCI DSS compliance rules
• Network segmentation isolating payment processing systems

Data Protection

Data Type	Protection Method	Compliance Standard
Personal Information	AES-256 encryption at rest + TLS 1.3 in transit	UAE PDPL Article 10
Payment Details	Tokenization via Stripe (zero card data stored on our servers)	PCI DSS Level 1
Account Credentials	bcrypt hashing with salt (12 rounds) + multi-factor authentication option	UAE Central Bank Circular 14
Session Data	JWT tokens with 15-minute expiration + IP binding	UAE E-Commerce Law Article 28

Payment Security

Stripe Integration:
• Direct PCI DSS Level 1 compliant payment processing
• 3D Secure 2.0 authentication for all card transactions (UAE Central Bank requirement)
• Real-time fraud monitoring using UAE-specific risk rules
Cash on Delivery (COD):
• Emirates ID verification at delivery (Aramex UAE integration)

👤 Your Security Responsibilities

As a UAE customer, you agree to:

Account Protection:
• Use strong passwords (12+ characters with numbers/symbols)
• Enable WhatsApp notifications for login alerts (9 AM–10 PM GST)
• Never share OTP codes received via SMS/WhatsApp
Transaction Safety:
• Verify order details before confirming payment
• Only use trusted devices for financial transactions
• Report suspicious activity immediately via WhatsApp: +971 56 633 7279
Device Security:
• Keep operating systems updated with UAE CERT security patches
• Use UAE-approved antivirus software on devices used for shopping

⚖️ Liability & Incident Response

Our Commitments

Breach Notification:
• Within 24 hours to affected UAE customers via SMS/WhatsApp
• Within 72 hours to UAE Data Office per PDPL Article 26 requirements
Compensation Policy:
• Full reimbursement for verified unauthorized transactions (up to AED 50,000)
• Free identity protection services for 24 months after confirmed breaches

Limitations of Liability

We are not liable for losses resulting from:

Customer negligence (e.g., password sharing, public device usage)
Verified UAE government security directives requiring data disclosure
Force majeure events (UAE natural disasters, infrastructure failures)
Third-party applications installed on customer devices

Third-Party Security

Aramex UAE: Delivery data protected under UAE logistics security framework
Stripe: Payment processing governed by UAE Central Bank approved agreements
Hostinger UAE: Infrastructure security certified by UAE National Electronic Security Authority (NESA)

🚨 Security Incident Procedures

If You Suspect Unauthorized Activity:

Immediate Actions:
• WhatsApp +971 56 633 7279 with “SECURITY ALERT + Order #______”
• Change password via My Account (if accessible)
Our Response Timeline:
• Account freeze within 15 minutes of verified report
• Full investigation completed within 72 hours
• Resolution communicated within 5 business days

For Confirmed Security Incidents:

Data Breaches:
• Free credit monitoring via UAE partner (Emirates NBD Security)
• Dedicated support agent assigned for 90 days
Payment Fraud:
• Immediate card blocking coordination with UAE banks
• Replacement orders shipped at no cost (priority delivery)

📱 UAE Security Support

For security concerns or incident reporting:

24/7 WhatsApp Security Hotline: +971 56 633 7279
(Dedicated security team – response within 15 minutes)
Email: support@totot.ae (encrypted PGP available upon request)
In-Person Reporting:
Better Tech Mobile Phone & Computers
Al Mantaqah As Sina’iyah 1,278 St, Musaffah
Abu Dhabi City, Zone: Musaffah
P.O. Box 20317, UAE
(By appointment only – UAE security protocols apply)
UAE Regulatory Reporting:
We assist customers in reporting incidents to UAE authorities including:
• UAE Data Office (data breaches)
• UAE Central Bank (payment fraud)
• UAE Computer Emergency Response Team (aeCERT)

🔁 Policy Updates & Reviews

Security Audits: Conducted quarterly by UAE-certified firms
Policy Updates: Notified via email 30 days before implementation
Last Security Assessment: November 25, 2025 by Emirates Digital Security LLC
Current Version: UAE-PDPL-SECURITY-2025-v3.0

Google Merchant Center Compliance Note:
“Security practices comply with UAE Federal Decree-Law No. 45 of 2021 (PDPL) and UAE Central Bank Circular No. 14 of 2021. All payment processing via PCI DSS Level 1 certified Stripe gateway. No card data stored on merchant servers. 24/7 security monitoring with UAE-based incident response team. All data stored on UAE servers. Breach notification within 24 hours to affected customers. Registered business: Better Tech Mobile Phone & Computers, License CN-4549043, Address: Al Mantaqah As Sina’iyah 1,278 St, Musaffah, Abu Dhabi 20317.”