Compliance

Our compliance framework. Documented for partners.

Doro Technologies Ltd is a DIFC-registered software platform for UAE real estate transactions. This page sets out our compliance framework, controls, and governance arrangements for partners considering integration.

DIFC Registration CL12687Data Protection Registration SR-708142Document version 1.01 April 2026

About

Software infrastructure. Not a payment provider.

What Doro does

Provides a closed software platform for verified UAE real estate businesses
Generates structured payment links anchored to verified property transactions
Coordinates buyer identity verification, source-of-funds documentation, and audit trail
Hands every regulated step (custody, conversion, settlement) to licensed PSP partners
Maintains a full audit log of every action

What Doro does not do

Custody, hold, convert, or transmit funds
Make the regulated approval decision on a transaction
Operate as a payment provider, MSB, or VASP
Hold itself out as a regulated financial institution
Make compliance decisions that override licensed counterparties

Doro is registered in the DIFC as a software house under licence CL12687. Doro is not a DFSA Authorised Firm and does not perform DFSA-regulated activities.

How it works

Two independent layers of control

Doro and the licensed PSP partner play different roles in the decision chain. Understanding the asymmetry is important to partners considering integration.

The PSP decides regulated activity

Whether a buyer's identity passes KYC, whether a wallet is clear of sanctions exposure, and whether funds may be released to the seller. These are decisions made by licensed parties under their own regulatory authorisations. Doro does not make these decisions and does not override them.

Doro decides platform participation

Doro reserves the right to decline to provide its service to any counterparty or transaction, including where the licensed PSP would proceed. A payment link created on Doro is not guaranteed to become live or active. If our internal controls surface concerns about the originating business, the documentation, the buyer profile, or any other factor, Doro will decline to issue or maintain the link.

Either layer can stop a transaction. Neither layer can compel the other to proceed.

Access controls

Three gates before any transaction

Doro is not accessible to the general public. Every transaction passes through three layers of control.

01 / 03

Verified business

Active UAE trade licence (DED, free zone, or DIFC)
Registration with the Dubai Land Department
Beneficial ownership verification (UBOs at or above 25%)
Sanctions, PEP, and adverse media screening on each UBO and authorised signatory
Agency bank account holder name verified against trade licence
UAE PASS authentication for staff
Active RERA broker registration for licensed agents

02 / 03

Verified transaction

Sale and Purchase Agreement (SPA) required
Title deed reference cross-checked against Dubai Land Department records
Form F (DLD's official sale and purchase agreement) collected and retained
Property valuation reviewed against transaction amount
Seller identity matched against registered owner on title deed
Beneficiary bank account holder name matched against seller of record
Documents ingested through structured platform flows including verified WhatsApp ingestion

03 / 03

Verified approval

Agency-level approval workflow before any payment link is issued
Every approval logged with timestamp and identifier of the approver
Multi-party commission splits documented with named recipients
All payment links carry an immutable identifier and audit trail

Framework

Documented, reviewed, accountable

Doro maintains a documented compliance framework covering anti-money laundering, counter-terrorist financing, sanctions, data protection, and operational risk. The framework is implemented through internal policies, supporting procedures, automated controls, and outsourced specialist functions.

AML and CTF Policy

Full policy with documented Customer Due Diligence, Sanctions Screening, and SAR procedures. Reviewed annually and on material change.

Customer due diligence

Identity verification through specialist providers. Sanctions, PEP, and adverse media screening at onboarding and continuously.

Sanctions screening

UN, OFAC, EU, UK, and UAE local lists. Real-time matching at onboarding, transaction time, and on list updates.

Wallet and transaction screening

Blockchain analytics screening on every wallet, performed by licensed PSP partners.

Data protection

DIFC DPL compliance. Active ROPA, DPIA, breach notification, and data subject rights procedures.

Audit and record keeping

Immutable audit log on every action. Retention aligned to UAE AML and DIFC commercial law standards.

Real estate-specific

Controls built for property transactions

Real estate carries distinct AML risks. Documentary fraud, title manipulation, valuation games, and structured payments across multi-party splits. Generic fintech compliance does not cover these. Doro's platform-level controls are calibrated for the realities of UAE property transactions.

01
Title deed verification
Every title deed reference is cross-checked against Dubai Land Department records.
02
Form F collection
DLD's official sale and purchase agreement is collected and retained on every transaction.
03
Property valuation review
Transaction amount cross-checked against property valuation, with material variance triggering enhanced review.
04
Identity-to-deed matching
Seller identity verified against the registered owner on the title deed.
05
Beneficiary name matching
Bank account holder name matched against seller of record before settlement instruction is issued.
06
Multi-party commission discipline
Each commission split recipient documented and verified before payment.
07
Cross-deal pattern analysis
Properties, sellers, buyers, and agents monitored for unusual patterns across the platform's deal history.

Registrations

Verifiable. Public. On the record.

Doro registrations

DIFC Commercial Licence
CL12687 · issued 19 February 2026
Verify
DIFC Data Protection Registration
SR-708142
Verify
Registered office
Innovation One, Level 1, DIFC, Dubai

Operational partners

Identity verification
Sanctions, PEP, and adverse media screening (under DPA with Doro)
Wallet and transaction screening
Blockchain analytics, engaged via licensed PSP partners
Cloud infrastructure
AWS Middle East (Bahrain region), under standard AWS Data Processing Addendum
Federated identity authentication
UAE PASS for UAE residents
Licensed PSP partners
Payment processing, custody, conversion, settlement

Third-party security certifications such as ISO 27001 and SOC 2 are part of Doro's roadmap. We list them here when we hold them, not before.

For partner due diligence

What we can share

Doro maintains a complete set of compliance documentation, available to partners and counterparties under NDA. The full pack is provided on request and updated continuously as our framework evolves.

AML and CTF Policy (full document)
Customer Due Diligence Procedure
Sanctions Screening Procedure
Suspicious Activity Reporting Procedure
Outsourcing and Vendor Management Policy

Data Protection Compliance Programme and ROPA
Sub-processor list with DPA status
DIFC Commercial Licence and Certificate of Incumbency
DIFC Data Protection Registration confirmation
Sample audit log entry from a completed transaction (redacted)

Point of contact

Mohamed Kheir

Chief Executive Officer

For compliance, partner due diligence, and data protection inquiries.

mohamed@paywithdoro.com

Request compliance documentation