ARC Forge is the foundational infrastructure layer that lets banks, fintechs, and enterprises build, run, and scale financial products — without assembling the underlying stack themselves.
ARC Forge is the core infrastructure engine that powers financial products from the ground up. It handles the hard, regulated, mission-critical parts — payment processing, double-entry ledgering, real-time compliance, and ecosystem connectivity — so your team can focus on building the product, not the plumbing.
Think of it as your licensed, battle-tested financial operating system: API-accessible, modular, and built to the standards of central banks and card networks from the first line of code.
Each Forge module handles a distinct layer of the financial stack — deploy the entire engine or activate only the modules your product needs.
The front door to ARC Forge. Forge Gateway validates, authenticates, and routes every inbound transaction request — applying rate limits, idempotency controls, fraud pre-screening, and format normalisation before a single instruction reaches the engine.
The processing core. Forge Engine executes transaction logic, manages state transitions, handles reversals and refunds, applies business rules, and orchestrates the flow between Ledger, Gateway, and Connect — all in real time with full event emission.
A real-time, double-entry accounting ledger built for financial accuracy. Forge Ledger maintains a tamper-evident record of every debit, credit, balance movement, and settlement — across multiple currencies and legal entities — with sub-second posting.
The integration fabric. Forge Connect maintains live, certified connections to banks, card networks, payment rails, KYC/AML providers, and regulatory bodies — exposing them all through a single, normalised internal API that your product and Engine consume without touching the underlying complexity.
Every financial transaction processed by ARC Forge follows a rigorous, fully-automated five-stage lifecycle.
ARC Forge was designed with one belief: the infrastructure beneath your financial product should never be what limits you.
Stop paying engineers to maintain banking integrations, ledger databases, and compliance pipelines. Forge is pre-built, pre-certified, and pre-connected — redirect that effort to your product's unique value.
AML screening, KYC verification, sanctions filtering, and transaction monitoring are not add-ons in Forge — they run on every transaction, by default, at the engine level. Your product is compliant before it ships.
Sub-80ms API responses, sub-second ledger posting, and event-driven architecture mean your customers see their balance update the moment a transaction clears — not minutes later, not on a batch schedule.
Activate only the modules your product needs today, and expand as you scale. Every Forge module is independently deployable, independently scalable, and independently observable — no monolithic lock-in.
Forge ships with the complete feature set — from transaction processing to regulatory reporting — so your team can build, not assemble.
Sub-80ms end-to-end processing for payments, transfers, reversals, and batch instructions with full ACID compliance.
Tamper-evident, double-entry accounting engine with real-time balance calculation, multi-currency support, and full audit trail.
AML transaction monitoring, sanctions screening, KYC status enforcement, and suspicious activity flagging at the engine layer.
Pre-built, maintained connections to 40+ banks, card networks, payment rails, and third-party providers via Forge Connect.
Every state change emits a structured event — subscribe your systems to real-time webhooks, streams, or message queues with no polling.
Every Forge API endpoint is idempotent by design — safe to retry, safe to duplicate, safe to replay — eliminating the risk of double-processing.
Run multiple legal entities, products, and currencies inside a single Forge instance with full ledger segregation and consolidated reporting.
Automated STR filing, VAT summaries, WPS-compliant payroll reporting, and CBUAE transaction data exports — built into Forge, not bolted on.
Forge scales linearly with load — from a few hundred transactions per day to millions per minute, with no architecture changes and no performance degradation.
Forge Connect maintains live, certified integrations to every major category of financial infrastructure — so you inherit the network without building it.
ARC Forge is designed for the companies building the financial products that people rely on every day — where downtime means customer impact and errors mean regulatory consequences.
Let us show you how ARC Forge can become the foundation of your financial product in weeks, not years.
ARC Business Super-App Platform — Payment Orchestration • HRMS • Accounting • Loyalty • Gift Cards • eSIMs • Mobile Top-Ups
This Privacy Policy explains what personal and business data ARC collects, why we collect it, who we share it with, and what rights you have over it. ARC is a B2B orchestration platform — we primarily process data about businesses and their authorised representatives, employees (via HRMS), and customers (via payment and loyalty features). We are committed to handling all data responsibly, lawfully, and transparently in accordance with UAE data protection law and applicable GCC regulatory requirements.
This Privacy Policy describes how ARC Synergy FZE LLC (“ARC”, “we”, “us”, “our”) collects, uses, stores, shares, and protects personal and business data in connection with the ARC platform (arc360.me) and all related services.
| Field | Details |
|---|---|
| Data Controller | ARC Synergy FZE LLC |
| Registered Office | Office No. BC-888870, 26th Floor, Amber Gem Tower, Sheikh Khalifa Street, Ajman, UAE (P.O. Box 4848) |
| Free Zone | Ajman NuVentures Centre Free Zone (Amiri Decree No. 15 of 2023) |
| Privacy Contact | [email protected] |
| Effective Date | 2025 |
| Governing Law | UAE Federal Data Protection Laws; Ajman NuVentures Centre Free Zone Regulations; CBUAE Data Standards |
ARC operates as a data controller in respect of Business User and authorised representative data. For employee data processed through the HRMS module, ARC acts as a data processor on behalf of the Business User (who is the data controller).
This Policy applies to:
This Policy does not apply to third-party websites, payment gateways, or partner platforms linked from ARC.
| Data Category | Examples | Purpose / Legal Basis |
|---|---|---|
| Business Identity Data | Trade licence, incorporation certificate, company name, registered address | KYB onboarding; regulatory compliance; contract performance |
| Individual Identity Data | Full name, passport or Emirates ID copy, date of birth, nationality | KYC verification; AML/CFT due diligence; regulatory obligation |
| Contact Data | Email address, telephone number, WhatsApp number, physical address | Account management; service delivery; communications |
| Financial & Banking Data | Bank account details, IBAN, transaction history, settlement records | Payment processing; settlement; financial reporting |
| Payment Instrument Data | Card type, card fingerprint (tokenised), billing country, last four digits | Transaction processing; fraud prevention; chargeback evidence |
| Transaction Data | Order ID, Payment Intent ID, transaction amount and currency, timestamp | Service delivery; audit trail; dispute resolution; regulatory reporting |
| HRMS & Payroll Data | Employee names, Emirates ID, salary, bank account for WPS, attendance records | HRMS module; payroll processing; WPS compliance (MoHRE) |
| Technical & Device Data | IP address, browser type, device ID, session timestamps, API access logs | Security; fraud detection; platform performance; AML monitoring |
| Geolocation Data | Country and city derived from IP address at time of transaction | Sanctions screening; fraud prevention; geographic risk assessment |
| Loyalty Data | Customer identifiers, points balance, redemption history | Loyalty programme operation on behalf of Business User |
4.1 Directly from You — When you register on the Platform, complete KYB/KYC forms, upload documents, make transactions, configure HRMS records, process payroll, contact our support team, or use any feature of the Platform.
4.2 Automatically — When you access the Platform, our servers and third-party tools automatically collect technical data including IP address, device identifiers, session data, and browsing behaviour within the Platform.
4.3 From Third Parties — Payment gateways; banking partners; identity verification providers; sanctions screening databases; public registers; card networks; network operators.
| Legal Basis | Description |
|---|---|
| Contract Performance | To provide, manage, and operate the Platform services you have subscribed to, including payment processing, HRMS, payroll, loyalty, accounting, and digital products. |
| Legal & Regulatory Obligation | To comply with UAE AML/CFT laws (Federal Law No. 20 of 2018), CBUAE regulations, MoHRE WPS requirements, UAE VAT Law, UAE Labour Law, and applicable GCC financial regulations. |
| Legitimate Interests | To prevent fraud, protect the security and integrity of the Platform, improve our services, manage chargeback risk, conduct analytics, and send relevant commercial communications. |
| Consent | For marketing communications to prospective users, use of non-essential cookies, and any processing specifically requiring your consent. Consent may be withdrawn at any time. |
| Recipient | Purpose |
|---|---|
| Payment Gateway Partners | Transaction data shared with licensed gateways (e.g. Network International) for payment processing, fraud scoring, and settlement. |
| Banking & WPS Partners | Account and payroll data shared with licensed UAE banks and CBUAE-approved WPS agents for settlement and salary disbursement. |
| Card Networks | Transaction and chargeback evidence shared with Visa, Mastercard, and other card networks for dispute resolution and fraud monitoring. |
| Cross-Border / FX Partners | Originator and beneficiary information shared with licensed MTOs and correspondent banks as required by FATF Travel Rule. |
| Regulatory Authorities | Data disclosed to CBUAE, UAE FIU, MoHRE, and law enforcement as required by applicable UAE law. |
ARC may transfer personal data outside the UAE to service providers and partners located within the GCC and in jurisdictions with adequate data protection frameworks. All cross-border transfers are subject to appropriate safeguards consistent with applicable UAE data protection regulations. ARC does not transfer data to jurisdictions subject to UAE trade sanctions.
| Data Type | Retention Period |
|---|---|
| KYB/KYC & Identity Documents | Minimum 5 years from end of business relationship; or 10 years for AML-related records (as required by Article 16 of Federal Law No. 20 of 2018) |
| Transaction Records | Minimum 5 years |
| HRMS & Payroll Records | Minimum 5 years (UAE Labour Law requirement) |
| Loyalty Data | Duration of Business User subscription + 2 years thereafter |
| Marketing Data | Until opt-out or 3 years from last engagement, whichever is earlier |
ARC uses cookies and similar tracking technologies on arc360.me and within the Platform for the following purposes: session management and authentication; security and fraud prevention; platform performance analytics; and user experience optimisation. Non-essential analytics cookies require your consent and can be managed through your browser settings or the cookie preference centre on the Platform.
ARC is subject to UAE Federal Law No. 20 of 2018 on Anti-Money Laundering and Counter-Financing of Terrorism. ARC collects and verifies identity, screens all customers and transactions against sanctions lists, monitors transactions for suspicious patterns, and files Suspicious Transaction Reports (STRs) with the UAE Financial Intelligence Unit where required.
| Right | Description |
|---|---|
| Right of Access | Request a copy of the personal data ARC holds about you and information about how it is processed. |
| Right to Rectification | Request correction of inaccurate or incomplete personal data. Note: changes to KYB/KYC data may require re-verification. |
| Right to Erasure | Request deletion of your personal data where there is no lawful reason for continued retention. Subject to overriding legal and regulatory retention obligations. |
| Right to Restriction | Request that ARC restrict processing of your data in certain circumstances, e.g. while accuracy is contested. |
| Right to Data Portability | Request that ARC provide your data in a structured, commonly used format where technically feasible. |
| Right to Object | Object to processing based on legitimate interests, including direct marketing. |
| Right to Withdraw Consent | Where processing is based on consent, you may withdraw consent at any time without affecting prior processing. |
| Right to Lodge a Complaint | You have the right to lodge a complaint with the relevant UAE data protection authority or the CBUAE Consumer Protection Department. |
To exercise any of these rights, submit a written request to [email protected] with proof of identity. ARC will respond within thirty (30) days.
ARC implements a layered security programme including: TLS 1.2+ encryption in transit; encryption of sensitive data at rest; role-based access controls (RBAC); multi-factor authentication (MFA) for administrative access; regular vulnerability assessments and penetration testing; PCI DSS compliance through certified gateway partners; and incident response and data breach notification procedures.
The ARC Platform is designed exclusively for business use and is not directed at individuals under the age of 18. ARC does not knowingly collect personal data from minors. Contact [email protected] immediately if you believe a minor’s data has been submitted.
ARC may update this Privacy Policy from time to time. Updated versions will be posted at arc360.me/privacy. For material changes, ARC will provide not less than thirty (30) days’ prior notice via email to registered Business Users.
| Contact Type | Details |
|---|---|
| Privacy & Data Protection | [email protected] |
| Security / Breach Reports | [email protected] |
| AML / Compliance | [email protected] |
| General Legal | [email protected] |
| Registered Address | ARC Synergy FZE LLC, Office No. BC-888870, 26th Floor, Amber Gem Tower, Sheikh Khalifa Street, Ajman, UAE (P.O. Box 4848) |
| Response Time | 30 days for data subject requests; 48 hours for urgent security or breach notifications |
| Regulatory Complaints | CBUAE Consumer Protection Department: [email protected] |
ARC Business Super-App Platform — Payment Orchestration • HRMS • Accounting • Loyalty • Financial Services
By registering for, accessing, or using the ARC Platform, you acknowledge that you have read, understood, and agree to be legally bound by these Terms of Use. These Terms constitute a binding legal agreement between you (the Business User, Merchant, or Partner) and ARC Synergy FZE LLC. If you do not agree with any part of these Terms, you must cease using the Platform immediately.
About ARC: ARC (arc360.me) is a Business Super-App operated by ARC Synergy FZE LLC, incorporated on 14 October 2025 under Amiri Decree No. 15 of 2023 at Ajman NuVentures Centre Free Zone, with its registered office at Office No. BC-888870, 26th Floor, Amber Gem Tower, Sheikh Khalifa Street, Ajman, UAE (P.O. Box 4848).
| Term | Definition |
|---|---|
| “Platform” | The ARC web application, mobile application, APIs, dashboard, and all related services accessible via arc360.me. |
| “Business User” | Any individual, company, freelancer, or entity that registers for and uses the Platform for business purposes. |
| “Merchant” | A Business User who accepts payments through ARC’s payment orchestration layer. |
| “Transaction” | Any payment, transfer, refund, settlement, payroll disbursement, or financial instruction processed through the Platform. |
| “Settlement” | The transfer of net funds to a Business User’s nominated bank account after deduction of applicable fees. |
| “Wallet” | An ARC-managed digital store of value assigned to a Business User for facilitating payments and disbursements. |
| “WPS” | Wage Protection System — the UAE Ministry of Human Resources and Emiratisation (MoHRE) payroll compliance framework. |
| “KYB” | Know Your Business — the due diligence process applied to Business Users before Platform access is granted. |
| “KYC” | Know Your Customer — identity verification applied to individuals and beneficial owners of Business Users. |
| “AML / CFT” | Anti-Money Laundering and Counter-Financing of Terrorism — compliance obligations under UAE Federal Law No. 20 of 2018. |
| “Chargeback” | A reversal of a payment transaction initiated by a cardholder through their issuing bank via the card network dispute process. |
Eligibility Criteria: To access and use the Platform, you represent and warrant that you are a duly registered and licensed business entity; are 18 years of age or older; hold all required commercial licences and regulatory approvals; are not subject to any trade sanctions; and will use the Platform solely for lawful business purposes.
Required Documentation:
Restricted Businesses: The following are prohibited from using the Platform: unlicensed money service businesses; entities engaged in weapons manufacture or sale without applicable government licences; unlicensed gambling operations; adult entertainment businesses; entities on any sanctions list; unlicensed cryptocurrency exchanges or VASPs.
| Module | Description |
|---|---|
| Payment Orchestration | Multi-gateway payment acceptance, intelligent routing, failover management, and settlement. |
| HRMS & Payroll | Employee records, attendance, leave management, payroll processing, and WPS-compliant salary disbursement. |
| Loyalty & Rewards | Customer loyalty points, cashback campaigns, discount management, and marketing automation. |
| Accounting | Invoice generation, expense tracking, financial reporting, VAT summaries, and payment reconciliation. |
| Cross-Border / FX | International payment facilitation, multi-currency processing, and FX conversion via licensed Partners. |
| Prepaid Instruments | Multi-currency prepaid cards and WPS salary cards issued or managed in partnership with licensed issuers. |
| Gift Cards | Purchase and redemption of digital gift cards from third-party brands and merchants, delivered electronically. |
| eSIMs & Mobile Top-Ups | Procurement and distribution of eSIM data plans and mobile airtime top-ups across supported network operators globally. |
All digital products are delivered electronically. Claims of non-receipt must be raised within 48 hours with Order ID and registered delivery contact. All digital product sales are final once delivered.
You are solely responsible for: maintaining the security and confidentiality of your login credentials, API keys, and authentication tokens; all activities conducted under your account; ensuring all registration and payment information is accurate and kept up to date; promptly notifying ARC of any suspected unauthorised access at [email protected]; maintaining compliance with all applicable laws; and retaining your own records of transactions.
ARC reserves the right to suspend or permanently terminate any account where it detects: fraudulent activity; AML/CFT red flags; breach of these Terms; provision of false identity or business information; chargebacks exceeding acceptable thresholds; or conduct inconsistent with applicable law.
5.1 Payment Acceptance: ARC enables Business Users to accept payments via credit cards, debit cards, digital wallets, bank transfers, and other supported payment methods.
5.2 Transaction Records: ARC maintains comprehensive transaction logs retained for a minimum of five (5) years. These records may be provided to regulatory authorities or card networks upon lawful request.
5.3 Refunds: Business Users are responsible for processing refunds in accordance with their own refund policies. ARC’s fees for processed transactions are non-refundable unless a refund is due to a platform-side processing error.
5.4 Chargebacks & Disputes: Business Users are liable for all chargeback amounts, card network fees, and ARC administrative costs arising from disputes. Where chargebacks exceed card network thresholds (Visa VDMP / Mastercard MDMP), ARC reserves the right to adjust processing terms or terminate payment processing services.
Intelligent Routing: ARC’s payment orchestration layer routes transactions across multiple integrated payment gateways to optimise authorisation rates, minimise fees, and ensure continuity of service. Routing decisions are made algorithmically based on gateway availability, transaction currency, card type, and geographic origin.
Prohibited Transaction Categories:
Business Users are solely responsible for verifying payroll figures before authorising disbursement; ensuring compliance with minimum wage requirements; accurate computation of end-of-service gratuity (EOSG) in accordance with UAE Labour Law; and maintaining payroll records for a minimum of five (5) years.
WPS Requirements: Business Users must ensure all employees are correctly registered under the applicable WPS employer code; submit WPS-compliant payroll files in the format prescribed by MoHRE; and fund the payroll wallet no later than the business day prior to the WPS salary due date. ARC does not assume liability for WPS penalties or MoHRE enforcement actions arising from Business User non-compliance.
Loyalty Points — Not Legal Tender: Loyalty Points issued through the ARC Platform are promotional credits and do not constitute electronic money, stored value, currency, or any financial instrument under UAE law. Points have no cash value, are non-transferable between customers, are not redeemable for cash, and expire in accordance with the terms set by the Business User.
Cross-border payment services are subject to: CBUAE regulations including the Retail Payment Services and Card Schemes (RPSC) Regulation 2021; applicable GCC country regulations (Oman CBO, Saudi Arabia SAMA, Bahrain CBB); FATF Recommendation 16 (Travel Rule) for wire transfers above applicable thresholds.
All cross-border transactions are screened against UAE, UN, EU, US OFAC, and UK sanctions lists before processing. Transactions matching a sanctioned entity will be blocked and reported to the relevant UAE authority. ARC will not be liable for delays or losses arising from mandatory sanctions screening holds.
Fee categories may include: transaction processing fees; SaaS subscription fees for HRMS, Accounting, and Loyalty modules; cross-border transfer fees and FX spread; chargeback handling fees; prepaid card issuance and maintenance fees; and setup, integration, and API access fees. All fees are subject to UAE VAT at 5%.
Net settlement proceeds are disbursed to the Business User’s nominated bank account on a T+1 or T+2 basis. ARC reserves the right to hold settlement where a fraud investigation is ongoing, chargeback exposure exceeds reserves, or regulatory requirements require a hold.
“ARC”, “arc360.me”, the ARC logo, and all associated brand identity, user interface designs, software, APIs, algorithms, and proprietary content are the exclusive intellectual property of ARC Synergy FZE LLC. All rights reserved. Business Users are granted a limited, non-exclusive, non-transferable, revocable licence to use the Platform for their legitimate business purposes during the term of their agreement with ARC.
The Platform is provided on an “as is” and “as available” basis. To the maximum extent permitted by UAE law, ARC makes no warranties, express or implied, including but not limited to merchantability, fitness for a particular purpose, uninterrupted availability, or accuracy of third-party data or exchange rates.
ARC’s total aggregate liability to a Business User for any claim shall not exceed the total fees paid by that Business User to ARC in the three (3) months immediately preceding the event giving rise to the claim.
Any dispute not resolved through good-faith negotiation within thirty (30) days shall be referred to binding arbitration seated in the Emirate of Ajman, UAE, under the rules of the Abu Dhabi Commercial Conciliation & Arbitration Centre (ADCCAC), conducted in English before a sole arbitrator.
These Terms are governed by the laws of the United Arab Emirates, including applicable Federal Laws, the regulations of the Ajman NuVentures Centre Free Zone, and CBUAE regulations. For matters not subject to arbitration, the Parties submit to the exclusive jurisdiction of the competent courts of Ajman, UAE.
| Contact Type | Details |
|---|---|
| Legal Entity | ARC Synergy FZE LLC |
| Platform | arc360.me |
| Registered Office | Office No. BC-888870, 26th Floor, Amber Gem Tower, Sheikh Khalifa Street, Ajman, UAE (P.O. Box 4848) |
| Free Zone | Ajman NuVentures Centre Free Zone (incorporated under Amiri Decree No. 15 of 2023) |
| General Support | [email protected] |
| Legal / Disputes | [email protected] |
| Response Time | Within 5 business days (standard); within 48 hours (urgent compliance / security matters) |