Aligned with CBUAE Circular CBUAE/MCS/2026/2058

Customer document collection, built for UAE financial institutions.

DocChat helps CBUAE-regulated institutions collect KYC and customer documents through a compliant, auditable workflow — replacing messaging apps and consumer channels with a system designed for regulated environments.

See how it works

Built for serious teams

UAE Data ResidencyHSM-backed audit chainEnd-to-end encrypted

Document verified

Emirates ID

Front + Back · 3.2s ago

Awaiting upload

Trade License

Sent via SMS · 12 min ago

app.docchat.co/requests

Document requests

Live · 4 active

In review

12+3

Completed today

47↑ 24%

Avg. response

2.4h

Ahmed Al Mansouri

KYC refresh · 3 documents

Complete2 min

Sara Khan

Onboarding · 5 documents

In review18 min

Rashid Bin Saleh

Policy renewal · 2 documents

Submitted34 min

Fatima Karim

Loan application · 4 documents

Pending1 hr

Illustrative interface — sample data

Who We Serve

Designed for every institution
regulated by the Central Bank of the UAE.

Hundreds of institutions across the UAE operate under CBUAE supervision — each with the same fundamental requirement to demonstrate controlled, auditable customer engagement. DocChat is built for all of them.

Commercial Banks

Insurance Companies

Exchange Houses

Finance Companies

Payment Service Providers

Brokerage Firms

The Platform

Three principles, engineered for regulated environments.

DocChat is purpose-built for institutions that need to demonstrate control, evidence, and accountability — not adapted from consumer messaging tools.

Compliance by design

Every request, document, and decision is captured in a tamper-evident audit chain that satisfies regulator inspection. Designed to align with CBUAE governance expectations from day one.

Sovereign and secure

Customer documents and records are stored in the Microsoft Azure UAE North region. Encryption in transit and at rest, HSM-protected signing keys, and private network paths throughout.

Operationally efficient

Agents send a document request in seconds. Customers receive it via SMS or email and upload securely from any device. No app installation. No training. Just measurable improvements in completion time.

30 April2026

CBUAE/MCS/2026/2058 compliance deadline for regulated institutions

UAE North

All customer documents and records stored in the Azure UAE North region

SHA-256

Cryptographically chained audit entries, HSM-signed root

Audit Chain

Every action, evidenced. Every record, verifiable.

DocChat maintains a cryptographically linked audit chain for every request, document, and operator action. Each entry is hashed and linked to its predecessor — making tampering mathematically detectable and providing regulators with verifiable evidence on demand.

RFC 8785 canonical JSON serialization for cross-system verification
SHA-256 chained entry hashes with HSM-signed root
One-click regulator evidence packages — exportable, signed, verifiable
Continuous integrity verification, every six hours

Read the security overview →

Chain integrity

VERIFIED

request.document.accepted14:23:08

prev: 7c2b1d8e94f3a6c0… hash: 9a4f3e2d1c8b7a65

request.document.uploaded14:18:42

prev: a3f8b9c012e5d4f7… hash: 7c2b1d8e94f3a6c0

notification.delivered.sms14:02:11

prev: 5e9d2c4f8a1b6e30… hash: a3f8b9c012e5d4f7

request.created14:01:54

prev: 0a3f8b9c4d2e1f76… hash: 5e9d2c4f8a1b6e30

Request Workflow

From request to receipt — controlled, traceable, complete.

Agents create document requests from pre-approved templates. Customers receive secure, time-limited links via SMS or email. Submissions land in your review queue with full provenance. Every step is timestamped, attributed, and immutable.

Pre-approved document templates with mandatory fields
Email and SMS delivery of secure, time-limited links
Branch-level isolation and role-based access controls
Configurable expiry windows and automatic reminders

Agent creates request

From approved template · attributed to operator

SMSEmail

Customer receives notification

Received via email or SMS

Documents uploaded securely

Encrypted in transit · stored in UAE North · malware-scanned

Reviewer accepts or rejects

Decision recorded to audit chain

Customer Experience

Designed for your customer — no app required.

Customers receive a single secure link, open it on any device, and upload from their photo library or camera. No downloads, no logins, no friction. The branded upload page reflects your institution — not ours.

Web-based — works on any modern phone or browser
Full Arabic and English language support
Branded with your institution's logo, colors, and domain
Clear guidance, accessibility-compliant interface

Al Burj Insurance

Please upload your documents

Hi Ahmed — to complete your policy renewal, we need the following. This link expires in 4 days.

Emirates ID

Uploaded · Front + Back

Driving License

Uploaded

Vehicle Registration

Tap to upload

Continue →

Security & Compliance

Engineered to support rigorous regulatory review.

DocChat is designed to help your institution demonstrate the controls expected under CBUAE governance and UAE data-protection frameworks. Security is not a feature — it is the foundation.

UAE Data Residency

Customer documents and records are stored in Azure UAE North.

HSM-Protected Keys

Hardware security module–protected keys for audit-chain signing. Azure Key Vault with purge protection.

Tenant Isolation

Row-level security enforces strict separation between institutions' data at the database layer.

UAE PDPL Aligned

Built to support your obligations under the UAE Personal Data Protection Law, with data-subject-rights workflows and a DPA available on request.

Pricing

Predictable pricing.
Built for institutional procurement.

Pricing tailored to your institution's scale, volume, and compliance needs. We work with each client to design a quote that fits your operations.

Standard

Custom pricing

For institutions standardising customer document workflows across teams.

Unlimited requests and documents
Full audit chain and evidence export
SMS and email delivery (fair use)
English and Arabic interface
Email support (8h response SLA)

Enterprise

Custom pricing

For institutions requiring custom branding, dedicated support, and advanced governance.

Everything in Standard
Custom domain (yourbank.docchat.co)
Dedicated SMS sender ID setup
Custom email domain & DKIM setup
Custom DPA and SLA terms
Dedicated customer success contact

Common Questions

What institutions ask before adopting DocChat.

How does DocChat support CBUAE governance expectations?

DocChat is built to help institutions demonstrate compliance with CBUAE Circular CBUAE/MCS/2026/2058 regarding customer data handling and communication channels. The platform provides controlled, auditable workflows, tamper-evident records, UAE data residency, and regulator-ready evidence exports. We do not replace your compliance program — we provide the technical controls that make it demonstrable.

Where is customer data stored?

All customer documents and records are stored in Microsoft Azure UAE North. We use in-region high availability; cross-region disaster recovery is on our roadmap.

How is the audit chain different from a regular activity log?

A standard log can be modified or deleted after the fact. DocChat's audit chain uses cryptographic hashing where each entry is mathematically linked to its predecessor. Tampering with any entry would invalidate every subsequent entry, making modification detectable. The chain root is signed by a hardware security module key, providing a mathematical guarantee of integrity that satisfies regulator expectations.

Does our customer need to install an app?

No. Customers receive a secure link via SMS or email and complete the upload in their browser. The experience works on any modern phone — iOS, Android, or any other platform — without installations, accounts, or training. Documents can be uploaded from the photo library or captured directly from the device camera.

How does this differ from sending documents via consumer messaging apps?

Consumer messaging platforms were designed for personal communication, not regulated workflows. They typically lack: tamper-evident audit trails, controlled data residency, role-based access, deletion controls, integration with KYC systems, and the ability to evidence compliance during a regulator inspection. DocChat is purpose-built to provide these controls while remaining as simple to use for your customer.

Can the upload page be branded with our institution's identity?

Yes. Enterprise customers can configure custom domains (yourbank.docchat.co), custom email sender addresses with DKIM verification, dedicated SMS sender IDs, and full visual branding of the customer upload experience. Your customers see your institution, not ours.

What happens during a regulator inspection?

Your compliance team can export a signed evidence package for any time period, request, or customer. The package includes the full audit chain, cryptographic proofs of integrity, document hashes, and timestamps. Regulators receive a complete, verifiable record without manual reconstruction.

How long does implementation take?

Standard implementation is completed during onboarding with our team. Enterprise implementations with custom branding and integrations: 1–3 weeks depending on scope. We provide direct onboarding support throughout — this is not a self-serve product.

Currently accepting design partners

Ready for a compliant
alternative to messaging apps?

Request access to discuss your institution's requirements with our team. We respond to qualified inquiries within one business day.

Read the security overview

Built in the UAE, for the UAEAzure UAE North