Privacy Policy

AlFazzah ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, WhatsApp chatbot, and services (collectively, the "Platform").

By using our Platform, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use our Platform.

This policy applies to all AlFazzah services across the GCC region, including the United Arab Emirates, Saudi Arabia, Qatar, Bahrain, Oman, and Kuwait.

2.1 Personal Information

When you create an account or use our services, we may collect:

• Full name and contact information (email address, phone number, WhatsApp number)
• Residential and service addresses, including GPS coordinates for service delivery
• Payment information (processed securely via PCI-compliant Checkout.com — we never store raw card data)
• Profile preferences, notification settings, and communication preferences
• Government-issued ID for identity verification, where required by law

2.2 Usage Information

We automatically collect certain information when you access our Platform:

• Device information (type, operating system, browser version)
• IP address and approximate geographic location
• Pages visited, features used, and actions taken on the Platform
• Booking history, service preferences, and subscription details
• Cookies and similar tracking technologies (see Section 8)

2.3 WhatsApp & Communication Data

When you interact with our WhatsApp chatbot or OTP login:

• Phone number and WhatsApp profile information
• Conversation history for booking and support purposes
• One-time passwords (OTPs) — automatically expired after use

We use the information we collect to:

• Provide, maintain, and continuously improve our services
• Process bookings, subscriptions, and payments securely
• Assign qualified technicians and manage service delivery efficiently
• Send booking confirmations, status updates, invoices, and receipts via email and WhatsApp
• Respond to your inquiries, support tickets, and feedback
• Personalize your experience and recommend relevant services
• Detect and prevent fraud, abuse, and security incidents using bot protection (Cloudflare Turnstile)
• Comply with legal obligations and regulatory requirements across GCC jurisdictions
• Generate anonymized analytics to improve Platform performance

We do not sell your personal information. We may share your data with:

• Service Technicians — Your name, address, and service details necessary to perform the booked service. Technicians are in-house employees bound by confidentiality agreements.
• Payment Processors — Checkout.com processes payments on our behalf using PCI-DSS Level 1 certified infrastructure. We never store your full card details.
• Communication Partners — Twilio for WhatsApp messaging and OTP delivery, subject to their privacy policies.
• Legal Authorities — When required by law, court order, or to protect our rights, safety, and property.
• Analytics Providers — Aggregated, anonymized data that cannot identify individual users.

We implement industry-leading security measures to protect your personal information:

• End-to-end encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Secure authentication with JWT tokens, automatic session expiry, and token blacklisting
• PCI-DSS Level 1 compliant payment processing — no raw card data on our servers
• Rate limiting and bot protection (Cloudflare Turnstile) on all sensitive endpoints
• Regular security audits, penetration testing, and vulnerability assessments
• Role-based access controls and branch-level data isolation
• UUID-based identifiers to prevent enumeration attacks

While we employ robust security practices, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to continuous improvement.

We retain your personal information for as long as your account is active or as needed to provide our services. Specific retention periods:

• Account data — Retained while your account is active, deleted within 90 days of account closure
• Booking & invoice records — Retained for 7 years as required by GCC commercial regulations
• Payment records — Retained per PCI-DSS requirements and applicable financial regulations
• Support tickets — Retained for 2 years after resolution
• WhatsApp sessions — Automatically expired after 30 minutes of inactivity
• OTP codes — Automatically invalidated after single use or 10-minute expiry

We may retain anonymized, aggregated data indefinitely for analytics and service improvement purposes.

Depending on your location and applicable data protection laws (including UAE Federal Decree-Law No. 45 of 2021), you have the right to:

• Access — Request a copy of the personal information we hold about you
• Correction — Request correction of inaccurate or incomplete data
• Deletion — Request deletion of your personal data, subject to legal retention requirements
• Restriction — Object to or restrict certain processing activities
• Portability — Request your data in a structured, machine-readable format
• Withdraw consent — Withdraw consent at any time where processing is based on consent
• Notification preferences — Manage your email, in-app, and WhatsApp notification preferences from your account settings

To exercise any of these rights, please contact us at privacy@alfazzah.com. We will respond within 30 days.

We use cookies and similar technologies to enhance your experience:

• Essential cookies — Required for authentication, security, and core Platform functionality
• Preference cookies — Remember your language, country, and display preferences
• Analytics cookies — Help us understand how you use the Platform to improve our services
• Security tokens — Cloudflare Turnstile tokens for bot protection on login and signup

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect your ability to use certain features of our Platform.

Our Platform may contain links to third-party websites or services, including payment processors, social media platforms, and partner websites. We are not responsible for the privacy practices of these external sites.

We encourage you to review the privacy policies of any third-party service before providing personal information. Key third-party services we integrate with include Checkout.com (payments), Twilio (WhatsApp & SMS), and Cloudflare (security).

Our Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a minor, we will take immediate steps to delete it and terminate the associated account.

If you believe a child has provided us with personal information, please contact us immediately at privacy@alfazzah.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes:

• We will post the updated policy on our Platform with a new "Last updated" date
• For significant changes, we will notify you via email or in-app notification
• Your continued use of the Platform after changes constitutes acceptance of the revised policy

We recommend reviewing this policy periodically to stay informed about how we protect your data.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection team:

• Email: privacy@alfazzah.com
• General support: support@alfazzah.com
• Address: Business Bay, Dubai, United Arab Emirates

We aim to respond to all privacy-related inquiries within 30 calendar days.