Privacy Policy for مَظْهَرْ (Mazhar)

Effective Date: January 18, 2025 Last Updated: January 18, 2025

Introduction

Welcome to مَظْهَرْ (Mazhar). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

By using مَظْهَرْ, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

---

1. Information We Collect

1.1 Personal Information You Provide

All Users:

Phone number (used for authentication and communication)
Full name
Language preference (Arabic or English)

Clients:

Booking history and preferences
Reviews and ratings submitted
Location data (when searching for nearby barbershops)

Barbershop Owners and Barbers:

Shop name, address, and contact information
Business hours and service offerings
Pricing information
Gallery images for your barbershop
Staff information
Subscription and payment status

Admin:

Administrative access credentials
Audit logs of administrative actions

1.2 Information Collected Automatically

Location Data:

We collect precise location data (GPS coordinates) when you use location-based features to find nearby barbershops
Location data is only collected when you grant permission and actively use the discovery features
You can disable location access at any time through your device settings

Device Information:

Device type and model
Operating system and version
Unique device identifiers
Mobile network information
App version and crash reports (via Sentry)

Usage Data:

Interactions with the app (screens viewed, features used)
Booking activity and status changes
Search queries and filter preferences
Push notification preferences and device tokens

1.3 Information from Third Parties

Mapbox:

Map display and location services
We share anonymized location data with Mapbox to provide mapping functionality

Supabase:

Our backend infrastructure provider
Handles authentication, database, and file storage securely

Whish Money (Collect):

Payment processing for barbershop subscriptions
We do not store your payment card information
Only subscription status and invoice information are stored in our system

---

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 To Provide and Improve Services

Enable account creation and authentication via phone OTP
Facilitate booking of barbershop services
Display nearby barbershops based on your location
Send booking confirmations, reminders, and status updates
Allow you to leave reviews and ratings
Process monthly subscriptions for barbershop owners
Provide customer support

2.2 Communications

SMS Messages:

One-time passwords (OTP) for authentication
Booking confirmations and reminders (24 hours and 2 hours before appointment)
Onboarding links for new barbershop owners
Invoice payment links and reminders for barbershop owners

Push Notifications:

Booking status changes (confirmed, cancelled, declined)
Appointment reminders
Important account updates

You can opt out of promotional communications at any time, but you may not opt out of essential service-related communications (e.g., booking confirmations, authentication codes).

2.3 Analytics and Performance

Understand how users interact with our app
Identify and fix technical issues and bugs
Improve app performance and user experience
Monitor app usage patterns and trends

2.4 Security and Fraud Prevention

Detect and prevent fraudulent activities
Enforce our Terms of Service
Protect the rights and safety of our users
Maintain audit logs for administrative actions

---

3. How We Share Your Information

We do not sell your personal information to third parties. We may share your information in the following circumstances:

3.1 With Service Providers

We work with trusted third-party service providers who assist us in operating our app:

Supabase: Database, authentication, and file storage
Mapbox: Location services and mapping
Whish Money: Payment processing for subscriptions
SMS Provider: Sending authentication codes and notifications
Sentry: Error tracking and performance monitoring

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Between Users

Clients can see barbershop names, addresses, services, prices, operating hours, and public reviews
Barbershops can see client names and phone numbers for confirmed bookings
Reviews you submit are publicly visible with your name

3.3 Legal Requirements

We may disclose your information if required by law or in response to:

Valid legal processes (court orders, subpoenas)
Requests from government or law enforcement authorities
Protection of our rights, property, or safety
Emergency situations involving danger of death or serious physical injury

3.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or app notification before your information becomes subject to a different privacy policy.

---

4. Data Security

We implement appropriate technical and organizational security measures to protect your personal information:

4.1 Security Measures

Encryption: All data transmitted between your device and our servers is encrypted using industry-standard SSL/TLS protocols
Authentication: Phone-based OTP authentication to verify user identity
Row-Level Security (RLS): Database policies ensure users can only access data they are authorized to see
Access Controls: Admin actions are logged and audited
Secure Storage: Files and images are stored securely with access controls

4.2 Data Retention

We retain your personal information for as long as necessary to:

Provide our services to you
Comply with legal obligations
Resolve disputes and enforce agreements

Specific retention periods:

Active accounts: Data retained as long as account is active
Deleted accounts: Personal data deleted within 30 days of account deletion
Booking history: Retained for 2 years for business records and dispute resolution
Reviews: Retained indefinitely as public content unless reported and removed
Audit logs: Retained for 1 year for security purposes

---

5. Your Rights and Choices

You have the following rights regarding your personal information:

5.1 Access and Portability

Request a copy of your personal data in a structured, machine-readable format
Contact us at privacy@mazhar.app to request your data

5.2 Correction and Update

Update your profile information directly in the app settings
Contact us to correct inaccurate information

5.3 Deletion

Request deletion of your account and personal data
Note: We may retain certain information for legal compliance or legitimate business purposes
Reviews you submitted may remain public but will be anonymized

5.4 Location Data

Enable or disable location access through your device settings
Refusing location access will limit your ability to discover nearby barbershops

5.5 Marketing Communications

Opt out of promotional notifications through app settings
Reply STOP to SMS marketing messages
Essential service communications (OTP, booking confirmations) cannot be disabled

5.6 Data Portability

Upon request, we will provide your data in a portable format (JSON or CSV) that can be transferred to another service.

---

6. Children's Privacy

مَظْهَرْ is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@mazhar.app, and we will delete such information from our systems.

---

7. International Data Transfers

Your information may be transferred to and maintained on servers located outside of Lebanon, including servers operated by our service providers (Supabase, Mapbox). By using our services, you consent to the transfer of your information to countries that may have different data protection laws than Lebanon. We ensure that adequate safeguards are in place to protect your information in accordance with this Privacy Policy.

---

8. Third-Party Links and Services

Our app may contain links to third-party websites or services (e.g., payment providers, map services) that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

Third-party services we use:

Mapbox: Privacy Policy
Supabase: Privacy Policy
Whish Money: Privacy Policy (if available)

---

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

Posting the updated policy in the app
Updating the "Last Updated" date at the top of this policy
Sending a notification through the app or via SMS for significant changes

Your continued use of مَظْهَرْ after changes become effective constitutes your acceptance of the revised policy.

---

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@mazhar.app Phone: +961 71 606 301 Address: Tripoli, Lebanon

For data subject requests (access, deletion, correction): Please email privacy@mazhar.app with your phone number and a description of your request. We will respond within 30 days.

---

11. Legal Basis for Processing (GDPR Compliance)

If you are located in the European Economic Area (EEA) or other regions with similar data protection laws, we process your personal information based on the following legal grounds:

Consent: When you provide explicit consent (e.g., location access, marketing communications)
Contract: To fulfill our services and bookings you request
Legal Obligation: To comply with legal requirements (e.g., tax records, law enforcement requests)
Legitimate Interests: To improve our services, prevent fraud, and ensure security, provided these interests do not override your fundamental rights

You have the right to withdraw consent at any time, object to processing based on legitimate interests, and lodge a complaint with your local data protection authority.

---

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request information about the categories and specific pieces of personal information we collect
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt out of the sale of personal information (note: we do not sell personal information)
Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights

To exercise these rights, contact us at privacy@mazhar.app.

---

13. Data Processing Agreement for Barbershop Owners

As a barbershop owner using مَظْهَرْ, you act as a data controller for client information related to bookings at your establishment. You agree to:

Use client data only for legitimate business purposes (managing bookings, providing services)
Not share client information with third parties without consent
Maintain appropriate security measures for client data accessible to you
Comply with applicable data protection laws in your use of the platform

---

By using مَظْهَرْ, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

---

Version 1.0 | Effective January 18, 2025