Privacy Policy

Learn how we collect, use, and protect your personal information

Last Updated: 29th May 2025

This Privacy Policy applies to Tawabiry ("we", "our", or "us"), a queue management service currently operated in Egypt with plans for expansion to other countries. This policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, or services.

Note: We are currently in Beta/MVP phase. This policy will be updated as our services evolve and expand to new jurisdictions.

1. Information We Collect

1.1 Business Users

  • Business registration information (business name, type, registration numbers)
  • Contact details and addresses (email, phone, physical location)
  • Payment and banking information (payment method details, transaction history)
  • Business operation data (operating hours, service details, capacity)
  • Employee information (names, roles, contact details)
  • Service usage statistics (queue metrics, customer service times, user interactions)
  • Login credentials and account activity

1.2 End Users

  • Name and contact information (email, phone number)
  • Account credentials (password and authentication data)
  • Queue and appointment history (service types, visit frequency, wait times)
  • Service preferences (favorite businesses, preferred service categories)
  • Feedback and ratings provided to businesses
  • Device information (device type, operating system, unique identifiers)
  • Location data (when using location-based features)
  • Usage data (app interactions, feature usage, time spent)

1.3 Information Collection Methods

  • Direct collection when you create an account or use our services
  • Automated collection through cookies and similar technologies
  • Information you voluntarily provide through feedback, surveys, or communications

2. How We Use Your Information

We use collected information for the following purposes and legal bases:

Service Provision and Improvement (Legal basis: Contract performance, Legitimate interests)

  • Facilitate queue management and service delivery
  • Process transactions and payments
  • Provide customer support and respond to inquiries
  • Improve and optimize our services and user experience
  • Develop new features and functionality

Communication and Marketing (Legal basis: Consent, Legitimate interests)

  • Send service notifications and updates
  • Provide queue status information and alerts
  • Send marketing communications (where consent has been provided)
  • Conduct surveys and collect feedback

Analytics and Improvement (Legal basis: Legitimate interests)

  • Analyze service usage and trends
  • Train and improve AI wait time prediction algorithms
  • Monitor and enhance performance and reliability
  • Conduct research and development for new features

Security and Compliance (Legal basis: Legal obligation, Legitimate interests)

  • Prevent fraud, unauthorized access, and security incidents
  • Verify identity and authenticate users
  • Comply with legal obligations and regulatory requirements
  • Enforce our terms of service and policies

3. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

  • Account information: Retained for the duration of your account plus 30 days after account closure or deletion
  • Business operational data: Retained for 3 years following the last service usage
  • Transaction records: Retained for 5 years to comply with financial regulations
  • Usage analytics: Retained in aggregated form indefinitely, with personally identifiable information removed after 2 years
  • Communication records: Retained for 2 years from the date of communication

You may request deletion of your data at any time by contacting us at privacy@tawabiry.com. We will process such requests within 30 days, subject to any legal retention requirements.

4. Data Protection

We implement robust security measures to protect your data against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

  • Encryption: TLS/SSL encryption for data in transit; AES-256 encryption for sensitive stored data
  • Access controls: Role-based access restrictions, multi-factor authentication, and principle of least privilege
  • Regular security assessments: Vulnerability scanning, penetration testing, and security audits
  • Secure infrastructure: Firewalls, intrusion detection systems, and regular security patches
  • Employee training: Regular data protection and security awareness training

While we implement safeguards, no system is 100% secure. We encourage you to maintain secure passwords and notify us of any suspected unauthorized access to your account.

5. Data Sharing and Third Parties

We may share your information with the following categories of recipients:

  • Service providers: Third parties that help us operate our platform (hosting providers, customer support tools, analytics services)
  • Payment processors: Financial institutions and payment services that process transactions
  • Analytics providers: For service optimization and usage understanding
  • Business partners: When necessary for integrated services (such as connected businesses)
  • Legal authorities: When required by law, court order, or governmental regulation

We do not sell your personal information to third parties. When we share data with service providers, we ensure they maintain appropriate security measures and only use your data for specified purposes.

We currently use or plan to use the following key third-party services:

  • Meta Prophet (Future use for wait time forecasting)
  • Payment services specific to each operating region

6. Your Rights

Depending on your location, you may have various data protection rights. We honor the following rights for all users:

  • Access: You can request copies of your personal data we hold
  • Rectification: You can request correction of inaccurate or incomplete data
  • Deletion: You can request deletion of your personal data (subject to legal exceptions)
  • Restriction: You can request temporary or permanent restrictions on data processing
  • Objection: You can object to certain types of processing, particularly direct marketing
  • Data portability: You can request transfer of your data to another service provider
  • Consent withdrawal: You can withdraw previously given consent for data processing

To exercise these rights, please contact us at privacy@tawabiry.com. We will respond to your request within 30 days. For verification purposes, we may request additional information to confirm your identity before fulfilling your request.

For users in the European Economic Area (including Germany), additional GDPR-specific rights and information will apply when we expand to those regions.

7. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and optimize our services. These technologies collect information about how you interact with our website and application.

Types of cookies we use:

  • Essential cookies: Required for basic functionality and security
  • Functional cookies: Remember your preferences and settings
  • Analytics cookies: Help us understand how users interact with our services
  • Authentication cookies: Manage your login sessions and security

You can control cookie preferences through your browser settings. Most browsers allow you to refuse or accept cookies and to delete them. Note that blocking certain cookies may impact functionality of our services.

8. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect or solicit personal information from children under 13. If we learn we have collected personal information from a child under 13, we will promptly delete that information.

If you believe we might have inadvertently collected information from a child under 13, please contact us immediately at privacy@tawabiry.com.

9. International Data Transfers

As we operate in Egypt and plan to expand to other countries, your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.

When we transfer your data internationally, we implement appropriate safeguards to ensure your information receives an adequate level of protection, including:

  • Data transfer agreements incorporating standard contractual clauses
  • Encryption and security measures during transfer and storage
  • Verification of third-party security practices
  • Compliance with local data protection regulations

By using our services, you consent to the transfer of your information to countries where we operate, which may have different data protection rules than your country.

10. Data Breach Procedures

In the event of a data breach that compromises your personal information, we will:

  • Notify affected users within 72 hours of becoming aware of the breach, where feasible
  • Provide information about the nature of the breach and data affected
  • Outline steps we are taking to address the breach
  • Offer recommendations to protect yourself from potential harm
  • Notify relevant regulatory authorities as required by law

11. Changes to Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable laws. The updated version will be indicated by an updated "Last Updated" date at the top of this policy.

We will notify you of material changes through:

  • Email notifications to the address associated with your account
  • Prominent notices on our website or application
  • In-app notifications when you next use our services

We encourage you to periodically review this Privacy Policy. Your continued use of our services after changes to this policy constitutes acceptance of the updated terms.

12. Governing Law

This Privacy Policy is governed by the laws of Egypt, without regard to its conflict of law provisions. As we expand to other jurisdictions, additional regional privacy regulations may apply to users in those regions.

For users in the European Economic Area, including Germany, GDPR regulations will apply when we expand to those regions. For users in Saudi Arabia, UAE, and other planned expansion markets, we will comply with applicable local data protection laws.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: contact-us@tawabiry.com

We will respond to your inquiry as soon as possible, and within 30 days at the latest.