Mawaeedy Privacy Policy

Effective Date: March 1, 2026
Website: https://www.mawaeedy.com | Support:

Contents

1) Who We Are
2) What Data We Collect
3) How We Use Your Data
4) Legal Bases (General)
5) How We Share Your Data
6) Provider Responsibility
7) International Transfers
8) Data Retention
9) Security
10) Your Rights & Choices
11) Cookies & Similar Technologies
12) Children’s Privacy
13) Security Incident / Breach Notification
14) Changes to This Policy
15) Contact Us

This Privacy Policy explains how Mawaeedy (“Mawaeedy”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you use our website and services (the “Services”).

No payments (for now): The Services do not currently process payments. We do not collect payment card details through the Platform. If we add payment features later, we will update this Privacy Policy and (if needed) display additional notices before enabling payments.

1) Who We Are (Data Controller)

Mawaeedy is operated by an individual based in Jordan. For privacy questions or requests, contact: .

2) What Data We Collect

We collect only data needed to run an appointment-booking platform.

A) Account and Profile Data

Name
Email address and/or phone number
Login credentials (stored in hashed form where applicable)
Account role (e.g., customer, provider, staff/admin)
Company/branch information (for providers and staff)

B) Booking and Service Data

Appointment details (date, time, location/branch, service selected, provider selected)
Booking status (e.g., pending, confirmed, cancelled, completed)
Notes you add to a booking (if enabled)

Sensitive data warning: Customers are prohibited from adding highly sensitive personal information (such as health/medical details, financial account details, government identification numbers, or other sensitive data) to booking notes or messages. Please keep notes limited to basic appointment context. If we detect sensitive data, we may remove it and/or restrict the account to protect users and comply with law.

C) Provider Listing Data (Provider Content)

Business/service names and descriptions
Images and other content you upload
Working hours/availability settings

D) Communications

Messages you send to support
Booking notifications sent/received (confirmations, reminders, changes)

E) Technical and Usage Data

IP address, browser type, device information, approximate location (derived from IP)
Log files (security logs, error logs, performance logs)
Cookies and similar technologies (see Section 11)

3) How We Use Your Data

We use personal data to:

Create and manage accounts
Enable bookings and appointment management
Send booking confirmations, reminders, and updates
Provide customer support and respond to requests
Enforce our Terms and content rules (including removing illegal or inappropriate content)
Protect the Services (fraud prevention, security monitoring, abuse detection)
Maintain, debug, and improve the Services (reliability and performance)

4) Legal Bases for Processing (General)

Depending on your location and the context, we process personal data based on one or more of:

Contract / necessity: to provide booking and account features you request.
Consent: where required by law (for example, for certain cookies or optional communications).
Legal obligation: to comply with applicable laws and lawful requests.
Legitimate interests: to operate and protect the Services, such as:
- preventing fraud, abuse, and unauthorized access
- maintaining service reliability (debugging, monitoring, error handling)
- improving user experience and feature performance
- responding to support requests and platform safety reports
- enforcing our Terms, content rules, and protecting user safety

We do not sell your personal data.

A) With Providers (to fulfill bookings)

When you book an appointment, we share necessary booking details with the Provider (and relevant staff) so they can deliver the service, such as your name, contact details, booking time, service requested, and any notes you provide (please do not include sensitive data).

B) With Service Providers (processors)

We use third-party service providers to operate the Platform (for example, hosting and email delivery). These providers may process personal data only to perform services on our behalf and under appropriate safeguards.

Optional but recommended: list the exact third parties you use for your MVP. If you are not using analytics or SMS providers, do not list them as “used.”

Category	Provider Name	Purpose	Data Shared (typical)
Hosting / Infrastructure	[FILL: e.g., Your VPS/Cloud provider]	Run the website and database	Account/booking data stored and processed on servers
Email Delivery	[FILL: e.g., SMTP provider / Mail service]	Send confirmations and support messages	Email address, message content (booking notices)
SMS / Messaging (if used)	[FILL or REMOVE]	Send SMS reminders/alerts	Phone number, reminder text
Analytics (if enabled)	[FILL or REMOVE]	Understand usage and improve performance	Device/browser, pages viewed, IP (often truncated), cookie identifiers

C) Legal and safety

We may disclose data to comply with law, enforce our Terms, respond to lawful requests, or protect rights, safety, and security.

D) Business changes

If the Services are restructured, merged, sold, or transferred, personal data may be transferred as part of that transaction, subject to this Privacy Policy and applicable law.

6) Provider Responsibility (Independent Controller)

Providers are independent parties. If you book a service, the Provider may process your personal data for their own purposes (e.g., delivering the service, recordkeeping). Providers are responsible for their own compliance with applicable privacy laws.

7) International Transfers

Because users and service providers can be global, your data may be processed in countries other than your own (for example, where hosting or messaging providers operate). We take reasonable steps to implement appropriate safeguards.

8) Data Retention

We keep personal data only as long as necessary for:

providing the Services and maintaining your account
maintaining booking history and operational records
security, fraud prevention, and abuse investigations
legal compliance

Typical retention (examples; may vary by legal requirements and operational needs):

Account data: while active, and for a reasonable period after deletion request for security/legal purposes
Booking records: retained for operational history and dispute handling
Support requests: retained as needed to resolve issues and maintain audit trails
Security logs: retained for limited periods to detect/investigate abuse

9) Security

We use reasonable technical and organizational measures to protect data, such as access controls, encryption in transit where available (HTTPS), and security monitoring. No system is 100% secure.

10) Your Rights and Choices

Depending on your jurisdiction, you may have rights to:

Access your personal data
Correct inaccurate data
Request deletion/erasure (where applicable)
Withdraw consent (where processing is based on consent)
Restrict or object to certain processing (where applicable)
Request information about how your data is used

To exercise rights, contact: . We may need to verify your identity before fulfilling requests.

11) Cookies and Similar Technologies

Cookies are small text files stored on your device. We use cookies and similar technologies for:

A) Essential cookies (required)

Session cookies: keep you logged in and maintain secure sessions.
Security cookies: help detect abuse and protect accounts.
Load-balancing / routing cookies: (if used) keep requests stable across servers.

B) Preference cookies (optional)

Remember language, UI preferences, and basic settings.

C) Analytics cookies (only if enabled)

If analytics are enabled, cookies may be used to understand usage (pages visited, device/browser, approximate location), and improve performance and user experience.

Browser control: You can control cookies through your browser settings. Disabling essential cookies may prevent login or booking features from working correctly. If we enable non-essential cookies, we may display a cookie notice/banner where required by law.

12) Children’s Privacy

The Services are not intended for children under 13. If you believe a child under 13 has provided personal data, contact so we can take appropriate action.

13) Security Incident / Breach Notification

If we become aware of a security incident that affects your personal data, we will take reasonable steps to investigate, mitigate harm, and notify affected users and/or relevant authorities as required by applicable law.

14) Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version and update the Effective Date. If changes are material, we may provide additional notice (for example, by email or a prominent notice on the Platform).

15) Contact Us

For questions, requests, or complaints:
Email: