Privacy Policy

1. INTRODUCTION

Your privacy is very important to us at Naayya, and we are dedicated to protecting it and maintaining your trust. This Privacy Policy explains our online information practices and the choices you have regarding how your information is collected and used when you interact with Naayya S.A.R.L.-S ("Naayya," "we," "us," or "our") through our platform and services at https://www.naayya.com (the "Website").

In this policy, "Personal Data" refers to information that can identify you as an individual, and "processing" means any operation performed on Personal Data, such as collection, storage, use, or sharing. Other terms not defined here have the meanings given in our Terms of Service.

We use your Personal Data to provide and improve the Naayya platform and services. By using our Website or engaging with us, you agree to the collection and use of information as described in this Privacy Policy.

Our role in processing your Personal Data may vary depending on the context:

• As a Data Processor: When we deliver services to our partners or subscribers, we may process Personal Data on their behalf. In these cases, our partners are responsible for their own privacy policies and for informing their end users.
• As a Data Controller: For our own marketing, account management, and direct interactions with you, Naayya acts as the Data Controller and is responsible for your Personal Data as described in this policy.

We encourage you to read this Privacy Policy in full to understand how your information is handled. If you have any questions or concerns about our privacy practices, please contact us at support@naayya.com.

If you do not agree with our use of your personal data as described here, please do not use the Naayya platform or services.

2. DEFINITIONS

The following definitions apply throughout this Privacy Policy. Words with capitalized initial letters have the meanings set out below, whether used in singular or plural form:

• Account: A unique account created for you to access our platform and services.
• Company: Refers to Naayya S.A.R.L.-S, the legal entity responsible for the Website and services (also referred to as "Naayya," "we," "us," or "our").
• Cookies: Small files placed on your device by our Website, used for various purposes including remembering your preferences and tracking usage.
• Data Controller: For the purposes of the GDPR, the Company that determines the purposes and means of processing your Personal Data.
• Data Processor: A natural or legal person who processes Personal Data on behalf of the Data Controller.
• Device: Any device that can access the Naayya platform, such as a computer, smartphone, or tablet.
• GDPR: The General Data Protection Regulation (EU) 2016/679, which governs data protection and privacy in the European Union.
• Personal Data: Any information relating to an identified or identifiable natural person. This includes, for example, your name, email address, identification number, location data, or other factors specific to your identity.
• Platform: The Naayya Website and any related applications or services provided by Naayya.
• Service: The Website and all related features, content, and services offered by Naayya.
• Service Provider: Any third party or individual who processes data on behalf of Naayya to help provide the Service, such as hosting, analytics, or payment processing providers. For GDPR purposes, Service Providers are considered Data Processors.
• Usage Data: Data collected automatically, either generated by your use of the Service or from the Service infrastructure itself (for example, duration of a page visit or device/browser information).
• User/You: The individual accessing or using the Naayya platform or services, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR, you may be referred to as the Data Subject or User.

Any other terms used in this Privacy Policy that are defined in Article 4 of the GDPR (such as controller, processor, data subject, and others) shall have the same meaning as defined in the GDPR.

3. SCOPE OF THIS PRIVACY POLICY

This Privacy Policy applies to all users of the Naayya platform and services. It does not cover information related to employees, which is governed by internal policies, or service providers, which may be subject to separate agreements. This Privacy Policy is part of, and subject to, our Terms of Use. Any capitalized terms not defined here have the meanings given in our Terms of Use.

4. WHAT PERSONAL DATA DO WE COLLECT?

We may collect personal data that you provide directly to us, such as:

• Name
• Email address
• Username
• Password
• Phone number
• Address
• Payment data (processed securely via Stripe; we do not store payment details)
• Comments, feedback, and survey responses
• Any other information you choose to provide via forms or communication

We also collect data automatically as you use our platform, including:

• IP address
• Browser type and device information
• Pages visited and time spent on pages
• Referring website
• Cookies or other tracking identifiers
• Usage data (e.g., features used, frequency, and duration of activities)
• Crash reports and log files

5. HOW DO WE COLLECT YOUR DATA?

We collect your personal data in several ways, depending on how you interact with Naayya:

• Directly from you: When you create an account, fill out forms, make a booking, communicate with us, or otherwise use our services, you provide us with personal data.
• From third parties: If you access our platform through a third-party application (such as a social login, app store, or social networking site), we may collect personal data that you have made available via your privacy settings on those platforms.
• Automatically as you use our platform: We may collect certain information automatically, such as your IP address, device and browser information, MAC address, cookie identifiers, mobile carrier, location information (including approximate location from your IP address), and internet service provider. We also collect data about your usage of our services, such as pages visited, links clicked, features used, time spent, frequency and duration of activities, and search terms.
• Log files: We collect non-personally identifiable information through log files, which may include IP addresses, browser types, domain names, and other anonymous statistical data. This helps us analyze trends, administer and monitor the platform, and gather demographic information. We may link this information to personal data for purposes such as personalizing your experience and evaluating our services.
• Crash reports: If you submit crash reports, we may collect diagnostic information about your device and the activities that led to the crash.
• Cookies and tracking technologies: We use cookies and similar technologies to collect data about your interactions with our platform. For more information, please see our Cookie Policy.
• Online forms: We may collect personal data via forms based on your interaction with us. Each form will explain the purpose for collecting such data.
• Social media platforms: Our platform may include buttons or widgets for social media platforms (such as Facebook, Instagram, or X). These features may collect your IP address and set cookies to function properly. Your interactions with these platforms are governed by their respective privacy policies.
• Direct interaction: We may collect personal data from you as part of your direct interactions with us, such as when you contact support or sales.

6. WHY WE COLLECT AND HOW WE USE YOUR DATA

We do not sell your personal data. We collect and process your data only as permitted by applicable data protection and privacy laws. In many cases, we need to collect and process certain personal data to provide you with access to Naayya's services. When you register or use our platform, you may be asked to provide consent for us to process your data, and you can withdraw this consent at any time.

We use your data for a variety of purposes, including:

• To provide and operate our services: We use your data to create and manage your account, deliver our platform features, process bookings and payments, provide customer support, and communicate with you about your account or transactions. This processing is necessary for the performance of our contract with you.
• To ensure security and prevent misuse: We process data to protect Naayya and our users from fraud, unauthorized access, and other unlawful activities. This includes monitoring for suspicious activity and enforcing our terms and policies. The legal basis is our legitimate interest in maintaining a secure platform.
• To improve and develop our services: We analyze usage data and feedback to understand how our platform is used, identify trends, and make improvements. We may use aggregated or anonymized data for these purposes. With your consent, we may also use your data to test new features or services.
• For internal record-keeping and evidence: We keep records of your interactions with us, including communications, transactions, and support requests, to maintain evidence of our relationship, resolve disputes, and comply with our policies. This is based on our legitimate interests and legal obligations.
• To promote and market our services: With your consent or where permitted by law, we may use your contact details to send you information about Naayya's offerings, updates, or promotions. We may also use anonymized or aggregated data to help us understand our audience and improve our marketing. Third-party service providers may assist us with these activities, but they will not use your data for their own purposes.
• To comply with legal obligations: We may use and disclose your data as required by law, such as for accounting, tax, regulatory, or legal process purposes. This includes responding to lawful requests from authorities or courts.

You may object to certain types of processing or withdraw your consent at any time by contacting us. We will always respect your choices as required by law.

7. HOW WE SHARE AND DISCLOSE YOUR DATA

We do not sell your personal data. However, we may share the information we collect in the following ways:

• Vendors and Service Providers: We may share your data with trusted third-party vendors and service providers who help us operate our platform, deliver services, process payments, send communications, or support our marketing and analytics efforts. These providers are only permitted to use your data as necessary to perform their services for us.
• Aggregate or De-identified Information: Where legally permissible, we may use and share information about users in aggregated or de-identified form that cannot reasonably be used to identify you, for analytics, research, or business purposes.
• Advertising Partners: We may work with third-party advertising partners to show you relevant ads. These partners may set and access their own cookies or similar technologies and may collect information about your use of our platform and other online services over time.
• Third-Party Partners: We may share information with third-party partners to receive additional publicly available information about you or to enhance our services.
• Referrals: If you sign up for our services through a referral, we may share information with your referrer to let them know you used their referral link.
• Analytics Providers: We use analytics services (such as Google Analytics and PostHog) to help us understand how our platform is used. These providers may use cookies and similar technologies to collect non-identifying information about your use of our services. For more information, see their privacy policies.
• Business Transfers: If we are involved in a merger, acquisition, financing, sale of assets, bankruptcy, or similar event, your information may be transferred to a successor or acquirer as part of that transaction.
• Legal Requirements and Protection: We may share your data to comply with applicable laws, regulations, legal processes, or governmental requests; to enforce our Privacy Policy and Terms of Service; to detect, prevent, or address fraud, security, or technical issues; to respond to your requests; or to protect the rights, property, or safety of Naayya, our users, or the public.
• With Your Consent: We may share your information for other purposes if you have given us your explicit consent.

8. THIRD-PARTY SERVICES

Our platform may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties, and we encourage you to review their privacy policies before providing any information.

9. DATA SECURITY

We implement technical and organizational measures to protect your data, including:

• Encryption of data in transit and at rest where feasible
• Secure authentication methods
• Regular security audits and compliance checks
• Access controls and staff training

While we strive to protect your data, no service is completely secure. We cannot guarantee that unauthorized access, hacking, or data loss will never occur.

10. DATA RETENTION

We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law. You may request deletion of your data by contacting us at support@naayya.com. We may retain certain data for legal compliance, dispute resolution, or backup purposes.

11. YOUR RIGHTS AND CHOICES

Depending on your location, you may have the following rights regarding your personal data:

• Right to access your data
• Right to rectify inaccurate or incomplete data
• Right to request deletion of your data
• Right to restrict or object to processing
• Right to data portability
• Right to withdraw consent for marketing communications

You can manage your cookie preferences in your browser settings and unsubscribe from marketing emails at any time. For any requests, contact support@naayya.com.

12. CHILDREN'S PRIVACY

Our platform is not intended for use by children. We do not knowingly collect personal data from children under the age of 16. If we become aware that a child has provided us with personal data, we will take steps to delete such information. Parents or guardians who believe their child has provided us with personal data should contact us at support@naayya.com.

13. INTERNATIONAL DATA TRANSFERS

Your personal data is stored on servers in the European Union. If we transfer your data outside the EEA, we will ensure appropriate safeguards are in place, such as standard contractual clauses or other lawful mechanisms, to protect your data in accordance with applicable law.

14. SUB-PROCESSORS

We use the following main third-party vendors to help provide our services. Please review their privacy policies for more information on how they handle your data:

• Supabase (hosting and database) – Privacy Policy
• Stripe (payment processing) – Privacy Policy
• Mailchimp (email delivery) – Privacy Policy
• SendGrid (email delivery) – Privacy Policy
• Vercel (hosting) – Privacy Policy
• AWS (infrastructure) – Privacy Policy
• Google Analytics (analytics) – Privacy Policy
• PostHog (analytics) – Privacy Policy

15. CHANGES TO THIS PRIVACY POLICY

We may update this policy periodically. Significant changes will be communicated on our Website. We encourage you to review this page regularly.

16. CONTACT US

If you have any questions or concerns about this Privacy Policy or your personal data, please contact us at support@naayya.com. We will respond as soon as possible.

17. ADDITIONAL DISCLOSURES FOR UNITED STATES USERS

While we do not currently have users in the United States, we are preparing to comply with applicable US privacy laws (such as CCPA/CPRA, Colorado, Virginia, and Nevada) as we expand. If you are a US resident and have questions about your privacy rights, please contact us at support@naayya.com.