Privacy Policy

Last Updated: 23rd February 2026

This Privacy Policy applies to Tawabiry ("we", "our", or "us"), a queue management service operated in Egypt. This policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, or services.

Note: We are currently in Beta/MVP phase. This policy will be updated as our services evolve and expand to new jurisdictions.

2. How We Use Your Information

3. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

• Account information: Retained for the duration of your account plus 30 days after account closure or deletion
• Business operational data: Retained for 3 years following the last service usage
• Transaction records: Retained for 5 years to comply with financial regulations
• Usage analytics: Retained in aggregated form indefinitely, with personally identifiable information removed after 2 years
• Communication records: Retained for 2 years from the date of communication

You may request deletion of your data at any time by contacting us at privacy@tawabiry.com. We will process such requests within 30 days, subject to any legal retention requirements.

4. Data Protection

We implement robust security measures to protect your data against unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• Encryption: TLS/SSL encryption for data in transit; AES-256 encryption for sensitive stored data
• Access controls: Role-based access restrictions, multi-factor authentication, and principle of least privilege
• Regular security assessments: Vulnerability scanning, penetration testing, and security audits
• Secure infrastructure: Firewalls, intrusion detection systems, and regular security patches
• Employee training: Regular data protection and security awareness training

While we implement safeguards, no system is 100% secure. We encourage you to maintain secure passwords and notify us of any suspected unauthorized access to your account.

5. Data Sharing and Third Parties

We may share your information with the following categories of recipients:

• Service providers: Third parties that help us operate our platform (hosting providers, customer support tools, analytics services)
• Payment processors: Financial institutions and payment services that process transactions
• Analytics providers: For service optimization and usage understanding
• Legal authorities: When required by law, court order, or governmental regulation
• Business Partners (Operational Necessity): To facilitate the queuing process, Tawabiry discloses your personal information (including unmasked Name and Phone Number) directly to the Business Partner you are queuing for. You acknowledge that once shared, this data remains visible to the Business Partner in their dashboard (including 'Completed Tickets' and local caches) for record-keeping, auditing, and internal analytics.

We do not sell your personal information to third parties. When we share data with service providers, we ensure they maintain appropriate security measures and only use your data for specified purposes.

We currently use or plan to use the following key third-party services:

• Meta Prophet (Future use for wait time forecasting)
• Local Payment gateways: Geiea, InstaPay, Vodefone Cash (We do not use international MoR or Dodo Payments for Egypt)

6. Your Rights

Depending on your location, you may have various data protection rights. We honor the following rights for all users:

• Access: You can request copies of your personal data we hold
• Rectification: You can request correction of inaccurate or incomplete data
• Deletion: You can request deletion of your personal data (subject to legal exceptions)
• Restriction: You can request temporary or permanent restrictions on data processing
• Objection: You can object to certain types of processing, particularly direct marketing
• Data portability: You can request transfer of your data to another service provider
• Consent withdrawal: You can withdraw previously given consent for data processing

To exercise these rights, please contact us at privacy@tawabiry.com. We will respond to your request within 30 days. For verification purposes, we may request additional information to confirm your identity before fulfilling your request.

For users in the European Economic Area (including Germany), additional GDPR-specific rights and information will apply when we expand to those regions.

7. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and optimize our services. These technologies collect information about how you interact with our website and application.

You can control cookie preferences through your browser settings. Most browsers allow you to refuse or accept cookies and to delete them. Note that blocking certain cookies may impact functionality of our services.

8. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect or solicit personal information from children under 13. If we learn we have collected personal information from a child under 13, we will promptly delete that information.

If you believe we might have inadvertently collected information from a child under 13, please contact us immediately at privacy@tawabiry.com.

9. International Data Transfers

As we operate in Egypt and plan to expand to other countries, your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your country.

When we transfer your data internationally, we implement appropriate safeguards to ensure your information receives an adequate level of protection, including:

• Data transfer agreements incorporating standard contractual clauses
• Encryption and security measures during transfer and storage
• Verification of third-party security practices
• Compliance with local data protection regulations

By using our services, you consent to the transfer of your information to countries where we operate, which may have different data protection rules than your country.

10. Data Breach Procedures

In the event of a data breach that compromises your personal information, we will:

• Notify affected users within 72 hours of becoming aware of the breach, where feasible
• Provide information about the nature of the breach and data affected
• Outline steps we are taking to address the breach
• Offer recommendations to protect yourself from potential harm
• Notify relevant regulatory authorities as required by law

11. Changes to Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or applicable laws. The updated version will be indicated by an updated "Last Updated" date at the top of this policy.

We will notify you of material changes through:

• Email notifications to the address associated with your account
• Prominent notices on our website or application
• In-app notifications when you next use our services

We encourage you to periodically review this Privacy Policy. Your continued use of our services after changes to this policy constitutes acceptance of the updated terms.

12. Governing Law

Role Disclosure: Tawabiry acts strictly as a 'Data Processor' for the Egyptian market. The Business Partner you interact with is the 'Data Controller.' Once data is shared with the Controller, they assume full responsibility for its secure handling and storage. This policy is governed by the laws of Egypt.

For users in the European Economic Area, including Germany, GDPR regulations will apply when we expand to those regions. For users in Saudi Arabia, UAE, and other planned expansion markets, we will comply with applicable local data protection laws.