Privacy Policy

1. Introduction

This Privacy Policy explains how vacansee ("we", "us", "our", or "the Service") collects, uses, stores, transfers, and protects your Personal Data. We are committed to protecting your privacy and complying with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE PDPL") and all applicable data protection laws in the United Arab Emirates.

Please read this Policy carefully. By accessing or using vacansee, you acknowledge that you have read, understood, and agree to the practices described herein.

2. Definitions

3. Controller Information and Contact Details

4. Personal Data We Collect

4.1 Account and Authentication Data

When you create an account or sign in using a third-party OAuth provider (Google, GitHub, or Microsoft/Azure), we collect:

• Name (as provided by the OAuth provider)
• Email address
• Profile picture/avatar (if provided by the OAuth provider)
• Unique user identifier (generated by Supabase Auth)
• OAuth provider name (e.g., Google, GitHub, Azure)
• Authentication tokens and session data (stored securely and encrypted)

4.2 Device and Usage Data

We collect technical information automatically when you access or use the Service:

• IP address
• Browser type, version, and language settings
• Operating system
• Device type and identifiers (e.g., device model, screen resolution)
• Referrer URL (the website you came from)
• Pages viewed, features used, and actions taken within the Service
• Date, time, and duration of your visits and sessions
• Performance and diagnostic data (e.g., page load times, errors, crashes)

This data is collected via Vercel Analytics and standard web server logs.

4.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to:

• Authenticate your session and keep you signed in (essential cookies)
• Analyze usage patterns and performance (analytics cookies via Vercel Analytics)

You can manage cookie preferences through your browser settings. Note that blocking essential cookies may prevent you from signing in or using core features of the Service.

4.4 User-Generated Content

Currently, the Service does not provide functionality for users to submit, upload, or create content such as files, documents, notes, or other materials. We do not collect or store user-generated content at this time. If this functionality is added in the future, we will update this Privacy Policy accordingly and notify you of any changes.

4.5 Communications and Support Data

If you contact us for support, feedback, or inquiries via our contact page, we collect:

• Your email address and any other contact information you provide
• The content of your message or inquiry
• Any attachments or additional information you submit

5. Legal Bases and Purposes of Processing

We process your Personal Data only where we have a lawful basis under the UAE PDPL:

5.1 Performance of a Contract

We process your Personal Data to:

• Create, manage, and authenticate your account
• Provide access to the Service and its features
• Enable core functionality (e.g., saving your preferences, syncing data)
• Fulfill our obligations under our Terms of Service

5.2 Legitimate Interests

We process Personal Data where necessary for our legitimate interests, balanced against your rights and freedoms:

• Security and fraud prevention: Detecting, preventing, and responding to security incidents, unauthorized access, abuse, or fraudulent activity
• Service improvement: Analyzing usage patterns to improve performance, reliability, user experience, and develop new features
• Technical operations: Maintaining, troubleshooting, and optimizing our infrastructure, servers, and applications
• Legal compliance: Responding to legal requests, enforcing our Terms of Service, and protecting our legal rights

5.3 Legal Obligations

We process Personal Data to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

6. Data Processing Controls

We process Personal Data in accordance with the following principles:

1. Lawfulness, Fairness, and Transparency: Processing is conducted lawfully, fairly, and in a transparent manner
2. Purpose Limitation: Personal Data is collected for specified, explicit, and legitimate purposes and not processed in a manner incompatible with those purposes
3. Data Minimization: We collect only the Personal Data that is adequate, relevant, and limited to what is necessary for the stated purposes
4. Accuracy: We take reasonable steps to ensure Personal Data is accurate and up to date
5. Storage Limitation: Personal Data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law
6. Security: We implement appropriate technical and organizational measures to protect Personal Data
7. Accountability: We are responsible for and can demonstrate compliance with these principles

7. Data Sharing and Disclosure

We do not sell, rent, or trade your Personal Data to third parties. We share Personal Data only in the limited circumstances described below:

7.1 Service Providers (Processors)

We engage trusted third-party service providers to perform functions on our behalf:

7.2 OAuth Providers

When you sign in using a third-party OAuth provider:

• The OAuth provider shares your basic profile information with us as permitted by you during the sign-in process
• Your use of the OAuth provider is governed by that provider's own terms and privacy policy:
• Google: https://policies.google.com/privacy
• GitHub: GitHub Privacy Statement
• Microsoft/Azure: Microsoft Privacy Statement

7.3 Legal Requirements

We may disclose Personal Data if required or permitted by law, including to:

• Comply with legal obligations, court orders, subpoenas, warrants, or other valid legal processes
• Cooperate with law enforcement, regulatory authorities, or governmental bodies in the UAE or abroad when required by law
• Enforce our Terms of Service, investigate and prevent fraud, security incidents, or violations of our policies
• Protect the rights, property, safety, or security of vacansee, our users, or the public, including in emergencies

8. Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

8.1 Retention Periods

• Account Data: Retained while your account is active. Upon account deletion, we will delete your account data within 30 days, unless retention is required by law
• Authentication and Session Data: Retained for the duration of your session. Session tokens expire automatically and are deleted upon logout or expiration
• Usage and Analytics Data (Vercel Analytics): Aggregated and anonymized usage data may be retained for up to 12 months for analytical and service improvement purposes
• Logs (Security, Diagnostic, Server Logs): Retained for up to 30 days for security monitoring, troubleshooting, and fraud prevention
• Support Communications: Retained for up to 2 years or as long as necessary to address your inquiry and comply with legal obligations

9. Cross-Border Data Transfers

Our Processors (Supabase and Vercel) may process and store your Personal Data on servers located outside the United Arab Emirates, including in jurisdictions that may not provide an equivalent level of data protection as the UAE.

9.1 Safeguards for International Transfers

Where we transfer Personal Data outside the UAE, we ensure appropriate safeguards are in place:

• Necessity to perform a contract with you (e.g., to provide the Service you requested)
• Legitimate interests (subject to appropriate safeguards and balancing of your rights)
• Your explicit consent (where required and obtained in accordance with UAE PDPL)

10. Your Rights Under UAE PDPL

As a Data Subject under the UAE PDPL, you have the following rights. You may exercise these rights by contacting us at https://tahayparker.vercel.app/contact.

11. Data Security

We implement comprehensive technical and organizational security measures to protect your Personal Data from unauthorized access, disclosure, alteration, destruction, loss, or misuse.

11.1 Technical Measures

• Encryption: Personal Data is encrypted both in transit (using TLS/SSL) and at rest (using industry-standard encryption algorithms)
• Access Controls: Strict access controls ensure that only authorized systems can access Personal Data on a need-to-know basis
• Secure Authentication: We use Supabase Auth with OAuth providers that employ robust authentication mechanisms, including secure token management

11.2 Organizational Measures

• Data Minimization: We collect only the minimum Personal Data necessary for the stated purposes
• Incident Response Plan: We maintain a documented incident response plan to detect, respond to, and recover from Data Breaches
• Data Backup and Recovery: Regular backups are performed to ensure data availability and business continuity in case of system failures

11.3 Limitations

While we strive to protect your Personal Data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you transmit data at your own risk. If you suspect unauthorized access to your account, please contact us immediately.

12. Data Breach Notification

In the event of a Data Breach that is likely to result in a risk to your rights, privacy, or confidentiality, we will:

12.1 Notification to the UAE Data Office

We will notify the UAE Data Office without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

12.2 Notification to Data Subjects

If the Data Breach is likely to result in a high risk to your privacy, confidentiality, or security, we will notify you without undue delay via email or prominent notice on the Service.

13. Complaints and Grievances

13.1 Internal Complaints

If you believe we have violated your rights or this Privacy Policy, you may submit a complaint to us at https://tahayparker.vercel.app/contact. We will acknowledge receipt within 7 days and respond within 30 days.

13.2 Grievance Procedure (Appeal)

If you are dissatisfied with our response, you may submit a written grievance within 30 days of receiving our response. We will review your grievance and issue a final decision within 30 days.

14. Children's Privacy

The Service is not directed to children under the age of 13 (or the minimum age required for consent under UAE law, whichever is higher). We do not knowingly collect Personal Data from children under 13 without verifiable parental or guardian consent.

If you are a parent or guardian and believe your child under 13 has provided Personal Data to us, please contact us immediately at https://tahayparker.vercel.app/contact.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Service features. When we make changes, we will:

• Update the "Last Updated" date at the top of this Policy
• Post the revised Policy on the Service
• For material changes, we will provide prominent notice (e.g., email notification, banner on the Service) and, where required by law, obtain your consent

Your continued use of the Service after the effective date of the updated Policy constitutes your acceptance of the changes. If you do not agree with the updated Policy, you must stop using the Service and may request deletion of your account and Personal Data.

16. Legal Compliance and Enforcement

This Privacy Policy and our processing of your Personal Data are governed by and construed in accordance with the laws of the United Arab Emirates, including UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.

17. Contact Us

For any questions, concerns, requests, or complaints regarding this Privacy Policy or our processing of your Personal Data, please contact us at https://tahayparker.vercel.app/contact

We are committed to addressing your inquiries promptly and in accordance with applicable law.

18. Acknowledgment and Consent

By using vacansee, you acknowledge that:

1. You have read, understood, and agree to this Privacy Policy
2. You understand your rights as a Data Subject under UAE PDPL and how to exercise them
3. You acknowledge that cross-border data transfers to Processors outside the UAE are necessary to provide the Service and are subject to appropriate safeguards

If you do not agree with this Privacy Policy, please do not use the Service.