Privacy Policy — Salahiya

1. Who we are

Salahiya (“we”, “us”) provides UAE-focused employee document expiry monitoring. This policy explains how we handle data when you use our website and application.

2. Data we collect

Account data: name, email, company, role.
Employee records you add or import: name, contact details, document numbers, issue and expiry dates.
Uploaded documents (Passport, Emirates ID, Visa, Labour, Health cards) and OCR-extracted fields.
Billing metadata processed by Stripe (we do not store card numbers).
Operational logs and audit events.

3. How we use data

Provide and secure the service.
Send expiry alerts, digests, and account notifications.
Enforce plan limits, billing, and fraud prevention.
Improve product features and reliability.

4. Storage and hosting

Free-tier data is stored on Salahiya’s managed infrastructure. Paid tiers may connect their own database/storage (BYO Supabase); in that case, employee documents and files reside on infrastructure you control. Backups and access controls follow industry-standard practices.

5. Sharing

We do not sell personal data. We share data only with processors required to run the service (e.g. Stripe for payments, email providers for notifications) under appropriate agreements.

6. Retention

We retain account and employee data for as long as your account is active. You can delete employees, documents, or your entire account at any time from the app; deletion is permanent.

7. Your rights

You may access, correct, export, or delete your data from within the app, or by contacting support@salahiya.app.

8. Security

We use encryption in transit, row-level security on all multi-tenant tables, role-based access control, and audit logging. No system is perfectly secure; report suspected vulnerabilities to security@salahiya.app.

9. Changes

We may update this policy. Material changes will be announced in the app or by email.

10. Contact

Questions: support@salahiya.app.