Darah Privacy Policy

Privacy Policy for Darah App

Effective Date: September 23, 2025

Last Updated: February 5, 2026

1. Introduction

Welcome to Darah, a comprehensive local business marketplace platform connecting home-based entrepreneurs with nearby customers. Darah is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you use our mobile application and related services, including in-app ordering for delivery or pickup. By accessing or using the Darah app, you signify your understanding and acceptance of the terms outlined in this Privacy Policy.

2. Information We Collect

We collect various types of information to provide and improve our services to you. This information can be broadly categorized as Personal Information, Business Information, Order Information, and Usage Data.

2.1 Personal Information

Personal Information refers to data that can be used to identify you directly or indirectly. We collect the following personal information from users:

• Contact Details: Name, email address, and phone number.

• Profile Information: Optional profile photo.

• Location Data: With your explicit consent, we collect precise or approximate location data to enable features such as finding businesses near you and selecting a delivery location on the map. You can withdraw this consent at any time through your device settings.

• Communication Data: Information you provide when contacting us for support or inquiries.

• Device Identifiers: FCM tokens for push notifications.

2.2 Order Information (In-App Ordering)

When you place an order for delivery or pickup through the app, we collect and store:

• Contact Details for the Order: Name and phone number you provide at checkout.

• Delivery Address: Full address, city, street, building, and house/apt details when you choose delivery. When you pick a location on the map, we also store the coordinates (latitude and longitude) to facilitate delivery.

• Order Details: Items ordered, quantities, variants, special notes, order total, delivery fee (if applicable), and delivery method (delivery or pickup).

• Order Status and History: Status updates (e.g., pending, accepted, preparing, ready, on the way, delivered) and order history linked to your account.

This order data is used to fulfil your order and is shared with the business you order from so they can prepare, deliver, or have your order ready for pickup.

2.3 Business Information (for Business Owners)

If you register as a business owner on Darah, we collect additional information related to your business:

• Business Profile: Business name, description, and categories.

• Contact Details: Business phone number, WhatsApp contact, and Instagram handle.

• Location: Business location and region.

• Visual Assets: Business logo and gallery images.

• Product/Service Details: Menu items with prices and descriptions.

• Verification Documents: Documents required for business verification and approval.

2.4 Usage Data

We automatically collect certain information when you access and use the app. This data helps us understand how users interact with Darah and improve our services:

• App Usage Analytics: Information about how you use the app, such as features accessed, time spent on the app, and interaction patterns.

• Interaction Data: Business view counts, favorited businesses, search queries, preferences, and order-related interactions (e.g., cart and checkout usage).

• Technical Data: Device information (e.g., device model, operating system, unique device identifiers), IP address, and crash reports.

3. How We Use Your Information

We use the collected information for various purposes, primarily to provide, maintain, and improve the Darah app and its services.

• Service Provision: To provide and operate the core functionalities of the Darah app, including business discovery, profile management, communication features, and in-app ordering (cart, checkout, delivery or pickup).

• Order Fulfilment: To process and fulfil your orders, share order and delivery details with the business you order from, send you order status notifications, and support delivery or pickup.

• Personalization: To enhance your user experience by showing you relevant businesses and content based on your location and preferences.

• Communication: To send push notifications about nearby businesses, order updates, and other relevant information. You can manage your notification preferences in the app settings.

• Analytics and Improvement: To monitor and analyze app usage, performance, and trends, which helps us improve the app's features, functionality, and user interface.

• Business Management: For business owners, this includes managing your profile, listings, orders, and providing analytics related to your business performance on the platform.

• Admin Operations: For administrative purposes, such as business approval, content moderation, order support, and ensuring compliance with our Terms of Use.

• Security and Fraud Prevention: To detect, prevent, and address technical issues, security incidents, and fraudulent activities.

4. Data Sharing and Disclosure

We may share and disclose your information in certain situations, always with due regard for your privacy and in compliance with applicable laws.

• Order Data with Businesses: When you place an order, we share the order details (including your name, phone number, delivery address or pickup choice, items, and notes) with the business you order from so they can prepare, deliver, or have your order ready for pickup. The business is responsible for handling this data in accordance with their own practices and applicable law.

• Publicly Available Business Information: For approved business owners, certain business information (business name, description, categories, contact details, location, logo, gallery images, menu items) is shared publicly within the Darah app to facilitate discovery by users. Business owners may have the option to hide certain contact details from public view, as specified within the app's business management settings.

• User-Business Interaction: When users interact with a business (e.g., through inquiry or by placing an order), relevant contact and order information may be shared with the business owner to facilitate communication and order fulfilment.

• Service Providers: We engage third-party service providers to perform functions on our behalf, such as hosting, data analytics (e.g., Firebase/Google services), and push notification services. These providers have access to your information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

• Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).

• Business Transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred as part of that transaction. We will notify you before your Personal Information is transferred and becomes subject to a different Privacy Policy.

• With Your Consent: We may share your information with third parties when we have your explicit consent to do so. We do not sell your personal data to third parties.

5. Data Storage and Security

• Storage Location: Your data is primarily stored in Firebase (Google Cloud), which provides robust security measures. Images are stored in Firebase Storage. Order data (including delivery address and contact details) is stored in our database to fulfil orders and support order history. Some local data may be cached on your device for offline use.

• Security Measures: We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security audits. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure.

• Data Retention: We retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Generally, user accounts and associated data are retained until account deletion. Order data is retained for as long as needed to complete orders, handle disputes or support, and comply with legal obligations; you may contact us to ask about deletion of your order history where applicable. Business listings are retained until business closure or admin removal. Analytics data is aggregated and anonymized after 2 years. Support communications are retained for 3 years for customer service purposes. Payment records are retained for 7 years for accounting and legal compliance.

6. Your Rights (Data Subject Rights)

In accordance with the Omani Personal Data Protection Law, you have the following rights regarding your personal data:

• Right to Access: You have the right to request access to the personal data we hold about you.

• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.

• Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data under certain circumstances.

• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

• Right to Object: You have the right to object to the processing of your personal data under certain conditions.

• Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section below. We will respond to your request in accordance with applicable law.

7. Children's Privacy

Darah is not intended for use by individuals under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child under age 13 without verification of parental consent, we take steps to remove that information from our servers.

8. International Data Transfers

Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. Darah operates globally, and by using our services, you consent to the transfer of your information to other countries where we or our service providers operate. We ensure that appropriate safeguards are in place for such international transfers, including reliance on standard contractual clauses or other legally recognized mechanisms, to ensure your data is treated securely and in accordance with this Privacy Policy.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top of this Privacy Policy. We will also inform you via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "last updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• By email: darah.om@outlook.com

• By phone: +968 9949 1928