Privacy Policy

1. Introduction

SAYEF ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use the SAYEF platform ("the Platform"), a marketplace for yacht trips, safaris, and coastal adventures in Marsa Matrouh, Egypt.

2. Information We Collect

2.1 Information You Provide

• Account Registration: Full name, email address, phone number (Egyptian format: +20XXXXXXXXXX), and password (stored as a bcrypt hash, never in plain text).
• Profile Information: Date of birth (optional), profile updates.
• Provider Registration: Business name, provider status, IPA (InstaPay) address, payout wallet number, and contract verification status.
• Booking Data: Service selections, dates, time slots, guest counts, and payment proof images (uploaded screenshots/receipts).
• Support Tickets: Subject, description, and messages you submit through the support system.

2.2 Information Collected Automatically

• Session Data: We use JSON Web Tokens (JWT) for authentication. Session tokens are stored in HTTP-only cookies and are used solely to maintain your login state.
• Device Information: Browser type and version, as collected by standard HTTP headers. We do not use tracking pixels or third-party analytics.

2.3 Information from Third Parties

• Google Sign-In: If you choose to log in via Google, we receive your name, email address, and profile image from Google. We do not access your Google contacts, calendar, or any other Google services.

3. How We Use Your Information

• Booking Management: To process your bookings, generate QR code tickets, manage holds and expirations, and facilitate communication between tourists and providers.
• Notifications: To send you booking confirmations, cancellations, refund alerts, and other transactional notifications via the in-app notification system and email.
• Provider Digest Emails: Approved providers receive a nightly email summary (11 PM Cairo time) listing their confirmed bookings for the following day. This is strictly operational and cannot be individually unsubscribed from while your account is active.
• WhatsApp Notifications: With your phone number, we may send time-sensitive booking notifications (confirmations, cancellations, force majeure alerts) via WhatsApp using the Meta WhatsApp Business API. These are strictly transactional — we do not send marketing messages via WhatsApp.
• Wallet Operations: To manage your Tourist Wallet balance, process refunds, and record transaction history.
• Provider Payouts: To process provider earnings, payout requests, and maintain financial records.
• Platform Improvement: To monitor system performance, debug issues, and improve user experience.
• Legal Compliance: To comply with applicable Egyptian laws and regulations.

4. Cookies & Storage

We use the following browser storage mechanisms:

• Authentication Cookie: A secure, HTTP-only session cookie containing your JWT token. This is essential for the Platform to function and cannot be disabled while using the service.
• Locale Preference: We store your language preference (English/Arabic) to provide a consistent experience across visits.
• No Third-Party Tracking: We do not use third-party advertising cookies, Google Analytics, Facebook Pixel, or any other tracking technologies. We do not sell, rent, or share your data with advertisers.

5. Data Sharing

We share your personal information only in the following circumstances:

• With Providers: When you make a booking, the Provider receives your name and phone number to coordinate the service. Providers do not receive your email address or payment details.
• With Payment Processors: Payment proof images are shared with administrators for verification. We do not process credit card payments directly.
• With WhatsApp (Meta): Your phone number is shared with Meta's WhatsApp Business API solely for sending transactional notifications.
• Legal Requirements: We may disclose information if required by Egyptian law, court order, or government regulation.

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Our social media presence (Instagram, Facebook, TikTok — @sayef.matrouh) is managed separately; interactions there are governed by the respective platform's privacy policies.

6. Data Security

• Passwords are hashed using bcrypt with a cost factor of 10 and are never stored in plain text.
• All communication between your browser and our servers is encrypted via HTTPS/TLS.
• Database access is restricted to authorized server processes only.
• Session tokens expire automatically and are validated on every request.

While we implement industry-standard security measures, no system is 100% secure. We encourage you to use a strong, unique password for your SAYEF account.

7. Data Retention

• Account Data: Retained for the lifetime of your account. You may request account deletion by contacting support.
• Booking Records: Retained for a minimum of 5 years for financial and legal compliance.
• Payment Proof Images: Retained for 1 year after booking completion.
• Support Tickets: Retained for 2 years after resolution.

8. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate personal information via your Profile page.
• Deletion: Request deletion of your account and associated data (subject to legal retention requirements).
• Objection: Object to WhatsApp notifications by contacting support.

To exercise any of these rights, please contact us through the Support section on the Platform or at info@sayef-matrouh.com.

9. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child under 18 has created an account, we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via in-app notifications. The "Last updated" date at the top reflects the most recent revision. Continued use of the Platform after changes constitutes acceptance.

11. Contact

For privacy-related questions or requests, contact us through the Support section on the Platform or email info@sayef-matrouh.com.