Privacy Policy

Welcome to Ewasila ("we," "us," or "our"). This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our platform, website, mobile app, and related services (collectively, the "Services"). By accessing or using the Services, you agree to this policy. If you disagree, do not use our Services.

1. Information We Collect

We collect the following categories of data to operate our platform securely and effectively:

1.1 Personal Information Provided by You

Account Details: Full name, email address, phone number, username, and a hashed password.
Financial Information: For transactions, we collect payment method details (e.g., Binance Pay ID, Crypto wallet addresses, or Bank account numbers), processed securely by third-party providers like Stripe or Whish. We do not store credit card numbers or CVV codes.
KYC/AML Compliance: Government-issued ID (e.g., passport), proof of address, and facial recognition data for identity verification (encrypted and stored temporarily, then deleted after validation).
User Content: Listings, messages, reviews, and transaction history.

1.2 Automatically Collected Data

Technical Data: IP address, device ID, browser type, operating system, and geolocation (approximate, based on IP).
Usage Data: Pages visited, search queries, clickstream patterns, session duration, and interactions with ads/listings.
Cookies/Tracking: We use cookies, pixels, and SDKs (see Section 7).

1.3 Data from Third Parties

Social Media: If you sign up via Google/Apple/Facebook, we receive your public profile data (name, email).
Fraud Prevention Services: Data from identity verification tools (e.g., Jumio) to comply with Lebanese anti-fraud laws.

2. How We Use Your Information

We process your data for these purposes:

2.1 Service Delivery

Create and manage your account.
Facilitate transactions and communicate with buyers/sellers.
Verify identity under Lebanese Law 81/2018 and international AML standards.
Provide customer support.

2.2 Platform Improvement

Analyze usage trends to optimize features and user experience.
Train machine learning models Internally (anonymized data only) for personalized recommendations.

2.3 Legal & Security

Investigate fraud, spam, or violations of our Terms of Service.
Comply with Lebanese court orders, tax authorities, or regulatory requests.
Prevent cyberattacks using encrypted logs and intrusion detection systems.

2.4 Marketing

Send promotional emails only with your explicit consent (opt-in).
Use cookies for retargeting ads (see Section 7).

3. Data Sharing

We share data only under strict conditions:

3.1 With Service Providers

Payment Processors: Stripe, Whish, or Binance (for transaction execution).
Cloud Hosting: Pebble or Google Cloud (data stored in [specify region, e.g., Middle East]).
Analytics: Google Analytics, Meta, Hubspot (anonymized IPs) and Mixpanel.

3.2 Legal Obligations

Disclose data to Lebanese authorities (e.g., Banque du Liban) or courts if legally required.
Share with law enforcement to investigate illegal activities (e.g., counterfeit goods).

3.3 Business Transfers

During mergers, acquisitions, or bankruptcy, user data may transfer to new owners under confidentiality agreements.

4. Data Security

We adhere to Google's API Services User Data Policy, Apple's App Store Guidelines, and Lebanese Law 81/2018:

Encryption: All sensitive data is encrypted at rest and TLS/SSL in transit.
Access Controls: Role-based access to databases; employees undergo background checks.
No Plain Text: Passwords are hashed; payment details are tokenized.
Audits: Annual third-party penetration tests and SOC 2 compliance reviews.
Breach Protocol: Notify affected users and Lebanese authorities within 72 hours of detecting a breach.

5. Your Rights

Under Lebanese law and global standards, you can:

Access/Delete Data: Download your data or request deletion via [Account Settings].
Correct Errors: Update inaccurate profile details.
Opt-Out: Unsubscribe from marketing emails (link in every email).
Withdraw Consent: Disable cookies or revoke third-party app permissions.
Lodge Complaints: Contact Lebanon's Data Protection Authority.

To exercise these rights, email privacy@ewasila.com with proof of identity.

6. International Data Transfers

Data is primarily stored in [Germany, Brasil, Lebanon].

Transfers to non-Lebanese processors (e.g. EU servers) use EU Standard Contractual Clauses or Adequacy Decisions.

7. Cookies & Tracking Technologies

Essential Cookies: Session cookies for login functionality (no consent required).
Analytics Cookies: Google Analytics (anonymized) to improve performance.
Advertising Cookies: Facebook Pixel for ad targeting (enabled only with consent).
Apple App Tracking Transparency (ATT)

8. Children's Privacy

The Services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from individuals under the age of 16. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us.

If we become aware that we have collected personal information from an individual under the age of 16 without parental consent, we will take steps to delete such information from our servers.

9. Data Retention

Account Data: Retained until deletion request.
Transaction Records: Kept for 7 years under Lebanese tax laws.
KYC Documents: Deleted after 90 days of verification.

10. Updates to This Policy

We will notify users of material changes via email or in-app banners. Continued use constitutes acceptance.

Contact Us

For questions, data requests, or complaints:

Email: privacy@ewasila.com, complaints@ewasila.com

Compliance Summary

Google: Limited data use, transparency for ads, and API data protection.
Apple: ATT compliance, privacy nutrition labels, and data minimization.
Lebanon: Adherence to Law 81/2018, user rights enforcement, and local data storage.

E-wasila – Secure, Transparent, Trusted.