Privacy Policy

1. Introduction

This Privacy Policy describes how Dr Loay App ("we," "us," or "our") collects, uses, and protects your personal information when you use our mobile application ("the App"). We are committed to protecting your privacy and being transparent about our data practices.

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, profile details
• User Content: Tasks, goals, chat messages, assessment responses
• Communication: Messages sent to customer support
• Feedback: Ratings, reviews, and feedback about the App

2.2 Information Automatically Collected

• Usage Data: Features used, time spent, interaction patterns
• Device Information: Device type, operating system, app version
• Technical Data: IP address, device identifiers, crash reports
• Analytics Data: App performance metrics and user behavior patterns

2.3 Information from Third Parties

• Authentication Services: If you sign in with third-party services
• App Store Data: Information from Apple App Store or Google Play Store
• Social Features: If you connect social media accounts (future feature)

3. How We Use Your Information

3.1 Primary Purposes

• Service Delivery: Provide AI coaching, task management, and assessments
• Personalization: Customize your experience and recommendations
• Communication: Send important updates and respond to inquiries
• Support: Provide customer service and technical support

3.2 Secondary Purposes

• Improvement: Analyze usage to enhance app features and performance
• Security: Detect and prevent fraud, abuse, and security threats
• Legal Compliance: Meet legal obligations and protect our rights
• Business Operations: Conduct internal research and development

3.3 AI and Machine Learning

• Content Generation: Use your data to generate personalized AI responses
• Pattern Recognition: Analyze behavior patterns to improve recommendations
• Model Training: Improve AI algorithms (using anonymized data only)
• Cultural Adaptation: AI responses are tailored for UAE cultural context
• Language Support: AI processing supports both Arabic and English languages

3.4 UAE-Specific Data Usage

• Business Hours Optimization: Usage patterns help optimize for UAE working schedules
• Cultural Sensitivity: Data analysis ensures content appropriateness for UAE society
• Regional Preferences: User behavior data helps customize features for GCC region
• Compliance Monitoring: Data usage patterns help ensure ongoing regulatory compliance

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Service Providers

We may share data with trusted service providers who help us operate the App:

• Cloud Storage: Supabase for secure data storage
• Analytics: Usage analytics and crash reporting services
• Communication: Email and notification services
• AI Services: OpenRouter for AI processing

4.3 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or abuse
• Respond to emergencies

4.4 Business Transfers

In the event of a merger, acquisition, or sale, your information may be transferred to the new entity.

5. Data Security

5.1 Security Measures

• Encryption: Data is encrypted in transit and at rest
• Access Controls: Limited access to authorized personnel only
• Secure Infrastructure: Use of secure cloud services and databases
• Regular Audits: Periodic security assessments and updates

5.2 Data Breach Response

• Notification: We will notify affected users of any significant data breaches
• Investigation: Immediate investigation and remediation of security incidents
• Improvement: Continuous improvement of security measures

6. Data Retention

6.1 Active Accounts

• We retain your data while your account is active
• Data is used to provide ongoing services and improve your experience
• You can delete specific content at any time through the App

6.2 Account Deletion

• When you delete your account, we deactivate your data and make it inaccessible
• Some data may be retained for legal, security, or operational purposes
• Anonymized data may be retained for research and improvement

6.3 Retention Periods

• Account Data: Retained until account deletion
• Usage Analytics: Retained for up to 2 years
• Support Communications: Retained for up to 3 years
• Legal Records: Retained as required by law

7. Your Rights and Choices

7.1 Access and Control

• View Data: Access your personal information through the App
• Update Information: Modify your profile and account details
• Delete Content: Remove specific tasks, messages, or assessments
• Account Deletion: Permanently delete your account and data

7.2 Privacy Settings

• Notification Preferences: Control what notifications you receive
• Data Sharing: Opt out of non-essential data sharing
• Analytics: Limit data collection for analytics purposes

7.3 Regional Rights

Depending on your location, you may have additional rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate information
• Right to Erasure: Request deletion of your data
• Right to Portability: Receive your data in a portable format
• Right to Object: Object to certain data processing activities

8. Children's Privacy and Family Considerations

8.1 Age Restrictions

• The App is intended for users aged 13 and older in accordance with UAE regulations
• We do not knowingly collect information from children under 13
• If we discover we have collected such information, we will delete it promptly
• Age verification follows UAE digital age requirements

8.2 Parental Controls and Family Privacy

• Parents can contact us to review or delete their child's information
• We encourage parents to monitor their children's online activities
• Family privacy settings respect UAE cultural values
• Parental consent processes align with UAE family law principles

8.3 UAE Cultural Considerations for Minors

• Content for younger users respects UAE educational and cultural standards
• Leadership development content is age-appropriate and culturally sensitive
• Islamic values and UAE social norms are considered in youth-oriented features
• Educational content aligns with UAE Ministry of Education guidelines

9. UAE Data Localization and International Transfers

9.1 UAE Data Residency

• Critical user data is stored within UAE borders in compliance with local regulations
• Data centers used meet UAE cybersecurity and data protection standards
• Government and sensitive business data follows UAE data localization requirements
• Regular audits ensure compliance with TDRA data residency guidelines

9.2 Cross-Border Data Processing

• Some data processing may occur outside UAE for technical optimization
• International transfers comply with UAE cybersecurity law requirements
• Appropriate safeguards are in place for all cross-border data movements
• Third-party processors are vetted for UAE compliance standards

9.3 GCC Data Sharing

• Data may be shared within GCC countries for service optimization
• GCC data sharing follows regional cooperation agreements
• Cultural and linguistic preferences are maintained across GCC operations

9.4 International Compliance

• GDPR protections for EU users accessing our services
• Standard contractual clauses for international business partnerships
• Additional safeguards implemented based on user location and applicable laws

10. Cookies and Tracking

10.1 App Analytics

• We use analytics tools to understand app usage and performance
• This may include tracking technologies and unique identifiers
• You can opt out of analytics through app settings

10.2 Third-Party Services

• Third-party services may use their own tracking technologies
• We are not responsible for third-party privacy practices
• Review third-party privacy policies for more information

11. Changes to This Policy

11.1 Policy Updates

• We may update this Privacy Policy from time to time
• Significant changes will be communicated through the App
• Continued use constitutes acceptance of the updated policy
• Updates consider evolving UAE data protection regulations

11.2 UAE-Specific Notification Methods

• In-App Notifications: Alerts within the App in Arabic and English
• Email Notifications: Sent to your registered email address during UAE business hours
• SMS Notifications: For critical privacy updates (UAE mobile numbers)
• Website Updates: Posted with Arabic translation when applicable

11.3 UAE Business Calendar Considerations

• Policy updates avoid UAE national holidays and Islamic holidays
• Notice periods respect UAE business calendar (Sunday-Thursday)
• Ramadan schedule considerations for non-urgent updates
• Extended notice periods during UAE government holiday seasons

12. Contact Information

12.1 Privacy Questions

For questions about this Privacy Policy or our data practices:

• Email: privacy@drloayapp.com
• Support: support@drloayapp.com
• Phone (UAE): +971 (0) 45 542 807
• Business Hours: Sunday-Thursday, 9am until 6pm GST
• Address: United Arab Emirates
• Business Registration: Licensed in accordance with UAE commercial laws

12.2 Data Protection Officer

In accordance with UAE data protection requirements, you can contact our Data Protection Officer:

• Email: dpo@drloayapp.com
• Response Time: Within 30 days as per UAE regulations
• Languages: Arabic and English support available

12.3 UAE Regulatory Contacts

For regulatory compliance matters in the UAE:

• TDRA Compliance: We adhere to UAE Telecommunications and Digital Government Regulatory Authority guidelines
• Data Localization: Data processing follows UAE data residency requirements where applicable
• Cultural Compliance: Content review ensures adherence to UAE cultural and social standards

13. UAE Data Protection and Privacy Rights

13.1 UAE Privacy Framework

• Compliance with UAE Federal Law No. 5 of 2012 on Combating Cybercrimes
• Adherence to UAE Data Protection Law (as enacted or proposed)
• Following UAE Telecommunications and Digital Government Regulatory Authority (TDRA) guidelines
• Compliance with UAE Central Bank data protection requirements where applicable

13.2 UAE Resident Rights

• Right to know what personal information is collected and how it's used
• Right to access your personal data held by us
• Right to correct inaccurate or incomplete personal information
• Right to request deletion of personal data (subject to legal requirements)
• Right to object to processing for direct marketing purposes
• Right to receive responses in Arabic or English

13.3 Cultural and Religious Considerations

• Data processing respects Islamic values and UAE cultural norms
• Content filtering ensures appropriateness for UAE society
• Special consideration during Ramadan and Islamic holidays
• Respect for UAE's diverse multicultural environment

13.4 GCC and International Users

• GCC residents receive similar protections as UAE residents
• GDPR protections for EU residents using our services
• CCPA protections for California residents
• Additional rights may apply based on your location

13.5 Data Localization and Sovereignty

• Sensitive data may be stored within UAE borders as required by law
• Cross-border data transfers comply with UAE regulations
• Government data requests are handled according to UAE legal procedures
• Regular compliance audits ensure adherence to UAE data sovereignty requirements

14. Effective Date and UAE Compliance

14.1 Policy Effective Date

This Privacy Policy is effective as of 8/3/2025 (Gulf Standard Time) and applies to all information collected by the Dr Loay App.

14.2 UAE Regulatory Alignment

• This policy aligns with current UAE federal and emirate-level privacy regulations
• Regular reviews ensure compliance with evolving UAE data protection laws
• Updates will be made to reflect new UAE regulatory requirements
• TDRA guidelines and UAE cybersecurity framework compliance is maintained

14.3 Multi-Language Accessibility

• This policy is available in English and Arabic upon request
• In case of translation discrepancies, the English version shall prevail
• Customer support can explain policy terms in Arabic or English
• Cultural context and explanations are provided for UAE residents