Privacy Policy

Promoqat is a digital coupon and deals platform operated in the Kingdom of Saudi Arabia. We act as the data controller for personal information collected through the Promoqat mobile application and website (collectively, the "Platform").

For privacy-related enquiries, contact us at promoqat@promoqat.com.

Information you provide directly:

• Name, email address, phone number, date of birth, and gender when creating an account.
• Profile photo (optional).
• Store name, address, logo, and Commercial Registration Number for business accounts.
• Handwritten signature collected during the Merchant Service Agreement signing process.

Information collected automatically:

• Device type, operating system, and app version.
• Usage data: pages visited, coupons viewed, claimed, and redeemed.
• Referral activity: links shared and resulting sign-ups or redemptions.
• Log data: timestamps, IP address, and error reports.

Information from third parties:

• If you sign in with Google, we receive your name, email address, and profile picture from Google as permitted by your Google account settings.

We use your personal information to:

• Create and manage your account.
• Enable coupon discovery, claiming, and redemption.
• Process and track merchant campaigns.
• Calculate and credit referral earnings.
• Send transactional notifications (e.g. coupon expiry reminders).
• Improve the Platform through analytics and usage patterns.
• Comply with legal obligations under Saudi law.
• Detect and prevent fraud, abuse, and unauthorised access.

We do not sell your personal data to third parties. We do not use your data for automated decision-making that produces legal or similarly significant effects without human review.

Under the PDPL, we process your personal data on the following bases:

• Contract performance: processing necessary to provide the services you have requested (account management, coupon transactions).
• Legitimate interests: fraud prevention, platform security, and aggregate analytics to improve our service.
• Legal obligation: retaining records required by Saudi commerce and tax regulations.
• Consent: marketing communications, where we will request your explicit consent separately.

We use the following third-party services to operate the Platform. Each processes data according to their own privacy policies:

• Supabase — database, authentication, and file storage. Data is hosted on servers in compliance with applicable data residency requirements. See supabase.com/privacy.
• Google OAuth — optional sign-in method. See policies.google.com/privacy.

We require all third-party processors to implement appropriate technical and organisational measures to protect your data.

We share your personal data only in the following circumstances:

• With merchants: when you redeem a coupon, the merchant receives confirmation of redemption but not your full profile.
• With service providers: third-party processors listed in Section 5, strictly for operating the Platform.
• Legal requirements: when required by Saudi law, court order, or governmental authority.
• Business transfer: in the event of a merger, acquisition, or sale of assets, with notice provided to you beforehand.

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account data is retained until you request deletion or your account is terminated.
• Transaction and redemption records are retained for 5 years for compliance purposes.
• Merchant contracts and signatures are retained for the duration of the business relationship plus 7 years.
• Log data is retained for up to 12 months.

After the applicable retention period, data is securely deleted or anonymised.

Under the PDPL, you have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your data, subject to legal retention obligations.
• Portability: receive your data in a structured, machine-readable format.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at promoqat@promoqat.com. We will respond within 30 days as required by the PDPL. You also have the right to lodge a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA).

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

• Encryption of data in transit (TLS) and at rest.
• Row-level security policies on our database.
• Access controls limiting staff access to personal data on a need-to-know basis.

No method of transmission over the internet is 100% secure. In the event of a data breach affecting your rights, we will notify you as required by applicable law.

The Platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

The Platform uses essential cookies and local storage for authentication sessions and user preferences (such as referral codes). We do not currently use third-party advertising or tracking cookies.

You can clear cookies and local storage data through your browser or device settings at any time, though this may affect Platform functionality.

Your data may be processed on servers outside Saudi Arabia by our third-party service providers. Where such transfers occur, we ensure appropriate safeguards are in place in accordance with the PDPL and any applicable cross-border data transfer regulations.

We may update this Privacy Policy from time to time. We will notify you of material changes via the app or by email. Continued use of the Platform after changes are posted constitutes acceptance of the revised Policy. The "Last updated" date at the top of this page reflects the most recent revision.

For any questions, requests, or complaints about this Privacy Policy or how we handle your personal data, contact our Privacy Team at promoqat@promoqat.com.