Privacy Policy

arabclue ("we", "us") provides an Arabic-first operations platform for Saudi and GCC merchants. This policy describes how we process personal and business data when you use arabclue.com and connected integrations (Salla, social platforms, Moyasar, ZATCA).

Data we collect

• Account data: email, name, authentication identifiers (Supabase Auth).
• Merchant profile: business name, VAT/CR numbers, store URLs, billing status.
• Operational data: invoices, social posts, voice bookings, SEO content, integration tokens (encrypted at rest).
• Technical logs: API requests, webhook events, error diagnostics (no payment card data — Moyasar handles cards).

Cross-border transfers

Until in-Kingdom hosting is available, some processing may occur outside Saudi Arabia (e.g. Supabase, AI providers). You accept this transfer during onboarding via our Data Processing Agreement. We minimize data sent to AI services and do not use merchant data to train public models.

Your rights (PDPL)

You may export your data from Settings, request correction, or ask us to delete your account by contacting privacy@arabclue.com. We respond within 30 days.

Security

OAuth tokens are encrypted with AES-256-GCM when TOKEN_ENCRYPTION_KEY is configured. Row-level security isolates each merchant in PostgreSQL. Admin access is restricted to platform operators.

Contact

Data controller: arabclue · Riyadh, Kingdom of Saudi Arabia · privacy@arabclue.com