Introduction
This Privacy Policy explains how Taboor collects, uses, shares, and protects information when you use the Taboor Services.
By using the Services, you understand that Taboor processes your information as described in this Policy.
Scope
This Policy applies to the Services, including mobile applications, websites, and support channels. It does not cover information handled directly by Professionals/Workplaces outside the Platform, such as offline cash receipts or records they maintain independently.
Information We Collect
3.1 Account information: name, phone number, password (stored securely), optional email, preferred language.
3.2 Booking information: selected professional/workplace/service, appointment time, booking status, notes provided for service, and completion/no-show markings.
3.3 Family profile information (if used): family member name, relationship, and any relevant service details, including optional health-related information for medical categories.
3.4 Professional and Workplace information: profile information, specialty/category, services, pricing, schedules, workplace address and GPS coordinates, and uploaded verification documents.
3.5 Communications: messages, attachments, delivery status, and support tickets or chats.
3.6 Location information: workplace location always; optional client location (if permitted) for discovery and “nearby” results.
3.7 Technical and security data: device and app data, IP address, session data, logs, fraud-prevention signals, rate-limit events, and audit logs.
3.8 Loyalty program data: points earned, redeemed, tier status, and expiry records.
3.9 Advertising data (if used): ad content, media, targeting parameters if any, schedule dates, and performance metrics.
How We Use Information
Taboor uses information to:
- create and manage accounts;
- verify phone numbers via OTP;
- enable bookings and scheduling;
- provide chat and notifications;
- verify Professionals and Workplaces;
- provide subscription and advertising tools to Professionals/Workplaces;
- prevent fraud, spam, and abuse;
- provide support and resolve platform issues;
- maintain audit trails for security and compliance;
- improve performance, stability, and user experience.
Legal Bases and Consent
Taboor processes information as needed to provide the Services, to protect users and the Platform, to comply with legal obligations, and where you give consent (for example: optional location access). You may withdraw certain consents in your device/app settings (for example: location).
Cash Payments vs Subscription Payments
7.1 Client service payments are cash and occur offline between Client and Professional/Workplace. Taboor does not collect, process, store, or verify those cash payments.
7.2 Online payments are used only for Professional/Workplace subscriptions, ads, and paid platform tools. Payment details are processed by payment providers. Taboor does not store full card details on its own servers.
Professional and Workplace Verification Documents
Professionals and Workplaces may upload identity, address, and licensing documents for verification. These documents are used for approval, compliance, and safety. Access is restricted to authorized staff and systems. Falsified documents may lead to enforcement actions.
Chat Data and Support Data
Chat messages and support communications may be stored to provide the feature, link conversations to bookings, and investigate fraud or abuse. Access is limited and may be reviewed when necessary for support or enforcement. Deleted messages may remain in backups for a limited time.
Location Data
Workplace GPS and address data is used to display workplaces, improve discovery, and support navigation features. Client location may be used only if you grant permission, typically to show nearby results and improve search relevance. You can disable location permissions in your device settings.
Device, Logs, and Security Data
Taboor collects technical logs to secure the Services, detect fraud, and enforce rate limits (for example: excessive OTP requests). Logs may include device/app data, IP address, session identifiers, and audit events. Sensitive values (such as OTP codes) are not displayed in plaintext in audit systems.
Loyalty Data
Loyalty points records are stored to calculate tiers, expiry, and redemptions. Because payments are cash, points are typically tied to booking completion status and listed service prices, not to verified cash receipts.
Data Retention
Taboor retains information as long as needed to provide the Services, comply with law, and protect users.
Typical retention includes:
- active account data while the account is active;
- deleted account recovery period (typically 30 days);
- audit logs retained for security (typically 1 year);
- subscription and financial records retained for compliance (typically 7 years).
Account Deletion and Anonymization
When you request account deletion, the account may enter a recovery period (typically 30 days). After the recovery period, personal identifiers may be anonymized. Certain records may be retained in anonymized form to meet legal obligations (for example: financial and compliance records).
Your Rights and Choices
Depending on applicable law, you may have the right to:
- access your personal data;
- correct inaccurate data;
- request deletion;
- request a copy/export of your data;
- manage permissions such as location access.
Requests may require verification of identity.
Children and Family Profiles
Family Profiles are created and controlled by the main account holder. The account holder is responsible for accuracy and consent, including when booking for minors or dependents. Professionals may view family profile details only as needed to provide the booked service.
Security Measures
Security measures may include encryption of sensitive data, role-based access control, secure authentication, rate limiting, audit logging, and monitoring. No system is perfectly secure, but Taboor applies safeguards appropriate to the platform’s risk profile.
International Processing and Data Residency
Taboor operates primarily in Iraq and the Kurdistan Region. Some service providers (for example: hosting or messaging vendors) may process data in other locations as required to deliver services. Taboor seeks to respect applicable Iraqi and Kurdistan data requirements where they apply.
Changes to This Policy
Taboor may update this Privacy Policy from time to time. If changes are material, Taboor may provide notice within the app or by other reasonable methods. Continued use after updates means you accept the updated policy.
Contact
Privacy-related requests can be made through Taboor’s in-app support channels. Official contact details may also be provided within the app.
