Legal

Privacy Policy

How Taboor collects, uses, shares, and protects your information when you use the Taboor Services.

Last updated: July 9, 2026

01

Introduction

This Privacy Policy explains how Taboor collects, uses, shares, and protects information when you use the Taboor Services.

By using the Services, you understand that Taboor processes your information as described in this Policy.

02

Scope

This Policy applies to the Services, including mobile applications, websites, and support channels. It does not cover information handled directly by Professionals/Workplaces outside the Platform, such as offline cash receipts or records they maintain independently.

03

Information We Collect

3.1 Account information: name, phone number, password (stored securely), optional email, preferred language.

3.2 Booking information: selected professional/workplace/service, appointment time, booking status, notes provided for service, and completion/no-show markings.

3.3 Family profile information (if used): family member name, relationship, and any relevant service details, including optional health-related information for medical categories.

3.4 Professional and Workplace information: profile information, specialty/category, services, pricing, schedules, workplace address and GPS coordinates, and uploaded verification documents.

3.5 Communications: messages, attachments, delivery status, and support tickets or chats.

3.6 Location information: workplace location always; optional client location (if permitted) for discovery and “nearby” results.

3.7 Technical and security data: device and app data, IP address, session data, logs, fraud-prevention signals, rate-limit events, and audit logs.

3.8 Loyalty program data: points earned, redeemed, tier status, and expiry records.

3.9 Advertising data (if used): ad content, media, targeting parameters if any, schedule dates, and performance metrics.

04

How We Use Information

Taboor uses information to:

  1. create and manage accounts;
  2. verify phone numbers via OTP;
  3. enable bookings and scheduling;
  4. provide chat and notifications;
  5. verify Professionals and Workplaces;
  6. provide subscription and advertising tools to Professionals/Workplaces;
  7. prevent fraud, spam, and abuse;
  8. provide support and resolve platform issues;
  9. maintain audit trails for security and compliance;
  10. improve performance, stability, and user experience.
06

How Information Is Shared

6.1 With Professionals you book: Professionals may see information necessary to deliver the service, including booking details, basic profile info, and relevant notes. For medical categories, relevant health-related information may be shared only for service delivery.

6.2 With Workplace Admins: Workplace Admins may see bookings and professional activity related to their workplace.

6.3 With Assistants: Assistants may see information only within permissions granted by the Professional.

6.4 With service providers: Taboor may use vendors for hosting, SMS OTP delivery, push notifications, analytics, and payment processing for subscriptions. These providers are limited to what is necessary to deliver their services.

6.5 With authorities and legal requests: Taboor may disclose information where required by law, court order, or to protect users and prevent harm.

6.6 No sale of personal information: Taboor does not sell personal data.

07

Cash Payments vs Subscription Payments

7.1 Client service payments are cash and occur offline between Client and Professional/Workplace. Taboor does not collect, process, store, or verify those cash payments.

7.2 Online payments are used only for Professional/Workplace subscriptions, ads, and paid platform tools. Payment details are processed by payment providers. Taboor does not store full card details on its own servers.

08

Professional and Workplace Verification Documents

Professionals and Workplaces may upload identity, address, and licensing documents for verification. These documents are used for approval, compliance, and safety. Access is restricted to authorized staff and systems. Falsified documents may lead to enforcement actions.

09

Chat Data and Support Data

Chat messages and support communications may be stored to provide the feature, link conversations to bookings, and investigate fraud or abuse. Access is limited and may be reviewed when necessary for support or enforcement. Deleted messages may remain in backups for a limited time.

10

Location Data

Workplace GPS and address data is used to display workplaces, improve discovery, and support navigation features. Client location may be used only if you grant permission, typically to show nearby results and improve search relevance. You can disable location permissions in your device settings.

11

Device, Logs, and Security Data

Taboor collects technical logs to secure the Services, detect fraud, and enforce rate limits (for example: excessive OTP requests). Logs may include device/app data, IP address, session identifiers, and audit events. Sensitive values (such as OTP codes) are not displayed in plaintext in audit systems.

12

Loyalty Data

Loyalty points records are stored to calculate tiers, expiry, and redemptions. Because payments are cash, points are typically tied to booking completion status and listed service prices, not to verified cash receipts.

13

Data Retention

Taboor retains information as long as needed to provide the Services, comply with law, and protect users.

Typical retention includes:

  1. active account data while the account is active;
  2. deleted account recovery period (typically 30 days);
  3. audit logs retained for security (typically 1 year);
  4. subscription and financial records retained for compliance (typically 7 years).
14

Account Deletion and Anonymization

When you request account deletion, the account may enter a recovery period (typically 30 days). After the recovery period, personal identifiers may be anonymized. Certain records may be retained in anonymized form to meet legal obligations (for example: financial and compliance records).

15

Your Rights and Choices

Depending on applicable law, you may have the right to:

  1. access your personal data;
  2. correct inaccurate data;
  3. request deletion;
  4. request a copy/export of your data;
  5. manage permissions such as location access.

Requests may require verification of identity.

16

Children and Family Profiles

Family Profiles are created and controlled by the main account holder. The account holder is responsible for accuracy and consent, including when booking for minors or dependents. Professionals may view family profile details only as needed to provide the booked service.

17

Security Measures

Security measures may include encryption of sensitive data, role-based access control, secure authentication, rate limiting, audit logging, and monitoring. No system is perfectly secure, but Taboor applies safeguards appropriate to the platform’s risk profile.

18

International Processing and Data Residency

Taboor operates primarily in Iraq and the Kurdistan Region. Some service providers (for example: hosting or messaging vendors) may process data in other locations as required to deliver services. Taboor seeks to respect applicable Iraqi and Kurdistan data requirements where they apply.

19

Changes to This Policy

Taboor may update this Privacy Policy from time to time. If changes are material, Taboor may provide notice within the app or by other reasonable methods. Continued use after updates means you accept the updated policy.

20

Contact

Privacy-related requests can be made through Taboor’s in-app support channels. Official contact details may also be provided within the app.