Privacy Policy
Effective: 15 June 2026
This Privacy Policy explains how DIRWAAS collects, uses, stores and discloses personal data across all current and future DIRWAAS websites, applications and SaaS products.
1. Who we are
The controller responsible for DIRWAAS account, website, marketing, security and business-administration data is:
شركة درواس للأنظمة الذكية ذات مسؤولية محدودة, operating as DIRWAAS Intelligent Solutions.
Contact:
- Privacy email: [email protected]
- Support email: [email protected]
- Address: Amman, Jordan
For information submitted by a business Customer concerning its own clients, employees or users, that Customer may be the controller and DIRWAAS may act primarily as its processor.
2. Data we may collect
Depending on the Service, we may collect:
Account and identity data
Name, username, organization, job title, account identifiers, authentication records and profile details.
Contact data
Email address, telephone number, business address and communication preferences.
Business and subscription data
Company details, selected plan, user seats, invoices, subscription status, purchase history, billing identifiers and tax information.
Usage and technical data
IP address, browser, device, operating system, approximate location, login times, pages viewed, features used, clicks, session information, diagnostic logs and security events.
Customer Data
Information submitted, uploaded or generated by Customers through a Service, which may include appointment, contact, operational, document or transaction-related information.
Communication and support data
Emails, messages, support requests, feedback, recordings where disclosed, and records of complaints or disputes.
Payment information
Payment providers such as Paddle collect and process payment-card information. DIRWAAS may receive transaction identifiers, payment status, country, amount, currency and limited billing information but ordinarily does not receive complete card details.
Cookies and similar technologies
We may use cookies, local storage and similar technologies for authentication, security, preferences, analytics and, where permitted, marketing.
3. Sources of data
We may receive information:
- Directly from you.
- From your employer or organization.
- From another authorized user.
- Through use of the Services.
- From payment and identity-verification providers.
- From integrated third-party services.
- From public business sources.
- From a DIRWAAS business Customer where you interact with that Customer through a DIRWAAS platform.
4. How we use personal data
We may process personal data to:
- Create and administer accounts.
- Provide, maintain and secure the Services.
- Process subscriptions and transactions.
- Authenticate users and prevent fraud.
- Provide technical and customer support.
- Send operational and service-related communications.
- Analyse performance and improve functionality.
- Personalize user experience.
- Develop new products, automation and AI-enabled features.
- Troubleshoot errors and monitor availability.
- Enforce contracts and acceptable-use requirements.
- Comply with legal, tax, accounting and regulatory obligations.
- Establish, exercise or defend legal claims.
- Conduct internal business reporting.
- Recommend other DIRWAAS products where permitted.
- Send marketing communications where legally permitted and, where required, after obtaining separate consent.
- Carry out restructuring, investment, due diligence, acquisition or sale processes subject to appropriate confidentiality controls.
5. Use across DIRWAAS Services
DIRWAAS operates multiple SaaS products under the same company.
Where lawful and consistent with your choices, we may link or combine account, contact, subscription and usage information across DIRWAAS Services to:
- Maintain a unified customer relationship.
- Simplify account administration.
- Improve security and fraud detection.
- Understand product usage.
- Personalize features.
- Recommend relevant DIRWAAS products.
- Measure and improve marketing effectiveness.
We will not use personal data originally submitted by a business Customer about its own end customers for unrelated DIRWAAS marketing unless we have an independent lawful basis and any required consent from the affected individuals.
You may withdraw marketing consent or opt out of marketing communications at any time. Opting out does not prevent essential account, security, transactional or service communications.
6. Legal grounds and consent
We process personal data only where permitted under applicable law, including where:
- You have provided valid consent.
- Processing is necessary to perform a contract or take requested pre-contractual steps.
- Processing is necessary to comply with law.
- Processing is necessary to protect legal rights, security or legitimate interests where permitted.
- Another legal exception applies.
Where processing depends on consent, you may withdraw it prospectively. Withdrawal will not invalidate processing lawfully completed before withdrawal.
Where we materially change the purpose, nature or scope of consent-based processing, we will obtain additional consent where required.
7. Marketing and cross-selling
Where you separately consent, DIRWAAS may use your contact, account, subscription and Service-usage information to send:
- Product recommendations.
- Offers for other DIRWAAS SaaS products.
- Upgrade or add-on promotions.
- Surveys and research invitations.
- Educational or promotional content.
- Announcements about new DIRWAAS products.
You may unsubscribe using the link in a marketing message or by contacting [email protected].
We do not sell personal data to third-party advertisers.
8. Aggregated and de-identified information
We may aggregate or de-identify information so that it no longer reasonably identifies an individual.
We may use such information for analytics, benchmarking, product development, research, AI and automation improvement, security, reporting and lawful commercial insights.
This Privacy Policy does not restrict information that is genuinely anonymous and cannot reasonably be linked back to an individual.
9. When we disclose data
We may disclose personal data to:
- Hosting, infrastructure and database providers.
- Payment processors and Merchants of Record.
- Email, messaging and communications providers.
- Analytics, monitoring and security providers.
- Professional advisers, auditors and insurers.
- Identity and fraud-prevention services.
- Authorities where legally required.
- A buyer, investor or successor during a corporate transaction.
- Business Customers where necessary to provide their requested Service.
- Other recipients with your authorization.
Service providers must process information under contractual and legal restrictions appropriate to their role.
We do not authorize processors to use Customer Data for their own unrelated marketing.
10. International transfers
Some providers may process or store data outside Jordan.
Where personal data is transferred internationally, DIRWAAS will seek to use legally permitted transfer mechanisms, contractual protections and recipients providing an appropriate level of protection.
Where consent is legally required for a particular international transfer, we will seek that consent or rely on another available legal exception.
11. Retention
We retain personal data only for as long as reasonably necessary for:
- Providing the Services.
- Maintaining active accounts.
- Fulfilling the stated processing purpose.
- Legal, tax and accounting obligations.
- Security and fraud prevention.
- Dispute resolution.
- Enforcement of agreements.
Retention periods vary by data category and Service.
Following account closure, some data may remain in backups or restricted archives until securely overwritten or deleted under our retention schedule.
We may retain de-identified information indefinitely.
12. Security
We use reasonable technical and organizational measures designed to protect personal data, such as access controls, authentication, encryption where appropriate, logging, backups, monitoring and provider-management controls.
No online system is completely secure. Accordingly, we cannot guarantee that unauthorized access, loss, misuse or disclosure will never occur.
Customers must also protect their credentials, devices and authorized-user access.
13. Your rights
Subject to applicable law and identity verification, you may request:
- Information about personal data held about you.
- Access to and a copy of your data.
- Correction or updating.
- Restriction or customization of processing where applicable.
- Deletion or concealment where legally available.
- Withdrawal of consent.
- Objection to unnecessary, excessive, unfair or unlawful processing or profiling.
- Transfer of a copy of your data where applicable.
- Information concerning a qualifying data breach.
- Submission of a complaint.
Requests should be sent to [email protected].
Some requests may be restricted where retention or processing is required by law, necessary to protect others, related to legal claims or otherwise permitted by applicable legislation.
14. Business-customer platforms
Where you interact with a salon, company or other organization using a DIRWAAS platform, that organization may decide:
- What data is collected.
- Why it is collected.
- How it is used.
- How long it is retained.
- Who may access it.
Questions about that organization's use of your information should first be directed to that organization.
DIRWAAS may process such information on its behalf while separately acting as controller for security, billing, platform integrity and our own legal obligations.
15. Children
Unless a specific Service is expressly designed for minors and provides separate parental or guardian notices and consent processes, DIRWAAS Services are not intended for persons under 18.
Where we learn that personal data from a minor was collected without required authorization, we may delete or restrict it.
16. Automated processing
We may use automated systems to detect fraud, secure accounts, personalize features, generate recommendations or produce Service outputs.
Unless clearly stated otherwise, DIRWAAS does not intend such automation to make final legal or similarly significant decisions about individuals without appropriate review.
17. Policy changes
We may update this Privacy Policy to reflect legal, operational, technical or Service changes.
Material changes will be communicated through the Service, by email or through another reasonable method. Additional consent will be requested where legally required.
18. Contact and complaints
Privacy questions or requests may be sent to [email protected].
We may request information reasonably necessary to verify identity and prevent unauthorized disclosure.
You may also submit a complaint to the competent Jordanian personal-data-protection authority or another regulator where applicable.