Legal

Privacy Policy

Effective: 15 June 2026

This Privacy Policy explains how DIRWAAS collects, uses, stores and discloses personal data across all current and future DIRWAAS websites, applications and SaaS products.

1. Who we are

The controller responsible for DIRWAAS account, website, marketing, security and business-administration data is:

شركة درواس للأنظمة الذكية ذات مسؤولية محدودة, operating as DIRWAAS Intelligent Solutions.

Contact:

For information submitted by a business Customer concerning its own clients, employees or users, that Customer may be the controller and DIRWAAS may act primarily as its processor.

2. Data we may collect

Depending on the Service, we may collect:

Account and identity data

Name, username, organization, job title, account identifiers, authentication records and profile details.

Contact data

Email address, telephone number, business address and communication preferences.

Business and subscription data

Company details, selected plan, user seats, invoices, subscription status, purchase history, billing identifiers and tax information.

Usage and technical data

IP address, browser, device, operating system, approximate location, login times, pages viewed, features used, clicks, session information, diagnostic logs and security events.

Customer Data

Information submitted, uploaded or generated by Customers through a Service, which may include appointment, contact, operational, document or transaction-related information.

Communication and support data

Emails, messages, support requests, feedback, recordings where disclosed, and records of complaints or disputes.

Payment information

Payment providers such as Paddle collect and process payment-card information. DIRWAAS may receive transaction identifiers, payment status, country, amount, currency and limited billing information but ordinarily does not receive complete card details.

Cookies and similar technologies

We may use cookies, local storage and similar technologies for authentication, security, preferences, analytics and, where permitted, marketing.

3. Sources of data

We may receive information:

4. How we use personal data

We may process personal data to:

5. Use across DIRWAAS Services

DIRWAAS operates multiple SaaS products under the same company.

Where lawful and consistent with your choices, we may link or combine account, contact, subscription and usage information across DIRWAAS Services to:

We will not use personal data originally submitted by a business Customer about its own end customers for unrelated DIRWAAS marketing unless we have an independent lawful basis and any required consent from the affected individuals.

You may withdraw marketing consent or opt out of marketing communications at any time. Opting out does not prevent essential account, security, transactional or service communications.

6. Legal grounds and consent

We process personal data only where permitted under applicable law, including where:

Where processing depends on consent, you may withdraw it prospectively. Withdrawal will not invalidate processing lawfully completed before withdrawal.

Where we materially change the purpose, nature or scope of consent-based processing, we will obtain additional consent where required.

7. Marketing and cross-selling

Where you separately consent, DIRWAAS may use your contact, account, subscription and Service-usage information to send:

You may unsubscribe using the link in a marketing message or by contacting [email protected].

We do not sell personal data to third-party advertisers.

8. Aggregated and de-identified information

We may aggregate or de-identify information so that it no longer reasonably identifies an individual.

We may use such information for analytics, benchmarking, product development, research, AI and automation improvement, security, reporting and lawful commercial insights.

This Privacy Policy does not restrict information that is genuinely anonymous and cannot reasonably be linked back to an individual.

9. When we disclose data

We may disclose personal data to:

Service providers must process information under contractual and legal restrictions appropriate to their role.

We do not authorize processors to use Customer Data for their own unrelated marketing.

10. International transfers

Some providers may process or store data outside Jordan.

Where personal data is transferred internationally, DIRWAAS will seek to use legally permitted transfer mechanisms, contractual protections and recipients providing an appropriate level of protection.

Where consent is legally required for a particular international transfer, we will seek that consent or rely on another available legal exception.

11. Retention

We retain personal data only for as long as reasonably necessary for:

Retention periods vary by data category and Service.

Following account closure, some data may remain in backups or restricted archives until securely overwritten or deleted under our retention schedule.

We may retain de-identified information indefinitely.

12. Security

We use reasonable technical and organizational measures designed to protect personal data, such as access controls, authentication, encryption where appropriate, logging, backups, monitoring and provider-management controls.

No online system is completely secure. Accordingly, we cannot guarantee that unauthorized access, loss, misuse or disclosure will never occur.

Customers must also protect their credentials, devices and authorized-user access.

13. Your rights

Subject to applicable law and identity verification, you may request:

Requests should be sent to [email protected].

Some requests may be restricted where retention or processing is required by law, necessary to protect others, related to legal claims or otherwise permitted by applicable legislation.

14. Business-customer platforms

Where you interact with a salon, company or other organization using a DIRWAAS platform, that organization may decide:

Questions about that organization's use of your information should first be directed to that organization.

DIRWAAS may process such information on its behalf while separately acting as controller for security, billing, platform integrity and our own legal obligations.

15. Children

Unless a specific Service is expressly designed for minors and provides separate parental or guardian notices and consent processes, DIRWAAS Services are not intended for persons under 18.

Where we learn that personal data from a minor was collected without required authorization, we may delete or restrict it.

16. Automated processing

We may use automated systems to detect fraud, secure accounts, personalize features, generate recommendations or produce Service outputs.

Unless clearly stated otherwise, DIRWAAS does not intend such automation to make final legal or similarly significant decisions about individuals without appropriate review.

17. Policy changes

We may update this Privacy Policy to reflect legal, operational, technical or Service changes.

Material changes will be communicated through the Service, by email or through another reasonable method. Additional consent will be requested where legally required.

18. Contact and complaints

Privacy questions or requests may be sent to [email protected].

We may request information reasonably necessary to verify identity and prevent unauthorized disclosure.

You may also submit a complaint to the competent Jordanian personal-data-protection authority or another regulator where applicable.