e yalla / Privacy Policy
العربية

Privacy Policy

Last updated: 2026-05-24 21:54:26

Privacy Policy

This Privacy Policy explains how EYalla ("we", "us", "our") collects, uses, stores, and shares personal data when you use our platform (the "Service"). It applies to merchants who subscribe to the Service, end customers who interact with merchant storefronts hosted on the Service, and visitors to our marketing site.

We comply with the Communications and Information Technology Regulatory Authority ("CITRA") Data Privacy Protection Regulation (Resolution No. 26 of 2021) and other applicable Kuwaiti laws. Where you are located outside Kuwait, we apply the privacy standards required by your jurisdiction in addition to Kuwaiti law. ##0.Definitions EYalla is a service provided by Perfect Design Marketing and Advertising Co., Commercial Registration Number: 483926

1. Who Is the Controller

For data uploaded to our marketing site, EYalla is the data controller.

For data that flows through a merchant storefront hosted on our platform — such as a customer placing an order with a merchant — the merchant is the controller of their customers' personal data and EYalla acts as the data processor on the merchant's behalf. Merchants who use the Service are required to publish their own privacy policy explaining how they handle their customers' data.

2. What Data We Collect

We collect only what we need to provide and improve the Service:

Account data — name, email, phone, business name, commercial registration number, and password (stored as a bcrypt hash).

Billing data — subscription plan, payment-method details (we do not store full card numbers; payments are tokenised by licensed Kuwaiti gateways such as MyFatoorah, Tap, UPayments, and Hesabe), invoice history.

Usage data — login times, IP address, browser and device identifiers, pages visited, features used, and audit-log entries of administrative actions.

Content you upload — products, prices, images, customer lists, order data, marketing copy, and any other information you choose to put into your account.

Communications — when you contact our support team or fill out a form, we keep a record of the conversation.

Cookies and similar technologies — described separately in our cookie notice.

3. Why We Process Your Data

We process your data only for the following purposes:

  • To provide and operate the Service (contractual necessity).
  • To process payments and manage your subscription.
  • To detect, prevent, and investigate fraud, security incidents, and breach of our Terms.
  • To send service-related communications (billing notices, security alerts, product updates) — these are not marketing.
  • To send marketing communications about EYalla, where you have consented to receive them. You may withdraw consent at any time.
  • To comply with our legal obligations under Kuwaiti law.
  • To improve and develop new features, using aggregated and de-identified data wherever possible.

We do not sell your personal data. We do not use Subscriber Content to train AI models.

4. Who We Share Data With

We share personal data only as described below:

  • Service providers — hosting (Hetzner, located in the European Union, under appropriate data-transfer safeguards), email delivery, payment gateways, error monitoring. Each provider is contractually bound to use the data only on our instructions.
  • Authorities — where required by Kuwaiti law, by court order, or to respond to a lawful request from a competent authority.
  • Successors — in the event of a corporate transaction (merger, acquisition, sale of assets) we may transfer data to the successor entity subject to the same protections set out in this Policy.

We do not share data with advertising networks or data brokers.

5. International Transfers

Some of our service providers process data outside Kuwait, including in the European Union. Where data is transferred internationally, we rely on contractual safeguards and on the providers' own compliance with internationally-recognised privacy frameworks.

6. How Long We Keep Data

  • Active account data: for the duration of your subscription plus thirty (30) days after cancellation, during which you may export your data.
  • Billing and tax records: for the period required by Kuwaiti tax and commercial law (typically five to ten years).
  • Audit logs: up to twenty-four (24) months.
  • Marketing-list data: until you withdraw consent.

After the applicable retention period we either delete the data or anonymise it so it can no longer be linked to you.

7. Your Rights

Under CITRA's Data Privacy Protection Regulation you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your personal data, subject to our legal retention obligations.
  • Object to certain processing.
  • Withdraw consent for marketing communications at any time.
  • Lodge a complaint with CITRA if you believe your rights have been breached.

To exercise these rights, contact us at privacy@eyalla.com. We will respond within thirty (30) days, or sooner where required by law.

8. Security

We protect your data using industry-standard measures:

  • HTTPS / TLS encryption for all traffic.
  • Encryption at rest for sensitive fields.
  • Bcrypt password hashing.
  • Multi-factor authentication on all administrative accounts.
  • Per-tenant database isolation, so one merchant's data is never visible to another.
  • Regular automated backups.
  • Rate-limiting, intrusion detection, and audit logging.
  • Security patches applied on a regular cadence.

No system is perfectly secure. In the event of a personal-data breach that is likely to result in a risk to your rights, we will notify the affected parties and the relevant authority in accordance with applicable law.

9. Children

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data about a child, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page indicates when it was last revised. Where the changes are material we will notify you by email and in your account dashboard at least fourteen (14) days before they take effect.

11. Contact

For privacy questions, requests, or complaints, contact our data-protection contact at privacy@eyalla.com.

Back to home Terms of service →