Privacy Policy

Locationik is operated under Commercial Registration No. 9208972 in the Sultanate of Oman. We are the data controller responsible for the personal data processed through our platform.

This policy applies to all users of our website, mobile app, and services, including customers, vendors, and visitors.

We collect only the data needed to run our service. Specifically:

• •Account data: name, email address, phone number, password (hashed).
• •Profile data: avatar photo, preferred language, location, notification preferences.
• •Booking data: vehicles viewed and booked, booking dates, pickup locations, payment records.
• •Identity documents: at booking, vendors may require your driving license or national ID copy. These are shared with the vendor, not stored permanently by Locationik unless legally required.
• •Payment data: card transactions processed by our payment partner (Paymob). We do not store your full card number.
• •Location data: approximate or precise location when you use location-dependent features (e.g., finding nearby vehicles), only with your explicit permission.
• •Device and log data: IP address, browser type, device identifier, pages visited, timestamps — used for security and performance analysis.
• •Vendor data (for vendors): business name, commercial registration, tagline, about, logo, cover photo, bank details for payouts.

We use your data to:

• •Create and manage your account.
• •Process bookings and payments.
• •Facilitate communication between you and vendors.
• •Send booking confirmations, receipts, and service-related notifications.
• •Provide customer support and handle disputes.
• •Prevent fraud, abuse, and security threats.
• •Comply with our legal obligations under Omani law (tax, consumer protection, etc.).
• •Improve our services through anonymized analytics.
• •With your consent: send promotional offers and updates (you can opt out anytime).

Under Omani Personal Data Protection Law (Royal Decree 6/2022), we process your data under the following legal bases:

• •Performance of contract: when processing is necessary to provide the services you request.
• •Legal obligation: when we must keep records for tax, accounting, or regulatory compliance.
• •Legitimate interests: for fraud prevention, platform security, and service improvement — balanced against your rights.
• •Consent: for marketing communications, optional location access, and non-essential cookies. You may withdraw consent anytime.

We share your personal data only with the parties necessary to deliver the service:

• •Vendors: when you book a vehicle or service, we share your name, phone number, booking details, and any documents required by the vendor for handover. The vendor becomes responsible for your data at that point.
• •Payment processor (Paymob): to process your card payments. Paymob is PCI-DSS compliant and subject to their own privacy terms.
• •Email and SMS providers: to send booking confirmations and notifications.
• •Infrastructure providers (Supabase, Vercel): who host our servers and databases.
• •Omani authorities: when legally required by court order, regulator request, or tax authority.
• •Professional advisors: lawyers, accountants, auditors bound by confidentiality.

Our hosting and infrastructure (Supabase, Vercel) may store or process data outside Oman, typically in Europe or the United States. When such transfers happen, we ensure appropriate safeguards are in place including contractual protections, compliance with applicable data protection frameworks, and encryption both in transit and at rest.

Under Omani PDPL, you have the right to be informed of such transfers. By using our service, you acknowledge that your data may be processed internationally under these safeguards.

We retain personal data only for as long as necessary for the purposes described in this policy:

• •Account data: while your account is active, plus 1 year after closure (for dispute resolution).
• •Booking and payment records: 10 years from booking date (Omani commercial and tax law requirements).
• •Identity documents (if stored): deleted immediately after handover verification unless required for ongoing disputes.
• •Marketing data: until you withdraw consent.
• •Analytics data: anonymized after 90 days.
• •Support correspondence: 2 years after resolution.

We implement technical and organizational safeguards to protect your data:

• •Encryption in transit (HTTPS/TLS) and at rest.
• •Hashed passwords (we never see or store your plain password).
• •Role-based access controls — only authorized staff can access personal data and only when necessary.
• •Regular security audits and vulnerability monitoring.
• •Incident response procedures for any suspected breach.
• •Payment data is handled entirely by our PCI-DSS compliant payment partner.

Under Omani PDPL, you have the following rights over your personal data:

• •Right of access: obtain a copy of the personal data we hold about you.
• •Right to correction: update inaccurate or incomplete data.
• •Right to deletion: request erasure of your data, subject to our legal retention obligations.
• •Right to object: object to certain processing, including direct marketing.
• •Right to data portability: receive your data in a structured, commonly used format.
• •Right to withdraw consent: where processing is based on consent, you can withdraw at any time.
• •Right to complain: file a complaint with the Omani data protection authority if you believe your rights have been violated.

We use cookies and similar technologies to make the platform work and improve your experience. Specifically:

• •Strictly necessary cookies: for authentication, security, and basic functionality. These cannot be disabled.
• •Performance cookies: to understand how you use our service and improve it.
• •Preference cookies: to remember your language, currency, and similar settings.

Our services are not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data without parental consent, please contact us and we will delete it promptly.

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email or in-app notification and the "Last updated" date at the top of this page will change.

We encourage you to review this policy periodically.

For privacy questions, to exercise your rights, or to report a concern:

Email: privacy@locationik.com

We aim to respond to all privacy requests within 30 days.

You may also file a complaint with the competent Omani authority if you believe your rights under the Personal Data Protection Law have been violated.