Privacy Policy

Last Updated: November 5, 2025

Gulf Scrap ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App").

1. Information We Collect

1.1 Personal Information

We collect information that you provide directly to us when you:

Create an account (name, email address, phone number)
Use the App's features and services
Contact us for support
Participate in surveys or promotions

1.2 Business Information

For business accounts, we may collect:

Company name and registration details
Business address and contact information
Commercial registration number
VAT registration number (if applicable)

1.3 Automatically Collected Information

When you use the App, we automatically collect:

Device information (model, operating system, unique identifiers)
Usage data (features accessed, actions performed)
Location data (with your permission, for delivery and collection services)
Photos and documents (when you upload invoices or receipts)
Log data and crash reports

2. How We Use Your Information

We use the collected information for the following purposes:

Service Delivery: To provide and maintain the App's core functionality
Request Management: To process and track scrap collection requests
Invoice Processing: To generate, store, and manage invoices and receipts
Communication: To send notifications, updates, and respond to inquiries
Analytics: To understand usage patterns and improve the App
Security: To detect and prevent fraud, abuse, and security incidents
Compliance: To comply with legal obligations and regulations
Financial Operations: To process payments and maintain financial records

3. Data Storage and Security

3.1 Data Storage

Your data is stored using Google Firebase services, which are hosted in secure data centers. We implement industry-standard security measures including:

Encryption in transit and at rest
Regular security audits
Access controls and authentication
Automated backups

3.2 Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations. Financial records are retained in accordance with Saudi Arabian tax and accounting regulations (minimum 6 years as required by ZATCA).

3.3 Data Retention After Account Deletion

When a customer account is deleted, different types of data are handled differently:

Data That Is PERMANENTLY DELETED:

User account and authentication credentials (you will no longer be able to sign in)
User profile document (stored in /users/{userId})
Profile photo and uploaded personal images
Push notification tokens (FCM tokens)
All notifications and alerts
App preferences and settings
Login session data

Data That Is PRESERVED (As Business Records):

Invoices: All invoices remain exactly as created, including:
- Your name, phone number, and email as they appeared at the time of transaction
- Invoice amounts, VAT calculations (15%), and financial data
- Transaction dates and status
- Invoice numbers and reference numbers
- Scrap type, weight, and pricing information
- Employee information (driver, coordinator, reviewer names and contacts)
Customer Requests: All requests remain exactly as created, including:
- Your name, phone number, and email as provided when the request was made
- Service location and request details
- Request dates and completion status
- Employee information (coordinator, driver, manager names and contacts)
Financial Transactions: All payment records, cash transactions, and financial records
Employee Records: Complete employee information (names, phones, emails) embedded in all business transactions

Why This Data Is Preserved:

Legal Requirement: Saudi tax law (ZATCA - Zakat, Tax and Customs Authority) requires us to retain tax invoices and business records for a minimum of 6 years
Accounting Integrity: Invoices are finalized documents (like receipts) that must never be modified after issuance
Business Records: Transaction history is business data, not personal account data
Audit Compliance: Required for tax audits and financial reporting

Privacy Protection:

If you create a new account in the future, you will receive a completely new unique identifier (UUID). This means there will be no connection between your new account and your previous transaction history. Your old invoices and requests will remain as historical business records, but you will not have access to them from your new account.

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information with:

4.1 Service Providers

We work with third-party service providers who assist us in operating the App, including:

Google Firebase (hosting, authentication, analytics)
Cloud storage providers
Payment processors

4.2 Business Operations

Information is shared within the App between different roles (drivers, yard managers, accountants, etc.) as necessary for business operations.

4.3 Legal Requirements

We may disclose information if required by law or in response to:

Legal processes or government requests
Enforcing our Terms of Service
Protecting rights, property, or safety
Fraud prevention and investigation

5. Your Rights and Choices

You have the following rights regarding your information:

5.1 Access and Correction

You can access and update your personal information through the App's settings or by contacting us.

5.2 Account Deletion

Customer Account Deletion

Customers can permanently delete their accounts directly from the App by going to Profile → Delete Account.

What Happens When You Delete Your Account:

✓ PERMANENTLY DELETED:

Your user account and all login credentials
Your ability to sign in to the app
User profile document (/users/{userId})
Profile photo and personal uploaded images
All notifications and alerts
Push notification tokens (FCM)
App preferences and settings
Your unique user identifier (UUID)

✓ PRESERVED (Business Records - Required by Law):

All Invoices - Preserved exactly as created with:
- Your name, phone, and email (as at time of transaction)
- All amounts, VAT data (15%), dates, invoice numbers
- Scrap types, weights, pricing
- Employee information (driver, coordinator, reviewer)
- Transaction status and timestamps
All Customer Requests - Preserved exactly as created with:
- Your name, phone, email, and service location
- Request details, dates, and completion status
- Employee information (coordinator, driver, manager)
Financial Records - All payment records and cash transactions
Employee Data - Complete employee information in all transactions

Why We Preserve This Data:

Legal Requirement: Saudi tax law (ZATCA) mandates 6-year minimum retention of tax invoices and financial records
Document Integrity: Invoices are finalized legal documents (like receipts) that cannot be modified after issuance
Business Records: Customer information in transactions is business transaction data, not personal account data
Accounting Compliance: Required for tax audits, financial statements, and regulatory compliance

Your Privacy Is Protected:

If you create a new account in the future, you will receive a completely new unique identifier (UUID) with no connection to your previous transaction history. You will not have access to or visibility of your old invoices and requests from your new account. This ensures complete privacy separation between your old and new accounts.

Employee Account Deletion

Employee accounts cannot be deleted. This includes accounts with the following roles: Admin, Driver Manager, Yard Manager, Customer Coordinator, Driver, Sales Employee, Accountant, Observer, and Viewer.

Reason: Employee account deletion would violate business continuity requirements and accounting compliance obligations. Employees requiring account deactivation should contact their system administrator.

Security Measures

Re-authentication Required: For your security, you must re-authenticate before account deletion by:

Entering your password (for email/password accounts)
Signing in again with Google (for Google accounts)
Signing in again with Apple (for Apple accounts)

This prevents unauthorized account deletion and ensures only the account owner can delete their account.

5.3 Location Data

You can control location permissions through your device settings. Disabling location may limit certain features.

5.4 Notifications

You can manage push notification preferences in the App settings or device settings.

6. Children's Privacy

The App is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

7. International Data Transfers

Your information may be transferred to and processed in countries other than Saudi Arabia. We ensure appropriate safeguards are in place for such transfers.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of the App after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: privacy@gulfscrap.com
Support Email: support@gulfscrap.com
Address: Saudi Arabia

10. Compliance with Saudi Arabian Laws

Gulf Scrap complies with applicable Saudi Arabian laws and regulations regarding data protection and privacy, including but not limited to:

Personal Data Protection Law (PDPL)
E-Commerce Law
Cyber Crimes Law

← Back to Home