This Privacy Policy explains how information is collected, used, stored, and protected when you use the «Al-Malakya» platform (rental management for buildings, units, leases, and related payments) via the web application and related APIs. By using the service, you acknowledge that you have read this policy.

The data controller for the purposes of this policy is: Al-Malakya (الملكية). For privacy questions or to exercise your rights, contact: enkisomer@gmail.com and +9647805628606.

Data may include: account identifiers (email or phone used as username), name, phone number, and your role (e.g. system administrator, collector, owner, tenant). Operational data entered by the operator or authorized users may include: buildings and units, leases, renters, payments and receipts, expenses, advances and settlements, insurance or deposits when those features are used, and documents or attachments uploaded in workflows. Servers may log limited technical data (such as IP address and timestamps) for security and troubleshooting.

We process data to operate the platform and provide requested functionality (rent management, collection, and reporting according to role permissions), authenticate users, prevent fraud and misuse, comply with applicable legal obligations, and maintain security and stability. Accounts must not be used for unlawful purposes or in violation of applicable law.

When you sign in via a browser, the system may set an httpOnly session cookie for authentication (such as a JWT) for a limited time, with security settings such as SameSite and Secure in production. These mechanisms are not used for third-party advertising tracking.

Passwords are stored using one-way hashing, not in plain text. Connections should use HTTPS when the server is configured accordingly. No system is risk-free; protect your devices and do not share login credentials.

The operator may enable optional integrations such as WhatsApp Business (Meta) for reminders or operational messages, or notification services such as Firebase Cloud Messaging (Google) for mobile apps. When enabled, phone numbers or device tokens may be processed under the third parties’ policies. We do not sell your personal data.

Data is retained as long as necessary to operate the service and meet the operator’s legal and accounting obligations. Data may be shared within permission boundaries (for example, what an owner sees versus a tenant) according to system configuration. Access is limited to users authorized by the operator.

Depending on applicable law, you may have the right to access, rectify, delete, restrict processing, or object. Contact us using the details above. We may need to verify your identity before responding, and some requests may be limited by the rights of others or legal and contractual duties.

This policy may be updated from time to time. The effective version is the one published with the service. Continued use after updates constitutes acknowledgment of reasonably published changes where applicable.

This text is informational and is not a substitute for professional legal advice where required.