Privacy Policy

1. Introduction

This Privacy Policy describes how the Maraf10 Partner mobile application (the “Partner App”, “we”, “our”, or “us”) collects, uses, stores and protects information of merchant staff members (“you”, “your”) who use the Partner App on behalf of a business that participates in the Maraf10 loyalty program.

The Partner App is intended for authorized employees of partner businesses only. It is not a consumer application. End-customer data collection practices are covered by a separate Maraf10 Customer Privacy Policy.

By signing in to Maraf10 Partner you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of it, please do not use the Partner App.

2. Information We Collect

2.1 Information you provide

• Account information — full name, phone number, and (optionally) email address, set up by your employer when your staff account is created.
• Business/branch assignment — the partner business and branch you are linked to, including your role (e.g. cashier, manager, owner).
• Profile picture — if you choose to upload one from your device’s gallery or camera.
• Authentication credentials — a one-time verification code (OTP) sent to your phone, or a password (stored in hashed form).

2.2 Information collected automatically

• Camera access — the Partner App uses your device camera solely to scan customer loyalty QR codes at the point of sale. Camera frames are processed on-device and are not recorded, stored, or transmitted.
• Transaction records — when you register a sale, redeem a gift, or issue points for a customer, we store the transaction amount, the customer identifier, timestamp, and the staff account (you) that performed the action. This is required for loyalty program accounting and fraud prevention.
• Device identifiers and push tokens — a push notification token is generated for your device so we can deliver operational notifications (e.g. new gift redemptions, system alerts).
• Usage and diagnostic data — basic analytics such as screens viewed, actions taken inside the Partner App, approximate device model, operating system version, and crash reports. This helps us measure reliability and fix bugs.
• Authentication session tokens — stored locally on your device to keep you signed in between sessions.

2.3 Information we do NOT collect

• We do not collect your precise location (GPS).
• We do not access your contacts, SMS messages, or call logs.
• We do not access photos or files on your device except the single image you explicitly pick for your profile.
• We do not record audio, video, or save camera frames from the QR scanner.
• We do not sell your personal data to third parties.

3. How We Use Your Information

We use the collected information for the following purposes:

• To authenticate you as an authorized staff member of a partner business.
• To operate the loyalty program from the partner side — registering sales, issuing points, redeeming gifts, and generating statistics for the partner business.
• To allow your employer (the partner business owner or manager) to see which staff account performed which transaction, for accounting and audit purposes.
• To send operational push notifications related to your work in the Partner App.
• To respond to your support requests and feedback.
• To detect, prevent, and investigate fraud, abuse, and security incidents.
• To analyze usage in aggregate so we can improve the Partner App’s features, stability, and performance.
• To comply with applicable legal obligations.

4. Sharing of Information

Data you enter through the Partner App is shared with the partner business you work for, which acts as an independent data controller over the business records generated in the App (sales, redemptions, staff activity logs). Maraf10 acts as a data processor providing the technical platform. We do not share your personal data with other partner businesses or with third parties except:

• Infrastructure providers strictly necessary to run the service (see section 5).
• Where required by applicable law, a valid legal request, or to protect the rights and safety of users and Maraf10.

5. Third-Party Services

The Partner App relies on a limited number of third-party services to operate. These providers process data on our behalf under their own privacy policies:

• Google Play Services (Google LLC) — required by the Android platform for core functionality. Google Privacy Policy.
• Google ML Kit — Barcode Scanning — bundled on-device library used to decode QR codes from the camera preview. Processing happens locally on your device; camera frames are not sent to Google servers.

6. Data Storage and Security

Your account and transaction data is stored on secure servers operated by us. We apply industry-standard safeguards including encryption of data in transit (HTTPS/TLS), hashed password storage, and restricted administrative access. No method of electronic transmission or storage is 100% secure; however we continuously work to protect your information.

7. Data Retention

We retain your staff account for as long as your employer maintains your account as active. Transaction records generated through your account are retained for as long as the partner business requires them for accounting, tax, or audit obligations, even after your personal account is deactivated (transactions will remain linked to an anonymized staff reference after deletion).

8. Your Rights

Subject to applicable law, you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your personal profile data (subject to retention rules in section 7).
• Withdraw consent for non-operational notifications at any time.
• Export a copy of your personal data in a commonly used format.

To exercise any of these rights, contact us at the email address below, or ask your employer (the partner business account holder) to raise the request on your behalf. We will respond within a reasonable timeframe.

9. Account Deletion

Because Partner App accounts are created and managed by the partner business, the primary way to deactivate your account is to ask your employer to remove you from their staff list. You can also request deletion of your personal profile data by sending an email to qaffarov.taleh@gmail.com from the email address registered to your account. Once verified, your personal profile data will be removed within 30 days, subject to the retention rules described in section 7.

10. Children’s Privacy

The Partner App is a business tool intended for adult employees of partner businesses only. It is not directed to, and must not be used by, anyone under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective date” at the top of this page and, where appropriate, notify you inside the Partner App. Your continued use of the Partner App after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact: