Back to Home

Privacy Policy

Last Updated: February 25, 2026

1. Introduction

This Privacy Policy explains how Fariiq ("we", "us", or "our") collects, uses, stores, and protects your information when you use our platform, including the web application, mobile applications, marketing website, and APIs.

By using our Platform, you consent to the practices described in this Privacy Policy.

2. Data Controller and Data Processor Roles

Fariiq operates in two capacities:

  • Data Processor: When processing data on behalf of 3PL Companies (couriers, employees, transactions). The 3PL Company is the Data Controller for this data.
  • Data Controller: For data relating to account holders (company admins, users), marketing contacts, and Platform usage data.

3. Information We Collect

3.1 Company Account Registration

Company name, contact information, logo, trade license details, and VAT registration number.

3.2 User Account Information

Full name, email address, phone number, role designation, and module access permissions.

3.3 Courier Information

Legal name, phone number, email, nationality, country, government ID (and expiry), passport details, driving license details, vehicle information, bank account (IBAN), insurance information, and employment status.

3.4 Employee Information

Name, nationality, contact details, government ID, bank account (IBAN), salary information, insurance details, and employment information.

3.5 Automatically Collected Information

Authentication events (login/logout timestamps), IP addresses, browser user agent, API request logs, usage analytics, and security events (failed login attempts, account lockouts).

3.6 Third-Party Data

Transaction data from delivery platforms (e.g., Talabat, Mrsool, Keeta) uploaded by 3PL Companies for reconciliation and payroll processing.

4. How We Use Your Information

We use the information we collect to:

  • Provide and operate Platform services
  • Authenticate users and maintain account security
  • Process payroll calculations and generate WPS files
  • Manage billing and subscription services
  • Maintain audit trails for compliance
  • Monitor sensitive data access
  • Send document expiry alerts and notifications
  • Generate reports and analytics
  • Detect and prevent fraud

5. Data Protection Measures

We implement robust security measures to protect your data:

  • IBAN and account number masking in the user interface
  • Cryptographic hashing of passwords and PINs (bcrypt)
  • Role-based access controls with per-module permissions
  • Automatic account lockout after failed login attempts
  • API rate limiting to prevent abuse
  • Comprehensive audit trails for all critical operations
  • TLS/SSL encrypted data transport
  • Cryptographically secured tokens with automatic expiry

6. Data Sharing and Third Parties

We do not sell your personal data. We may share data with:

  • Service Providers: Cloud storage (S3-compatible) and email services (SMTP) that help us operate the Platform.
  • Analytics: Google Analytics on our marketing website (Tracking ID: G-WM45DKLM4R) and Google Fonts for typography.
  • Legal Requirements: When required by law, legal process, or to protect our rights.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.

7. Cookies and Local Storage

The Platform application stores JWT authentication tokens in browser local storage (necessary for functionality). Our marketing website uses Google Analytics cookies for visitor analytics.

8. Data Retention

  • Active Accounts: Data is retained while your account is active.
  • Cancelled Accounts: Data is retained for 90 days after cancellation, then permanently deleted.
  • Authentication and Audit Logs: Retained for compliance and security purposes.
  • Password Reset Tokens: Automatically deleted upon expiry.

9. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data.
  • Rectification: Request correction of inaccurate data.
  • Deletion: Request deletion of your data (subject to legal retention requirements).
  • Restrict Processing: Request limitation of how we process your data.
  • Data Portability: Request your data in a portable format.
  • Object: Object to certain types of data processing.
  • Withdraw Consent: Withdraw previously given consent at any time.

To exercise these rights, 3PL Company users should contact us at info@fariiq.com. Couriers and employees should contact their 3PL Company, who is the Data Controller for their information. We respond to all requests within 30 days.

10. International Data Transfers

Your data may be stored and processed outside your jurisdiction. We prefer the GCC region for data storage and implement appropriate safeguards for any international transfers.

11. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal data from children.

12. Data Breach Notification

In the event of a data breach, we will promptly notify affected 3PL Companies and, where required, the relevant supervisory authorities. We will take immediate steps to contain and remediate any breach.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 14 days' notice before the new policy takes effect.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

  • Privacy: info@fariiq.com
  • Support: info@fariiq.com
  • Website: www.fariiq.com