Privacy Policy

1. Company Information

Legal Entity: Mohamed Ahmed Mohamed Osman Computer Systems and Software Designing (operating as "Qeemah")
Location: Abu Dhabi, United Arab Emirates
Contact: +966 55 303 9374
Email: privacy@qeemahcloud.com
Website: qeemahcloud.com

2. Information We Collect

2.1 Account Information

When you create a Qeemah account, we collect:

• Company name, registration number, and VAT identification number
• Administrator and user names, email addresses, and phone numbers
• Business address and contact details
• Payment information (processed securely through third-party providers)

2.2 Business Data

To provide our accounting and e-invoicing services, we process:

• Financial transactions, invoices, and receipts
• Customer and supplier information
• Product catalogs and inventory records
• Employee payroll data (if using payroll features)
• Bank account details for reconciliation
• Tax returns and VAT declarations

2.3 ZATCA Integration Data

For compliance with Saudi ZATCA (Zakat, Tax and Customs Authority) e-invoicing requirements:

• Cryptographic Stamp Identifiers (CSIDs) and digital certificates
• E-invoice UUIDs and QR codes
• Invoice clearance and reporting logs
• Integration API credentials and tokens

2.4 Technical Information

We automatically collect:

• IP addresses and device identifiers
• Browser type, operating system, and device information
• Usage patterns, feature interactions, and performance metrics
• Log files and error reports

3. How We Use Your Information

We use your information to:

• Provide Services: Process transactions, generate reports, and maintain your accounting records
• ZATCA Compliance: Submit e-invoices to ZATCA on your behalf and maintain audit trails as required by Saudi law
• Support & Maintenance: Respond to inquiries, troubleshoot issues, and provide technical assistance
• Security: Detect fraud, prevent unauthorized access, and protect your data
• Improve Services: Analyze usage patterns to enhance features and user experience
• Legal Obligations: Comply with Saudi tax laws, accounting standards, and regulatory requirements
• Communications: Send service updates, security alerts, and billing notifications

4. Data Sharing and Disclosure

4.1 ZATCA (Tax Authority)

We automatically transmit e-invoices and related tax data to ZATCA's Fatoora platform as required by Saudi e-invoicing regulations. This is a legal obligation and necessary for service functionality.

4.2 Service Providers

We share data with trusted third parties who assist in operations:

• Cloud Infrastructure: AWS, DigitalOcean, or similar providers for hosting
• Payment Processors: Stripe, HyperPay, or other payment gateways
• Email Services: Transactional email providers for notifications
• Analytics: Usage analytics for service improvement (anonymized when possible)

All service providers are bound by confidentiality agreements and process data only as instructed.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or to protect our rights and safety.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity.

4.5 No Sale of Data

We do not sell, rent, or trade your personal or business data to third parties for marketing purposes.

5. Data Security

We implement industry-standard security measures:

• Encryption: TLS/SSL for data in transit, AES-256 for data at rest
• Access Controls: Multi-factor authentication (MFA) and role-based permissions
• Infrastructure: Secure cloud hosting with regular security audits
• Backups: Daily automated backups with 30-day retention
• Monitoring: 24/7 intrusion detection and security logging
• Compliance: Regular security assessments aligned with Saudi Cybersecurity Framework

While we strive to protect your data, no method of transmission over the internet is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your data for as long as necessary to provide services and comply with legal obligations:

• Active Accounts: Data retained while your subscription is active
• Closed Accounts: Financial records retained for 10 years per Saudi accounting regulations
• Tax Data: E-invoicing records retained for 6 years as required by ZATCA
• Audit Trails: System logs retained for 12 months for security purposes

Upon account closure, you may request data export. After the retention period, data is securely deleted.

7. Your Rights

You have the following rights regarding your data:

• Access: Request a copy of your personal and business data
• Correction: Update inaccurate or incomplete information through your account dashboard
• Export: Download your data in machine-readable formats (CSV, JSON)
• Deletion: Request account deletion (subject to legal retention requirements)
• Portability: Transfer your data to another service provider
• Restrict Processing: Limit how we use your data (may affect service availability)
• Withdraw Consent: Opt-out of non-essential communications

To exercise these rights, contact us at privacy@qeemahcloud.com or +966 55 303 9374.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Authentication, session management, and security
• Functional Cookies: Remember preferences (language, theme, dashboard layout)
• Analytics Cookies: Understand usage patterns and improve features

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

9. Third-Party Services

Our service may integrate with third-party applications (banks, payment gateways, CRM systems). We are not responsible for the privacy practices of these external services. Review their privacy policies before connecting.

10. Data Location

Your data is primarily stored in data centers within Saudi Arabia or the Middle East region to ensure compliance with local regulations and optimal performance. Some service providers (e.g., cloud infrastructure) may process data in other jurisdictions with adequate data protection standards.

11. Children's Privacy

Qeemah is a business service not intended for individuals under 18. We do not knowingly collect data from children. If you believe we have inadvertently collected such data, contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or in-app notification at least 30 days before they take effect. Continued use after changes constitutes acceptance.

13. Contact Information

For privacy-related inquiries, requests, or complaints:

14. Applicable Laws and Regulations

This Privacy Policy complies with:

• UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection
• Saudi Arabian Personal Data Protection Law (PDPL)
• ZATCA E-Invoicing Regulations (Phase 1 & 2)
• Saudi Cybersecurity Framework by National Cybersecurity Authority (NCA)