Privacy Policy
Last updated: 18 June 2026
This is a plain-language template, not legal advice — have it reviewed by a qualified lawyer before launch.
1. Introduction & scope
Kashfi ("we", "us") is a price-comparison and health-scoring shopping platform for the UAE and KSA. This policy explains how we collect, use, share and protect your personal data when you use our website and apps.
We comply with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and the KSA Personal Data Protection Law (PDPL), and we maintain SDAIA registration where required. This policy applies to all users in the territories we serve.
2. Data we collect
- Account data — such as your email address and phone number.
- Usage & device data — app/website interactions, device type, operating system, identifiers and log data.
- Search queries — the products, brands and ingredients you search for.
- Saved products & price-watch targets — items and price alerts you set up.
- Approximate location / country — to show relevant retailers, prices and currency.
3. How we use your data
- To provide price comparisons and product information.
- To send price-drop alerts you have requested.
- To personalise your experience and recommendations.
- To detect and prevent fraud, abuse and security incidents.
- To analyse and improve the Service.
4. Legal bases
We process your data on one or more of the following bases: your consent (for example, marketing and certain cookies); the performance of a contract with you (to provide the Service); and our legitimate interests (such as security, fraud prevention and improving the Service), provided these are not overridden by your rights.
5. Sharing & disclosure
We share data in limited circumstances:
- Affiliate networks & retailers — via click attribution when you tap through to a retailer.
- Service providers — such as hosting, analytics and messaging providers acting on our behalf.
- Legal authorities — when required by law or to protect rights and safety.
We do not sell your personal data.
6. Cookies & tracking
We use essential cookies to run the Service, analytics cookies to understand usage, and affiliate attribution cookies to credit the retailers we link to. You can control non-essential cookies through your browser settings and our consent controls. Disabling some cookies may affect functionality.
7. Data residency & hosting
We host data within the region. UAE user data is hosted in AWS Middle East (UAE), and KSA user data is hosted in AWS (Riyadh). Where any cross-border transfer is necessary, we apply appropriate safeguards consistent with UAE and KSA data-protection law.
8. Your rights
Subject to applicable law, you have the right to access, correct, and delete your data; to portability/export of your data; to object to certain processing; and to withdraw consent at any time. To exercise these rights, contact us at [email protected]. We will respond within the timeframes required by law.
9. Data retention
We keep your personal data only as long as needed for the purposes described in this policy or as required by law. When you delete your account, it is soft-deleted and then permanently purged after 30 days, unless we must retain certain data for legal or security reasons.
10. Security
We protect your data with encryption in transit, least-privilege access controls and audit logging. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to any incident.
11. Children
The Service is not directed at, and is not intended for use by, children under the age of 18. We do not knowingly collect personal data from under-18s. If you believe a child has provided us data, please contact us so we can remove it.
12. Marketing & communications
Marketing communications by email, SMS and push notification are opt-in, with per-channel consent. You can unsubscribe at any time using the link in any message, your device settings, or your account preferences. We may still send essential service messages related to your account.
13. International transfers
Where data is transferred outside its country of origin, we rely on lawful transfer mechanisms and apply appropriate safeguards (such as contractual protections and adequacy assessments) consistent with UAE and KSA data-protection law.
14. Changes to this policy
We may update this policy from time to time. When we do, we will revise the "Last updated" date above and, where appropriate, notify you. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
15. Contact & Data Protection Officer
For any privacy questions, or to reach our Data Protection Officer, contact us at [email protected].