Privacy Policy

This Privacy Policy ("Policy") describes how Daftarly ("Company", "we", "us", "our") collects, uses, stores, and protects your personal and financial information when you use our cloud-based accounting platform, including all websites, mobile applications, APIs, and related services (collectively, the "Service").

This Policy applies to all users of the Service, including individuals, business owners, accountants, and any other persons who access or interact with Daftarly. By creating an account or using any part of the Service, you acknowledge that you have read and understood this Privacy Policy.

Daftarly is an AI-powered accounting SaaS platform designed for businesses in Egypt and the GCC region. We are committed to protecting your privacy and handling your data with transparency, integrity, and in compliance with applicable data protection laws.

We collect the following categories of information to provide and improve the Service:

Account Data

• Personal identifiers: your full name, email address, phone number, and company or business name;
• Authentication data: encrypted password, login history, and session information;
• Business details: company registration number, tax identification number, industry, and business address.

Financial Data

• Invoices and bills: invoice details, line items, amounts, client and vendor information;
• Expenses and transactions: expense records, payment details, bank transaction data you choose to import;
• Reports and summaries: financial reports, profit and loss statements, and balance sheets generated within the platform.

Usage Data

• Technical information: IP address, browser type and version, device type, operating system;
• Activity data: pages visited, features used, time spent on the platform, click patterns;
• Referral data: how you arrived at our platform (e.g., search engine, referral link).

Cookies & Similar Technologies

• Essential cookies: required for authentication, session management, and security;
• Analytics cookies: used only with your consent to understand usage patterns and improve the Service;
• We do not use third-party advertising or tracking cookies.

We use the information we collect for the following purposes:

Providing the Service

• Core functionality: processing invoices, tracking expenses, generating financial reports, and managing your accounting data;
• Account management: creating and maintaining your account, authenticating your identity, and managing your subscription;
• Customer support: responding to your inquiries, troubleshooting issues, and providing technical assistance.

AI-Powered Features

• Financial insights: generating AI-driven summaries, forecasts, and recommendations based on your financial data;
• Smart categorization: automatically categorizing transactions and expenses using machine learning;
• Anomaly detection: identifying unusual patterns that may indicate errors or require your attention.

Platform Improvement

• Analytics: understanding how users interact with the Service to improve features and user experience;
• Performance monitoring: ensuring the platform operates reliably and efficiently;
• Feature development: using aggregated, anonymized data to guide product development.

Communication

• Service notifications: sending important updates about your account, billing, and platform changes;
• Product updates: informing you about new features and improvements (with opt-out available);
• We will never send unsolicited marketing emails without your explicit consent.

Security

• Fraud prevention: detecting and preventing unauthorized access, abuse, and fraudulent activity;
• Compliance: meeting legal and regulatory obligations related to data protection and financial services.

Daftarly incorporates AI and machine learning features to enhance your accounting experience. We want you to understand exactly how your data is processed by these features:

• Data stays within your account: AI features process your financial data strictly within the context of your own account environment. Your data is never pooled with other users' data for AI processing;
• No third-party AI sharing: we do not share your financial data with third-party AI providers for model training or any other purpose;
• Purpose-limited processing: AI processing is performed solely to deliver the specific feature you are using (e.g., generating a financial insight, categorizing a transaction);
• No cross-account learning: AI models do not learn from individual user data. Any model improvements use only aggregated, fully anonymized, and de-identified datasets;
• Transparency: AI-generated outputs are clearly labeled so you always know when content has been generated by AI rather than manually entered.

You can disable AI-powered features at any time from your account settings without affecting the core functionality of the platform.

We do not sell, rent, or trade your personal or financial data to any third party. This is a fundamental principle of our business.

We may share limited data with the following categories of service providers, strictly as necessary to operate the Service:

Infrastructure Providers

• Cloud hosting and storage providers that host our servers and databases;
• Content delivery networks that ensure fast, reliable access to the platform;
• All infrastructure providers are contractually bound to maintain confidentiality and security.

Payment Processors

• Third-party payment processors that handle subscription billing;
• We do not store your full credit card details — these are handled entirely by PCI-DSS compliant payment processors;
• Payment processors receive only the minimum information required to process your payment.

Legal Requirements

• We may disclose information when required to do so by applicable law, regulation, or court order;
• We may share information with law enforcement when we have a good-faith belief that disclosure is necessary to prevent harm, fraud, or illegal activity;
• We will notify you of such disclosure where legally permitted to do so.

All third-party service providers are carefully vetted and bound by data processing agreements that require them to protect your data to the same standard we maintain.

We take the security of your data seriously and implement comprehensive, industry-standard measures to protect it:

Encryption

• In transit: all data transmitted between your device and our servers is encrypted using TLS 1.2 or higher;
• At rest: all stored data, including financial records and personal information, is encrypted using AES-256 encryption;
• Database-level: sensitive fields are additionally encrypted at the application level.

Infrastructure Security

• Our platform is hosted on secure, enterprise-grade cloud infrastructure with SOC 2 compliance;
• Regular security audits, vulnerability assessments, and penetration testing;
• Automated monitoring and alerting for suspicious activity;
• Strict access controls with role-based permissions for all internal systems.

Operational Security

• Employee access to user data is limited to authorized personnel on a need-to-know basis;
• All employees undergo security training and are bound by confidentiality agreements;
• Incident response procedures are in place to handle any security events promptly.

While we implement rigorous security measures, no method of electronic storage or transmission is 100% secure. We encourage you to use strong, unique passwords and enable two-factor authentication when available.

We retain your data according to the following principles:

Active Accounts

• Your personal and financial data is retained for as long as your account remains active and the Service is being used;
• Usage data and activity logs are retained for up to 24 months for security and analytics purposes.

Account Deletion

• Upon receiving an account deletion request, we will delete or anonymize your personal and financial data within 30 calendar days;
• Deletion requests can be submitted through your account settings or by emailing privacy@daftarly.com;
• Backups containing your data are purged within 90 days of the deletion request.

Legal Retention

• Certain data may be retained beyond the 30-day deletion period where required by applicable law or regulation (e.g., financial record-keeping requirements, tax law obligations);
• Transaction records may be retained for the period required by Egyptian commercial law;
• We will inform you if any data must be retained for legal reasons when you submit a deletion request.

You have the following rights regarding your personal data, subject to applicable law:

• Right of access: request a copy of the personal data we hold about you;
• Right to correction: request correction of any inaccurate or incomplete personal data;
• Right to deletion: request deletion of your personal data (subject to legal retention requirements);
• Right to data portability: receive your data in a structured, commonly used, machine-readable format (e.g., CSV, JSON);
• Right to restrict processing: request that we limit how we process your data in certain circumstances;
• Right to withdraw consent: withdraw any previously given consent at any time, without affecting the lawfulness of processing performed before withdrawal;
• Right to object: object to processing of your data for certain purposes, including direct marketing.

To exercise any of these rights, please contact us at privacy@daftarly.com. We will respond to your request within 30 calendar days. You will not be charged a fee for exercising your rights, except where requests are manifestly unfounded or excessive.

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.

Daftarly uses cookies and similar technologies to operate and improve the Service. Here is how we use them:

Essential Cookies

• Required for core platform functionality — authentication, session management, security, and user preferences;
• These cookies cannot be disabled as they are necessary for the Service to function;
• They do not track you across other websites.

Analytics Cookies

• Used only with your explicit consent to understand how users interact with the platform;
• Help us identify popular features, detect usability issues, and improve the user experience;
• Data collected by analytics cookies is aggregated and anonymized.

What We Do Not Use

• We do not use third-party advertising cookies;
• We do not use cross-site tracking technologies;
• We do not participate in advertising networks or share cookie data with advertisers.

You can manage your cookie preferences at any time through your browser settings or the cookie consent banner on our platform.

Daftarly is headquartered in Egypt and primarily serves businesses in the Egypt and GCC region. Your data may be processed in jurisdictions outside your country of residence.

• All data processing is conducted in compliance with the Egyptian Personal Data Protection Law (Law No. 151 of 2020) and applicable regulations;
• Where data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and equivalent data protection measures;
• We ensure that any international service providers maintain a level of data protection that is at least equivalent to the protections provided under Egyptian law;
• For users in the GCC, we comply with applicable local data protection regulations, including the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection and the Saudi Personal Data Protection Law where applicable.

If you have questions about where your data is processed or the safeguards in place, please contact us at privacy@daftarly.com.

The Daftarly platform is a business-oriented financial management tool and is not intended for use by individuals under the age of 18.

• We do not knowingly collect personal data from anyone under 18 years of age;
• If we become aware that we have collected data from a minor, we will promptly delete that information and terminate the associated account;
• If you believe a minor has provided us with personal data, please contact us immediately at privacy@daftarly.com.

Policy Updates

• We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements;
• For material changes, we will provide at least 14 days' advance notice via email to the address associated with your account;
• For minor changes, we will update the "Last Updated" date at the top of this page;
• Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy inquiries: privacy@daftarly.com
• General support: support@daftarly.com
• Security incidents: security@daftarly.com
• Website: daftarly.com/contact

We aim to respond to all privacy-related inquiries within 5 business days.