Privacy policy for a Dubai-operated beauty booking portal.

Who controls the data and when this policy applies

This policy applies to the Zayn website, waitlists, salon join flows, app, and related support channels operated by ZAYNHQ PORTAL in Dubai, United Arab Emirates. It explains how personal data is collected, used, shared, retained, and protected when people interact with Zayn.

Information we collect

• Identity and contact data: name, email address, phone number, account identifiers, and profile details.
• Booking and service data: booking history, selected services, provider choice, service address, scheduling information, support messages, and booking status updates.
• Payment and transaction records: booking totals, refunds, authorisation references, payment status data, and payout records. Zayn does not intentionally store full card numbers entered into third-party payment tools.
• Salon onboarding and trust data: licence details, identity documents, responsible-person details, Ziina Business payout details where required, and supporting compliance information submitted by salons or professionals.
• Website waitlist data: the email address, phone number, and consent record submitted through the website forms.
• Technical and security data: device information, IP or approximate location signals, browser data, app version, logs, fraud indicators, and service analytics used to keep the platform reliable.

Why we process personal data

• To create accounts, manage bookings, send confirmations, process payments, and support cancellations or refunds.
• To collect payments as an intermediary where enabled and to route payout or settlement instructions to salons or professionals.
• To review salon onboarding submissions, verify marketplace trust information, and enforce listing standards.
• To answer support requests, protect users, detect fraud, investigate abuse, and keep the platform secure.
• To send waitlist updates, onboarding communications, and launch information when a user has requested that contact through a website or app form.
• To meet legal, accounting, payment, tax, safety, or regulatory obligations that apply to the operation of the portal.

How data may be shared

• With the selected salon or professional: the booking details reasonably needed to deliver the requested service.
• With payment and infrastructure providers: hosting, analytics, communications, security, storage, Ziina, and other approved payment or payout partners acting on our instructions or under their own regulated role.
• With authorities or dispute handlers: where required for lawful requests, investigations, consumer complaints, fraud prevention, safety, or compliance.
• Within corporate transactions: if the business is restructured, sold, or merged, subject to lawful handling of user data.

Some vendors may process data outside the UAE. Where that happens, Zayn aims to use lawful transfer mechanisms and contractual or technical safeguards appropriate to the type of data involved.

Retention, user controls, and contact rights

• Retention: Zayn keeps data only for as long as needed for the purpose collected, plus any period required for legal, accounting, dispute, fraud, or security reasons.
• Waitlists: website launch-list information is kept until launch processing ends, a user withdraws, or the record is no longer needed.
• Account controls: users can update profile details in the product where available and can contact support for deletion or correction requests.
• Consent withdrawal: where contact depends on consent, users may withdraw that consent by contacting support or using the message controls provided.
• Access requests: users may ask for a copy, correction, or deletion review of personal data, subject to any legal exceptions that still require retention.

Security and minimisation

Zayn uses organisational and technical safeguards appropriate for a booking marketplace, including access controls, service-provider restrictions, and logging designed to reduce misuse. No online system is guaranteed to be perfectly secure, so users should also protect their own credentials and devices.