Privacy policy for a Dubai-operated beauty booking portal.

Who controls the data and when this policy applies

This policy applies to the ZaynApp website, waitlists, salon join flows, app, and related support channels operated by ZAYN APP PORTAL (trade licence 1618454, commercial register 2847459), a sole-establishment E Trader (Professional) licensed by the Government of Dubai, Department of Economy and Tourism (DET). It explains how personal data is collected, used, shared, retained, and protected when people interact with ZaynApp.

ZaynApp acts as the data controller for the information described here and processes it in accordance with the UAE Personal Data Protection Law — Federal Decree-Law No. 45 of 2021 (PDPL) and its implementing regulations. Where ZaynApp processes data on behalf of another party (for example, booking details shared with an independent salon you selected), ZaynApp acts as a data processor for that narrow purpose.

For privacy questions or to exercise your rights, contact support@zaynapp.com with the subject line "Privacy request". The operator of record for regulatory correspondence is reachable at lightofguidance11@gmail.com (the DET-registered licence contact).

Information we collect

• Identity and contact data: name, email address, phone number, account identifiers, and profile details.
• Booking and service data: booking history, selected services, provider choice, service address, scheduling information, support messages, and booking status updates.
• Payment and transaction records: booking totals in AED, Ziina payment intent and charge references, Ziina merchant and settlement records, refund events, chargeback history, and salon onboarding finance details such as official IBAN letters and Ziina account status. ZaynApp never sees or stores full card numbers — Ziina processes and tokenises card data directly on its own infrastructure.
• Salon onboarding and trust data: Trade Licenses, Establishment Card or MoA documents, owner Emirates ID front and back scans, home-service permits where applicable, salon finance settlement details, and supporting compliance information submitted by salons or professionals.
• Website waitlist data: the email address, phone number, and consent record submitted through the website forms.
• Platform activity and operational data: searches, page views, booking timing, cancellations, response times, availability signals, and similar usage patterns that help us understand how the marketplace is working.
• Technical and security data: device information, IP or approximate location signals, browser data, app version, logs, fraud indicators, and service analytics used to keep the platform reliable.

Why we process personal data

• To create accounts, manage bookings, send confirmations, process payments, and support cancellations or refunds.
• To process card payments via Ziina, reconcile salon merchant payments and platform-fee collection, record refunds and chargebacks, and reconcile any legacy or offline settlements tied to bookings.
• To review salon onboarding submissions, verify identity, ownership, settlement contact details, and marketplace trust information, and support payment-partner onboarding where needed.
• To answer support requests, protect users, detect fraud, investigate abuse, and keep the platform secure.
• To send waitlist updates, onboarding communications, and launch information when a user has requested that contact through a website or app form.
• To meet legal, accounting, payment, tax, safety, or regulatory obligations that apply to the operation of the portal.

How we improve the platform

• ZaynApp may use booking, usage, operational, and marketplace data to understand how people interact with the platform and to improve matching between clients and independent salons or professionals.
• This may include reviewing usage patterns, platform activity, and interaction trends to improve service quality, reliability, scheduling, availability, and recommendations.
• We may also look at supply and demand trends across the marketplace to improve service availability and refine provider recommendations.
• These insights are generally used in aggregated or operational ways to improve the platform, support teams, and guide product decisions.
• ZaynApp may also use this information to detect misuse, fraud, suspicious activity, or violations of platform policies.
• ZaynApp does not make decisions that materially affect users based solely on automated processing without appropriate human review.

How data may be shared

• With the selected salon or professional: the booking details reasonably needed to deliver the requested service.
• Relevant provider access only: providers receive only the information reasonably needed to deliver the requested service, manage the booking, and provide support.
• With infrastructure and payment providers: hosting, analytics, communications, security, storage, identity verification providers, Ziina for card payments and refunds, and other approved service providers acting on our instructions or under their own regulated role.
• With authorities or dispute handlers: where required for lawful requests, investigations, consumer complaints, fraud prevention, safety, or compliance.
• Within corporate transactions: if the business is restructured, sold, or merged, subject to lawful handling of user data.
• Data sales: ZaynApp does not sell personal data and uses data internally to operate, improve, and protect the platform.

Some vendors may process data outside the UAE. Where that happens, ZaynApp aims to use lawful transfer mechanisms and contractual or technical safeguards appropriate to the type of data involved.

Retention periods

• Active account data: retained for as long as the account is active.
• Booking, payment, and refund records: retained for 7 years after the booking date to meet UAE tax, accounting, and anti-money-laundering record-keeping obligations.
• Salon onboarding and KYC documents: retained for 7 years after the salon account is closed.
• Support tickets and dispute correspondence: retained for 3 years after closure.
• Waitlist entries: retained until launch processing ends, the user unsubscribes, or 18 months, whichever is earlier.
• Technical and security logs: retained for up to 24 months for fraud-detection and incident response.
• After the applicable retention period ends, data is deleted or anonymised.

Your rights under the UAE PDPL

Under Federal Decree-Law No. 45 of 2021 you have the following rights in relation to your personal data:

• Right to be informed — this policy is the primary notice.
• Right of access — request a copy of the personal data ZaynApp holds about you.
• Right to rectification — ask us to correct inaccurate or incomplete data.
• Right to erasure — ask us to delete your data, subject to overriding legal retention obligations (e.g. tax, AML, dispute evidence).
• Right to restrict processing — limit how we use your data while a request is being reviewed.
• Right to object — object to processing based on legitimate interests or direct marketing.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time without affecting prior lawful use.
• Right not to be subject to fully automated decisions — ZaynApp does not make decisions with material legal or similar effects based solely on automated processing; human review applies.
• Right to lodge a complaint — with the UAE Data Office if you believe your rights have been infringed.

To exercise any of these rights, email support@zaynapp.com with the subject line "Privacy request". We respond within 30 days of verifying your identity. There is no charge for a first request in any 12-month period; repeat or excessive requests may carry a reasonable admin fee as permitted by law.

Security, minimisation, and breach notification

ZaynApp applies organisational and technical safeguards appropriate for a booking marketplace — TLS in transit, encryption at rest on managed cloud storage, access controls, service-provider restrictions, least-privilege admin roles, and audit logging designed to reduce misuse.

If ZaynApp becomes aware of a personal-data breach likely to result in a risk to your rights or freedoms, we will notify the UAE Data Office within the timeframe required by the PDPL (as a working rule, within 72 hours of becoming aware) and will notify affected users directly where the breach is likely to create a high risk to them.

No online system can be guaranteed perfectly secure, so users should also protect their own credentials, devices, and email accounts.

Age and children's data

ZaynApp is intended for users aged 18 and over. Accounts and bookings require the user to be an adult. ZaynApp does not knowingly collect personal data from anyone under 18. If you believe a minor has submitted personal data, contact support@zaynapp.com and the account will be reviewed for prompt deletion.

International data transfers

Some of ZaynApp's infrastructure providers (hosting, authentication, payments, messaging, crash reporting, analytics) may process data outside the UAE. Where a transfer takes place, ZaynApp relies on one or more of the lawful transfer mechanisms permitted by the PDPL — namely transfers to jurisdictions recognised as providing an adequate level of protection, or transfers under binding contractual safeguards with the receiving processor (such as standard contractual clauses or equivalent protections). A current list of core processors is available on request.

إشعار الخصوصية للمستهلك

تعمل منصة زين أب للتعامل الإلكتروني (رخصة تاجر مهنية رقم 1618454، السجل التجاري 2847459، دبي، الإمارات العربية المتحدة) بصفتها المتحكم بالبيانات الشخصية التي يتم جمعها عند استخدام الموقع والتطبيق وقوائم الانتظار وقنوات الدعم ذات الصلة.

• تتم معالجة البيانات الشخصية وفقًا لأحكام المرسوم بقانون اتحادي رقم (45) لسنة 2021 بشأن حماية البيانات الشخصية ولوائحه التنفيذية.
• يحق للمستخدم: الوصول إلى بياناته، وتصحيحها، وطلب حذفها، وتقييد أو الاعتراض على معالجتها، ونقلها إلى جهة أخرى، وسحب الموافقة، وعدم الخضوع لقرارات آلية بحتة تؤثر عليه جوهريًا.
• يتم الاحتفاظ بسجلات الحجوزات والمدفوعات لمدة 7 سنوات للوفاء بالالتزامات الضريبية والمحاسبية، بينما يتم حذف البيانات التقنية خلال 24 شهرًا كحد أقصى.
• في حال وقوع خرق للبيانات قد يؤثر على حقوق المستخدمين، يتم إبلاغ مكتب بيانات الإمارات خلال 72 ساعة وإخطار المستخدمين المتضررين مباشرةً عند الحاجة.
• لتقديم طلب أو شكوى، يرجى التواصل مع support@zaynapp.com، أو مكتب بيانات الإمارات dataoffice.gov.ae، أو دائرة الاقتصاد والسياحة في دبي على الرقم +971 600 54 5555.