Privacy Policy

Furrsati ("we," "us," "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you use the Furrsati platform, including our mobile application and website (collectively, the "Platform").

By creating an account or using the Platform, you acknowledge that you have read, understood, and consent to the data practices described in this Privacy Policy. If you do not agree with our data practices, you must not use the Platform.

Furrsati, based in Beirut, Lebanon, is the data controller responsible for your personal data. For all privacy-related inquiries, you may contact our data protection team at support@furrsati.com.

We collect the following categories of personal data when you use our Platform:

3.1 Personal Identification Information

• Full legal name, email address, and phone number provided during account registration
• Profile information including professional bio, skills, portfolio items, work history, and profile photo (optional)
• Country of residence and preferred language settings

3.2 KYC Verification Documents

• Government-issued photo identification (passport, national ID card, or driver's license)
• Proof of current residential address (utility bill, bank statement, or government correspondence dated within the last 3 months)
• Live selfie or photograph for identity verification and liveness check

3.3 Financial & Payment Information

• Payment card details and billing address (processed and stored securely by Stripe — Furrsati does not store full card numbers)
• Withdrawal method preferences and associated account details (bank account numbers, wallet addresses, OMT details)
• Complete transaction history including escrow funding, payment releases, refunds, fees, and withdrawal records

3.4 Usage & Technical Data

• Device information (device model, operating system, unique device identifiers), IP address, browser type and version
• Pages and screens visited, features used, buttons clicked, session duration, and navigation patterns
• Search queries, job browsing behavior, proposal interaction data, and in-app actions
• App crash reports, error logs, and performance diagnostic data

3.5 Communication Data

• Text messages exchanged between Users through the Platform's built-in messaging system
• Voice notes recorded and sent within conversations
• Files, images, documents, and other attachments shared through the Platform's chat and deliverable submission systems
• Support communications and correspondence with the Furrsati team

We process your personal data for the following specific and legitimate purposes:

• Account Management — To create, maintain, verify, and administer your user account
• Platform Operations — To facilitate job postings, proposal submissions, contract formation, milestone tracking, and deliverable management
• Payment Processing — To process escrow funding, milestone payments, platform fee deductions, and withdrawal requests through our integration with Stripe
• Identity Verification — To verify your identity through KYC procedures as required for payment processing and regulatory compliance
• Dispute Resolution — To review evidence, evaluate disputes between Users, and issue binding resolutions in accordance with our Terms of Service
• Communications — To send transactional notifications about your account activity, contract updates, payment status, and dispute proceedings
• Platform Improvement — To analyze aggregated and anonymized usage data to improve the Platform's features, performance, and user experience
• Fraud Prevention — To detect, investigate, and prevent fraudulent activity, prohibited conduct, and abuse of the Platform
• Legal Compliance — To comply with applicable laws, regulations, legal processes, and enforceable government requests
• Safety & Security — To protect the safety, rights, and property of Furrsati, our Users, and the public

We process your personal data on the following legal bases:

• Consent — You provide explicit consent when creating your account and accepting this Privacy Policy. You may withdraw consent at any time by closing your account, though this may limit your ability to use the Platform.
• Contractual Necessity — Processing is necessary to perform the services you have requested, including facilitating Contracts, processing payments, and resolving disputes.
• Legitimate Interests — Processing is necessary for our legitimate business interests, including platform security, fraud prevention, service improvement, and analytics, where such interests are not overridden by your fundamental rights and freedoms.
• Legal Obligation — Processing is necessary to comply with our legal obligations, including KYC/AML regulations, financial record-keeping requirements, tax obligations, and responding to lawful requests from authorities.

Furrsati does not sell, rent, or trade your personal data to third parties for marketing purposes. We share your information only in the following circumstances and with the following categories of recipients:

• Stripe (Payment Processor) — Payment card details, transaction data, and identity information necessary for payment processing, escrow management, and fraud prevention. Stripe processes data in accordance with its own Privacy Policy and PCI DSS Level 1 standards.
• Supabase (Infrastructure Provider) — Account data, files, and platform content are stored on Supabase's cloud infrastructure with encryption at rest and in transit.
• Firebase (Authentication Provider) — Authentication credentials and session data for secure login and account access management.
• Other Users — Limited profile information (name, bio, skills, portfolio, ratings, and reviews) is visible to other Users to facilitate work relationships. Full contact information is never shared.
• Legal Authorities — We may disclose personal data when required by law, subpoena, court order, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, or to investigate fraud.
• Professional Advisors — We may share data with our legal counsel, auditors, and professional advisors under obligations of confidentiality.

KYC verification documents are treated with the highest level of security. Documents are encrypted in transit using TLS 1.3 and encrypted at rest using AES-256 encryption. Access to KYC data is strictly limited to authorized Furrsati administrators who require it for identity verification purposes, and all access is logged and audited.

KYC documents are retained for the duration of your account's active status and for a minimum of 5 years following account closure, as required by applicable anti-money laundering and financial regulations. After the retention period, KYC documents are permanently and irreversibly deleted from our systems.

We retain your personal data for as long as your account is active and as necessary to provide you with our services. Following account closure or deletion, we apply the following retention periods:

• Account profile data — Deleted within 30 days of account closure, except as required for legal retention
• Transaction and escrow records — Retained for a minimum of 7 years in accordance with financial record-keeping and tax compliance requirements
• KYC documents — Retained for a minimum of 5 years after account closure per AML regulatory requirements
• Communication logs — Retained for 3 years after the last activity for dispute resolution and legal compliance purposes
• Usage and technical data — Retained in anonymized form for analytics purposes indefinitely; identifiable data is deleted within 12 months of account closure

After the applicable retention period, personal data is permanently deleted or irreversibly anonymized. We may retain anonymized, aggregated data that cannot be linked to individual Users for analytical and statistical purposes indefinitely.

We implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit using TLS 1.3/SSL for all data transmitted between your device and our servers
• Encryption at rest using AES-256 for stored personal data and sensitive documents
• Secure authentication through Firebase Auth with support for multi-factor authentication
• Regular security assessments, vulnerability scanning, and penetration testing
• Access controls with role-based permissions, ensuring only authorized personnel can access personal data
• Automated monitoring and alerting for suspicious activity and potential security incidents

Payment data is processed exclusively through Stripe, which maintains PCI DSS Level 1 certification — the highest level of payment security certification in the industry. Furrsati does not store, process, or have access to full payment card numbers.

While we implement rigorous security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security and are not liable for breaches resulting from sophisticated attacks beyond our reasonable control.

Subject to applicable law, you have the following rights regarding your personal data:

• Right of Access — You may request a copy of the personal data we hold about you. We will provide this information within 30 days of a verified request.
• Right to Rectification — You may request correction of inaccurate or incomplete personal data. You can update most information directly through your account settings.
• Right to Erasure — You may request deletion of your personal data, subject to our legal obligations to retain certain data (financial records, KYC documents) for the periods described in Section 8.
• Right to Data Portability — You may request your personal data in a structured, commonly used, machine-readable format (JSON or CSV) for transfer to another service.
• Right to Object — You may object to the processing of your personal data based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
• Right to Restrict Processing — You may request restriction of processing in certain circumstances, such as while we verify the accuracy of your data following a rectification request.

To exercise any of these rights, submit a written request to support@furrsati.com. We may require identity verification before processing your request. We will respond to all legitimate requests within 30 calendar days.

We use essential cookies and similar tracking technologies to maintain your session, remember your preferences, and ensure the Platform functions correctly. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

Your personal data may be processed and stored in countries outside Lebanon where our service providers maintain infrastructure, including but not limited to the United States and European Union member states. These transfers are necessary for the operation of the Platform and our services.

When transferring data internationally, we ensure that appropriate safeguards are in place, including contractual data processing agreements with our service providers that incorporate standard data protection clauses and require the recipient to maintain adequate security measures.

Furrsati may use automated systems for fraud detection, risk scoring, and account security purposes. These systems analyze patterns in transaction data, login behavior, and account activity to identify and prevent fraudulent or unauthorized use of the Platform.

No decisions that produce legal effects or similarly significant effects on you are made solely on the basis of automated processing. Dispute resolutions, account terminations, and KYC approvals involve human review and oversight.

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a person under 18, we will take immediate steps to delete such data from our systems and terminate the associated account.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected Users without undue delay and no later than 72 hours after becoming aware of the breach. Notification will be provided via email and/or in-app notification and will include a description of the breach, the likely consequences, and the measures we have taken or propose to take to address the breach.

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or Platform features. If we make material changes, we will provide at least 30 days' notice by posting the updated policy on the Platform and sending a notification via email or in-app notification.

Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the changes, you must discontinue use of the Platform and close your account.

For privacy-related questions, concerns, data access requests, or to exercise any of your data rights, please contact our data protection team:

Furrsati Data Protection — support@furrsati.com — Beirut, Lebanon

We are committed to resolving any complaints about our collection or use of your personal data. We will respond to all inquiries within 30 calendar days.