Privacy Policy

ServiLink [PENDING: LEGAL_ENTITY_NAME - needs company registration] is the data controller responsible for your personal data. Registered Address: [PENDING: REGISTERED_ADDRESS - needs company registration] Commercial Registration: [PENDING: CR_NUMBER - needs company registration] Data Protection Contact: Email: privacy@servi-link.com [PENDING: IF_APPOINTING_DPO - needs business decision] For users in Saudi Arabia, we have appointed [PENDING: KSA_REPRESENTATIVE_OR_NA - needs business decision] as our local representative in accordance with PDPL requirements.

We collect the following categories of personal data: INFORMATION YOU PROVIDE: • Account Information: Phone number (required for authentication), name, email address (optional) • Profile Information: Profile photo, service preferences, saved addresses • Communications: Messages exchanged with Providers or our support team, feedback, and reviews • Payment Information: Billing details processed through our payment provider (we do not store full card numbers) • Provider Verification Data: For service providers - identity documents (national ID, passport), professional licenses, trade certifications, business registration documents INFORMATION COLLECTED AUTOMATICALLY: • Device Information: Device type, operating system, unique device identifiers, mobile network information • Location Data: Precise GPS location (when you grant permission), IP-based approximate location • Usage Data: Features used, pages visited, actions taken, time and duration of use • Push Notification Tokens: For sending you notifications about your bookings INFORMATION FROM THIRD PARTIES: • Payment processors: Transaction confirmation and status • Identity verification services: Verification results for Providers SENSITIVE DATA: We collect sensitive personal data only when necessary: • Provider identity documents for verification purposes • Precise location data for service delivery We obtain explicit consent before collecting sensitive data and use it only for the stated purposes.

We process your personal data based on the following legal grounds: CONSENT: • Marketing communications and promotional offers • Precise location tracking • Processing of sensitive verification documents • Sharing data with third-party analytics providers You may withdraw consent at any time without affecting the lawfulness of prior processing. CONTRACT PERFORMANCE: • Creating and managing your account • Processing bookings and payments • Facilitating communication between Customers and Providers • Providing customer support LEGITIMATE INTERESTS: • Improving and optimizing our Platform • Preventing fraud and ensuring security • Enforcing our Terms of Service • Protecting users' safety LEGAL OBLIGATIONS: • Complying with tax and financial reporting requirements • Responding to lawful requests from authorities • Maintaining records as required by law

We use your personal data for the following purposes: SERVICE DELIVERY: • Create and manage your account • Process and fulfill booking requests • Match Customers with suitable Providers • Facilitate payments and payouts • Enable in-app communication PLATFORM IMPROVEMENT: • Analyze usage patterns and trends • Develop new features and services • Conduct research and analytics • Personalize your experience COMMUNICATIONS: • Send booking confirmations and updates • Deliver push notifications about your jobs • Respond to your inquiries and support requests • Send service announcements and updates • Marketing communications (with your consent) SAFETY AND SECURITY: • Verify Provider identities and qualifications • Detect and prevent fraud and abuse • Enforce our Terms of Service • Protect users' safety and security • Resolve disputes LEGAL COMPLIANCE: • Comply with applicable laws and regulations • Respond to legal requests and court orders • Protect our legal rights

We share your personal data only in the following circumstances: WITH OTHER USERS: • Customers see Provider profiles, ratings, and reviews • Providers see Customer name, location, and job details for accepted bookings • Chat messages are shared between the relevant Customer and Provider WITH SERVICE PROVIDERS: We share data with third-party companies that help us operate our Platform (see Section 6 for details). FOR LEGAL REASONS: We may disclose your information if required by law, court order, or government request, or to: • Protect the safety of any person • Prevent fraud or illegal activity • Protect our legal rights • Enforce our Terms of Service BUSINESS TRANSFERS: If ServiLink is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you of any such change. WITH YOUR CONSENT: We may share your data for other purposes with your explicit consent. WE DO NOT SELL YOUR PERSONAL DATA. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We use the following third-party services to operate our Platform: SUPABASE (Database & Authentication): • Purpose: Data storage, user authentication, real-time features • Data shared: Account data, bookings, messages • Location: EU (London, UK) • Privacy policy: https://supabase.com/privacy FIREBASE CLOUD MESSAGING (Push Notifications): • Purpose: Delivering push notifications • Data shared: Device tokens, notification content • Provider: Google LLC • Privacy policy: https://firebase.google.com/support/privacy EXPO PUSH NOTIFICATIONS: • Purpose: Push notification routing • Data shared: Device tokens • Privacy policy: https://expo.dev/privacy TAP PAYMENTS (Payment Processing): • Purpose: Processing payments securely • Data shared: Payment card details, billing information • Supports: Mada, Visa, Mastercard, Apple Pay • Privacy policy: https://www.tap.company/privacy All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

Your personal data is stored on servers located in the European Union (London, UK) operated by our service provider Supabase. DATA FLOWS: • Your data may be accessed by our team members located in [PENDING: TEAM_LOCATIONS - needs business decision] • Third-party service providers may process data in various locations (US, EU) SAFEGUARDS: When transferring data outside the GCC region, we implement appropriate safeguards including: • Standard Contractual Clauses (SCCs) approved by relevant authorities • Ensuring recipients provide adequate data protection • Obtaining your explicit consent where required SAUDI ARABIA USERS: In accordance with Saudi PDPL, cross-border transfers are made only to jurisdictions with adequate protection levels or with appropriate contractual safeguards. Transfers do not prejudice the national interests of the Kingdom. QATAR USERS: In accordance with Qatar PDPPL, we ensure adequate protection for data transferred outside Qatar through contractual measures and security safeguards. UAE USERS: Data transfers comply with UAE PDPL requirements, including appropriate technical and organizational measures.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected: ACTIVE ACCOUNTS: • Account data: Retained while your account is active • Booking history: 5 years after completion • Chat messages: 24 months after conversation ends • Payment records: 7 years (as required for tax/legal purposes) INACTIVE ACCOUNTS: • Accounts inactive for 24 months may be flagged for deletion • We will notify you before deleting an inactive account AFTER ACCOUNT DELETION: • Most data is deleted within 30 days • Some data may be retained longer for legal compliance, fraud prevention, or dispute resolution • Anonymized/aggregated data may be retained indefinitely for analytics PROVIDER VERIFICATION DOCUMENTS: • Retained while the Provider account is active • Deleted within 90 days of account closure • May be retained longer if required by law or ongoing disputes

We implement appropriate technical and organizational measures to protect your personal data: TECHNICAL MEASURES: • Encryption of data in transit (TLS/SSL) and at rest • Secure authentication via WhatsApp OTP • Regular security assessments and penetration testing • Access controls and authentication for our systems • Secure cloud infrastructure with industry-standard certifications ORGANIZATIONAL MEASURES: • Staff training on data protection • Access to personal data limited to authorized personnel • Confidentiality agreements with employees and contractors • Incident response procedures • Regular review of security practices DATA BREACH NOTIFICATION: In the event of a data breach that poses a risk to your rights and freedoms: • We will notify the relevant supervisory authority within 72 hours • We will notify affected users without undue delay if the breach is likely to result in high risk • Notifications will include the nature of the breach, likely consequences, and measures taken While we strive to protect your data, no method of transmission or storage is 100% secure. Please contact us immediately if you suspect any unauthorized access to your account.

Under applicable data protection laws, you have the following rights: RIGHT TO ACCESS: You can request a copy of the personal data we hold about you. RIGHT TO RECTIFICATION: You can request correction of inaccurate or incomplete data. RIGHT TO ERASURE: You can request deletion of your personal data, subject to legal retention requirements. RIGHT TO RESTRICT PROCESSING: You can request that we limit how we use your data in certain circumstances. RIGHT TO DATA PORTABILITY: You can request your data in a structured, commonly used, machine-readable format. RIGHT TO OBJECT: You can object to processing based on legitimate interests or for direct marketing. RIGHT TO WITHDRAW CONSENT: Where processing is based on consent, you can withdraw it at any time. HOW TO EXERCISE YOUR RIGHTS: • Through the app: Settings > Privacy > Manage My Data • By email: privacy@servi-link.com • We will respond within 30 days ACCOUNT DELETION: You can delete your account through the app or by contacting support. This will permanently remove your data subject to our retention policy. We may request verification of your identity before processing requests. Requests are free unless manifestly unfounded or excessive. COMPLAINTS: If you believe we have violated your data protection rights, you may lodge a complaint with: • Qatar: National Cyber Security Agency (NCSA) • Saudi Arabia: Saudi Data and Artificial Intelligence Authority (SDAIA) • UAE: UAE Data Office (once established) • Your local data protection authority

ServiLink is intended for users who are at least 18 years old. We do not knowingly collect personal data from anyone under 18 years of age. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@servi-link.com. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. Users must be 18 or older to create an account, and by creating an account, you represent and warrant that you meet this age requirement.

MOBILE APPLICATION: Our mobile app does not use cookies but may use similar technologies: • Device identifiers for analytics and push notifications • Local storage for app preferences and cached data WEBSITE: Our website uses cookies and similar technologies: ESSENTIAL COOKIES: • Required for website functionality • Cannot be disabled • Example: Session management, security ANALYTICS COOKIES: • Help us understand how visitors use our website • Can be disabled in your browser settings • We do not currently use third-party analytics cookies MARKETING COOKIES: • We do not use marketing cookies MANAGING COOKIES: You can control cookies through your browser settings. Disabling certain cookies may affect website functionality. DO NOT TRACK: Our Platform does not currently respond to "Do Not Track" browser signals.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. HOW WE NOTIFY YOU: • Material changes: Email notification and in-app notice at least 30 days before the changes take effect • Minor changes: Posted on this page with an updated "Last Updated" date Your continued use of the Platform after the effective date of changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Previous versions of this Privacy Policy are available upon request.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: ServiLink [PENDING: LEGAL_ENTITY_NAME - needs company registration] [PENDING: REGISTERED_ADDRESS - needs company registration] General Privacy Inquiries: privacy@servi-link.com Data Subject Requests: privacy@servi-link.com Support: support@servi-link.com [PENDING: IF_DPO_APPOINTED - needs business decision] We aim to respond to all inquiries within 5 business days.