Legal

Privacy Policy

Effective: date on publicationLast updated: date on publication
This policy is aligned with the UAE PDPL and your Apple App Privacy label. Items highlighted like this are company-specific details that must be completed by Tidii or UAE-qualified counsel before publishing. This is not legal advice.

This Privacy Policy explains how Tidii collects, uses, shares, and protects your personal data when you use the Tidii mobile application and related services (the "Service"). It is written to comply with Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "UAE PDPL") and, where applicable, the Consumer Protection Federal Law No. 15 of 2020 and Cabinet Decision No. 66 of 2023. Please read it together with our Terms of Service.

1. Who we are (Controller)

Tidii ("Tidii", "we", "us", "our") is the data controller responsible for the personal data described in this policy. Tidii is a first-party provider of car-wash and vehicle-care services — we are responsible for the services you book through the app, not merely a marketplace.

  • Legal entity name: registered legal name
  • Trade licence number: trade-licence number
  • Registered address: registered address
  • Privacy / data-protection contact: [email protected]

2. The personal data we collect

We collect only the data we need to provide and improve the Service:

  • Name — the profile name you provide.
  • Phone number — used to send and verify one-time passcodes (OTP) delivered by WhatsApp and/or SMS, and to send service-related communications about your bookings.
  • Vehicle details — the make, model, colour, and number plate of your vehicle(s) so our technician can service the correct car.
  • Address and precise live location — your saved service addresses, and your device's precise GPS location used only in the foreground while a booking is active, to route the technician to you. We do not collect location in the background or when no booking is in progress.
  • Booking history — your past, current, and upcoming bookings and their status.
  • Device, IP, and usage data — technical information used for security, fraud prevention, diagnostics, and reliability.
  • Payment data — card details are entered into and processed by our payment providers (Stripe, Telr, Tabby). Tidii does not store your full card number — only payment tokens, references, and the last four digits / card brand returned to us.

We do not collect special categories of data, and we do not ask for more than is necessary.

3. Why we use your data, and our lawful basis (PDPL Art. 4)

  • Providing the Service — account, bookings, technician routing, vehicles and addresses. Basis: performance of our contract with you.
  • Processing payments — taking payment, charging saved methods for subscriptions, refunds, wash credits. Basis: performance of our contract.
  • Transactional communications — OTP codes and booking/payment notifications you need to use the Service. Basis: contract / legal obligation.
  • Security, fraud prevention, reliability — protecting your account and the Service. Basis: our legitimate interests, balanced against your rights.
  • Legal and regulatory obligations — retaining records where UAE law requires. Basis: legal obligation.
  • Optional marketing — offers and updates only where you opt in. Basis: your consent.

4. Consent — and how to withdraw it

We keep transactional and OTP messages (required to operate your account) separate from marketing messages (entirely optional). Your marketing consent is granular and revocable — opting out has no effect on your ability to use the Service. Withdraw it anytime via the unsubscribe control, your in-app notification preferences, or by contacting us.

5. Live location

Tidii's use of your location matches the iOS "While Using the App" permission: foreground-only and active-booking-only. We use precise location solely to route your technician to you while your booking is in progress, and stop once it's complete. We never track your location in the background. You can revoke access in iOS Settings at any time.

6. Who we share your data with (Processors)

We share data only with the providers we rely on to operate the Service, each under a data-processing agreement:

  • Supabase — authentication, database, and file storage (including profile photos).
  • Stripe — subscription billing and card payment processing.
  • Telr — card payment processing.
  • Tabby — "buy now, pay later" instalment payments.
  • Apple / APNs — delivering push notifications.
  • Twilio — delivering OTP codes by WhatsApp and SMS.
  • Sentry — error and crash monitoring.

We do not sell your personal data. We may disclose data where required by law, to enforce our Terms, or to protect the rights, safety, or property of Tidii, our users, or the public.

7. International transfers (PDPL Art. 22)

Some processors operate or store data outside the UAE. Where we transfer your data abroad, we do so under Article 22 of the UAE PDPL, relying on appropriate safeguards — an adequate jurisdiction or contractual data-protection terms consistent with the PDPL.

8. Your rights

Subject to the UAE PDPL, you have the right to access, rectify, erase (including by deleting your account in the app), restrict or object to certain processing, port your data, and withdraw consent. Exercise these in the app where the control exists, or by contacting us. We respond within 30 days and may need to verify your identity first.

9. Retention

We keep account, profile, vehicle and address data while your account is active; booking and payment records for the duration of your relationship with us and any period required for disputes, refunds, or legal/tax obligations; and diagnostic/security logs for a limited, proportionate period. When you delete your account, your personal data is hard-deleted, except minimal records retained only where UAE law requires — at the date of this draft, no such retention applies. The in-app delete confirmation tells you what is removed before you confirm. You can also start deletion from our account deletion page.

10. Security

We protect your data using technical and organisational measures appropriate to the risk — encryption in transit and, where applicable, at rest, access controls, and monitoring. Card payments rely on our providers' PCI-DSS compliance; Tidii does not store full card numbers. No system is perfectly secure, but we work to protect your data and respond quickly to issues.

11. Breach notification (PDPL Art. 9)

If a personal-data breach occurs that is likely to prejudice your privacy, confidentiality or security, we will notify the relevant regulator, and affected users where required, without undue delay, describing the breach, its likely consequences, and our response.

12. Children

Tidii is intended for users aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.

13. Apple App Privacy label

This policy is aligned with the data categories disclosed on Tidii's Apple App Store privacy label. If the label and this policy ever appear to differ, this policy governs how we actually handle your data, and we will correct the inconsistency.

14. Cookies and SDKs

The Tidii app does not use advertising cookies. It includes the SDKs of the processors named in Section 6, used only for the purposes described here. Any web pages we operate may use strictly necessary cookies to function.

15. Changes to this policy

We may update this policy from time to time. For a material change we will update the Effective date and notify you in the app or by another appropriate means before it takes effect.

16. Governing law

This policy is governed by the laws of the United Arab Emirates, including Federal Decree-Law No. 45 of 2021 (the UAE PDPL), and any dispute is subject to the jurisdiction of the Courts of Dubai. If Tidii is licensed in a financial free zone (DIFC or ADGM) rather than mainland Dubai, the data-protection law of that free zone applies instead. Confirm Tidii's licensing jurisdiction — mainland Dubai vs DIFC/ADGM — and adjust accordingly.

Questions about this policy? Contact [email protected].