Privacy Policy
Al-Jami' (الجميع)
Last updated: [●] July 2026
This Privacy Policy explains how Al-Jami' LLC, a company incorporated in the Qatar Financial Centre ("QFC") under licence number [●], with its registered office at [●], Doha, Qatar ("Al-Jami'", "we", "us", "our"), collects, uses, and protects personal data in connection with the Al-Jami' platform at aljami.io (the "Platform").
Al-Jami' processes personal data in accordance with the QFC Data Protection Regulations 2021 and, where applicable, other data protection laws of the State of Qatar.
The Platform is a business-to-business service. Most information we handle relates to companies — but it includes personal data of the individuals who represent them, and this Policy covers that data.
1. Data We Collect
Account data (Seekers and Providers)
- Name, business email address, password (stored as a secure hash — we never store your actual password)
- Company name, role, and business phone number
Provider verification data
- Commercial Registration (CR) number and Trade Licence documents
- Establishment Card documents
- Owner's full name and Qatar ID (QID) number
- Office address, business contact details, VAT number (if provided), years in business
Profile and listing content
- Service descriptions, pricing information, team member details (names, roles, and — where the Provider chooses to add them — photos, LinkedIn profiles, bios, and emails)
Communications
- Enquiries and messages sent between Seekers and Providers through the Platform (see Section 4)
- Correspondence with our support and admin team
Technical data
- IP address, browser and device information, and security signals (including bot-protection verification via Cloudflare Turnstile)
- Usage logs necessary to operate, secure, and improve the Platform
We do not knowingly collect data from individuals under 18, and the Platform is not directed at consumers.
2. Why We Process This Data
We use personal data to:
- Operate the Platform — create and manage accounts, publish listings, and deliver enquiries and messages between users
- Verify Providers — review CR, Trade Licence, and related documents so that listings carry genuine, checkable credentials; this verification is central to the service
- Protect the Platform and its users — prevent fraud, abuse, bot activity, and unauthorised access; enforce rate limits and account security
- Communicate with you — service emails such as verification status, enquiry notifications, and important account or policy updates
- Comply with legal obligations — including obligations under QFC regulations and applicable Qatari law
- Improve the service — aggregate, non-identifying usage analysis
We do not sell personal data. We do not use verification documents for any purpose other than verification, compliance, and record-keeping.
3. Verification Documents & Qatar ID
Verification documents (CR, Trade Licence, Establishment Card) and owner QID numbers are sensitive business-identity data. We treat them with elevated protection:
- Documents are stored in private cloud storage and are not publicly accessible
- Access is via time-limited signed links available only to authorised Al-Jami' administrators for review purposes
- These documents are never displayed on public profiles and are never shared with other Platform users
- QID numbers are collected solely to confirm ownership identity during verification
4. Messages Between Seekers and Providers
Enquiries and messages exchanged through the Platform are a core part of the service, and we want to be transparent about exactly how they are handled:
- Who can see your messages. A message you send is visible to the Seeker or Provider you send it to, and to authorised Al-Jami' personnel.
- How they are protected. Messages are encrypted in transit (HTTPS/TLS) and encrypted at rest on our database infrastructure.
- They are not end-to-end encrypted. Platform communications are mediated by design: authorised Al-Jami' personnel are able to access message content where necessary to moderate abuse or spam, investigate complaints, resolve disputes about Platform use, maintain the quality and safety of the marketplace, and comply with legal obligations. We do not monitor conversations routinely, and access is limited to these purposes.
- What not to send through Platform chat. Please do not share passwords, payment card details, banking credentials, or highly confidential commercial material through Platform messages. Once a business relationship is established, sensitive exchanges should move to your own direct, contracted channels.
5. Who We Share Data With
We share data only as needed to run the Platform:
Service providers (data processors) acting under our instructions:
- Cloud hosting and database infrastructure (Railway, Vercel, MongoDB Atlas)
- Secure document storage (Cloudinary — private storage with signed access)
- Email delivery (SendGrid, Microsoft 365)
- Security and network services (Cloudflare, including Turnstile bot protection)
Other Platform users — only the content you choose to publish or send: your public profile and listing information is visible to Platform visitors, and your enquiry messages are visible to the Provider or Seeker you send them to. Verification documents are never shared this way.
Legal and regulatory — where required by law, regulation, court order, or a request from a competent authority (including QFC authorities), or where necessary to protect the rights, safety, or property of Al-Jami' or its users.
Business transfers — if Al-Jami' is involved in a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction, subject to equivalent protections.
Some of our service providers process data on servers located outside Qatar. Where personal data is transferred internationally, we take steps to ensure it receives an adequate level of protection consistent with the QFC Data Protection Regulations.
6. How Long We Keep Data
- Account and profile data — for as long as your account is active, and for a reasonable period afterwards to handle queries and meet legal obligations
- Verification documents — for the duration of the Provider's listing and any period required for regulatory record-keeping, after which they are deleted from active storage
- Communications — retained while relevant to the active relationship between the parties and for dispute-resolution and abuse-prevention purposes
- Security logs — retained for a limited period consistent with their security purpose
When data is no longer needed, we delete it or irreversibly anonymise it.
7. How We Protect Data
We apply technical and organisational measures appropriate to the sensitivity of the data, including:
- Encryption of data in transit (HTTPS/TLS across the Platform) and encryption at rest on our database and storage infrastructure
- Passwords stored only as secure cryptographic hashes
- Private, non-public document storage with expiring signed access links
- Multi-factor authentication and strict access controls on administrative systems
- Rate limiting, bot protection, account lockout, and monitoring against unauthorised access
No system can be guaranteed absolutely secure, but protecting the data entrusted to us — particularly verification documents — is a core design principle of the Platform.
8. Your Rights
Under the QFC Data Protection Regulations, you have rights regarding your personal data, including the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your data, subject to legal and legitimate retention requirements
- Object to or restrict certain processing
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at [privacy@aljami.io]. We will respond within the timeframes required by applicable regulations. You also have the right to lodge a complaint with the QFC Data Protection Office if you believe your data has been mishandled.
Providers can update most profile information directly through their dashboard. Changes to verification-locked fields (company name, categories, verification documents) can be requested through the Platform's edit-request process.
9. Cookies & Similar Technologies
The Platform uses strictly necessary cookies and similar technologies for authentication (keeping you signed in securely), security (including Cloudflare Turnstile verification), and core functionality. We do not use third-party advertising cookies.
10. Changes to This Policy
We may update this Policy from time to time. Material changes will be notified through the Platform or by email, and the "Last updated" date will be revised.
11. Contact
For any questions about this Policy or how your data is handled:
Al-Jami' LLC
Qatar Financial Centre, Doha, Qatar
Email: [privacy@aljami.io]