ServiLink Legal

Privacy policy

Last updated: January 2026
Effective: May 15, 2026

Servi link house for services W.L.L. (“ServiLink,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the “Platform”).

This policy complies with Qatar’s Personal Data Privacy Protection Law (PDPPL), Saudi Arabia’s Personal Data Protection Law (PDPL), and other applicable data protection laws in the GCC region.

Please read this Privacy Policy carefully. By using our Platform, you consent to the collection and use of your information as described herein.

Data Controller

Servi link house for services W.L.L. is the data controller responsible for your personal data.

Registered Address:

Qatar

Commercial Registration: 241464

Data Protection Contact:

Email: privacy@servi-link.com

We have not appointed a Data Protection Officer; for privacy enquiries, contact privacy@servi-link.com.

For users in Saudi Arabia, we have not appointed a separate local representative; operations are managed from our Qatar headquarters.

Information We Collect

We collect the following categories of personal data:

INFORMATION YOU PROVIDE:

Account Information: Phone number (required for authentication), name, email address (optional)
Profile Information: Profile photo, service preferences, saved addresses
Communications: Messages exchanged with Providers or our support team, feedback, and reviews
Payment Information: Billing details processed through our payment provider (we do not store full card numbers)
Provider Verification Data: For service providers - identity documents (national ID, passport), professional licenses, trade certifications, business registration documents

INFORMATION COLLECTED AUTOMATICALLY:

Device Information: Device type, operating system, unique device identifiers, mobile network information
Location Data: Precise GPS location (when you grant permission), IP-based approximate location
Usage Data: Features used, pages visited, actions taken, time and duration of use
Push Notification Tokens: For sending you notifications about your bookings

INFORMATION FROM THIRD PARTIES:

Payment processors: Transaction confirmation and status
Identity verification services: Verification results for Providers

SENSITIVE DATA:

We collect sensitive personal data only when necessary:

Provider identity documents for verification purposes
Precise location data for service delivery

We obtain explicit consent before collecting sensitive data and use it only for the stated purposes.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

CONSENT:

Marketing communications and promotional offers
Precise location tracking
Processing of sensitive verification documents
Sharing data with third-party analytics providers

You may withdraw consent at any time without affecting the lawfulness of prior processing.

CONTRACT PERFORMANCE:

Creating and managing your account
Processing bookings and payments
Facilitating communication between Customers and Providers
Providing customer support

LEGITIMATE INTERESTS:

Improving and optimizing our Platform
Preventing fraud and ensuring security
Enforcing our Terms of Service
Protecting users’ safety

LEGAL OBLIGATIONS:

Complying with tax and financial reporting requirements
Responding to lawful requests from authorities
Maintaining records as required by law

How We Use Your Information

We use your personal data for the following purposes:

SERVICE DELIVERY:

Create and manage your account
Process and fulfill booking requests
Match Customers with suitable Providers
Facilitate payments and payouts
Enable in-app communication

PLATFORM IMPROVEMENT:

Analyze usage patterns and trends
Develop new features and services
Conduct research and analytics
Personalize your experience

COMMUNICATIONS:

Send booking confirmations and updates
Deliver push notifications about your jobs
Respond to your inquiries and support requests
Send service announcements and updates
Marketing communications (with your consent)

SAFETY AND SECURITY:

Verify Provider identities and qualifications
Detect and prevent fraud and abuse
Enforce our Terms of Service
Protect users’ safety and security
Resolve disputes

LEGAL COMPLIANCE:

Comply with applicable laws and regulations
Respond to legal requests and court orders
Protect our legal rights

We share your personal data only in the following circumstances:

WITH OTHER USERS:

Customers see Provider profiles, ratings, and reviews
Providers see Customer name, location, and job details for accepted bookings
Chat messages are shared between the relevant Customer and Provider

WITH SERVICE PROVIDERS:

We share data with third-party companies that help us operate our Platform (see Section 6 for details).

FOR LEGAL REASONS:

We may disclose your information if required by law, court order, or government request, or to:

Protect the safety of any person
Prevent fraud or illegal activity
Protect our legal rights
Enforce our Terms of Service

BUSINESS TRANSFERS:

If ServiLink is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you of any such change.

WITH YOUR CONSENT:

We may share your data for other purposes with your explicit consent.

WE DO NOT SELL YOUR PERSONAL DATA.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

Third-Party Services

We use the following third-party services to operate our Platform:

SUPABASE (Database & Authentication):

Purpose: Data storage, user authentication, real-time features
Data shared: Account data, bookings, messages
Location: EU (London, UK)
Privacy policy: https://supabase.com/privacy

FIREBASE CLOUD MESSAGING (Push Notifications):

Purpose: Delivering push notifications
Data shared: Device tokens, notification content
Provider: Google LLC
Privacy policy: https://firebase.google.com/support/privacy

EXPO PUSH NOTIFICATIONS:

Purpose: Push notification routing
Data shared: Device tokens
Privacy policy: https://expo.dev/privacy

TAP PAYMENTS (Payment Processing):

Purpose: Processing payments securely
Data shared: Payment card details, billing information
Supports: Mada, Visa, Mastercard, Apple Pay
Privacy policy: https://www.tap.company/privacy

HETZNER (Server Infrastructure):

Purpose: Hosting our application servers and processing platform requests
Data shared: Account data, bookings, messages routed through our APIs
Provider: Hetzner Online GmbH, Germany
Privacy policy: https://www.hetzner.com/legal/privacy-policy

UNIFONIC (OTP Authentication via SMS and WhatsApp):

Purpose: Delivering one-time passwords (OTP) via SMS and WhatsApp for phone verification
Data shared: Phone numbers, OTP delivery metadata
Provider: Unifonic Inc., Saudi Arabia
Privacy policy: https://www.unifonic.com/privacy-policy

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

International Data Transfers

Your personal data is stored on servers located in the European Union (London, UK) operated by our service provider Supabase.

DATA FLOWS:

Your data may be accessed by our team members located in Qatar
Third-party service providers may process data in various locations (US, EU)

SAFEGUARDS:

When transferring data outside the GCC region, we implement appropriate safeguards including:

Standard Contractual Clauses (SCCs) approved by relevant authorities
Ensuring recipients provide adequate data protection
Obtaining your explicit consent where required

SAUDI ARABIA USERS:

In accordance with Saudi PDPL, cross-border transfers are made only to jurisdictions with adequate protection levels or with appropriate contractual safeguards. Transfers do not prejudice the national interests of the Kingdom.

QATAR USERS:

In accordance with Qatar PDPPL, we ensure adequate protection for data transferred outside Qatar through contractual measures and security safeguards.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

ACTIVE ACCOUNTS:

Account data: Retained while your account is active
Booking history: 5 years after completion
Chat messages: 24 months after conversation ends
Payment records: 7 years (as required for tax/legal purposes)

INACTIVE ACCOUNTS:

Accounts inactive for 24 months may be flagged for deletion
We will notify you before deleting an inactive account

AFTER ACCOUNT DELETION:

Most data is deleted within 30 days
Some data may be retained longer for legal compliance, fraud prevention, or dispute resolution
Anonymized/aggregated data may be retained indefinitely for analytics

PROVIDER VERIFICATION DOCUMENTS:

Retained while the Provider account is active
Deleted within 90 days of account closure
May be retained longer if required by law or ongoing disputes

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

TECHNICAL MEASURES:

Encryption of data in transit (TLS/SSL) and at rest
Secure authentication via OTP (SMS or WhatsApp)
Regular security assessments and penetration testing
Access controls and authentication for our systems
Secure cloud infrastructure with industry-standard certifications

ORGANIZATIONAL MEASURES:

Staff training on data protection
Access to personal data limited to authorized personnel
Confidentiality agreements with employees and contractors
Incident response procedures
Regular review of security practices

DATA BREACH NOTIFICATION:

In the event of a data breach that poses a risk to your rights and freedoms:

We will notify the relevant supervisory authority within 72 hours
We will notify affected users without undue delay if the breach is likely to result in high risk
Notifications will include the nature of the breach, likely consequences, and measures taken

While we strive to protect your data, no method of transmission or storage is 100% secure. Please contact us immediately if you suspect any unauthorized access to your account.

Your Rights

Under applicable data protection laws, you have the following rights:

RIGHT TO ACCESS:

You can request a copy of the personal data we hold about you.

RIGHT TO RECTIFICATION:

You can request correction of inaccurate or incomplete data.

RIGHT TO ERASURE:

You can request deletion of your personal data, subject to legal retention requirements.

RIGHT TO RESTRICT PROCESSING:

You can request that we limit how we use your data in certain circumstances.

RIGHT TO DATA PORTABILITY:

You can request your data in a structured, commonly used, machine-readable format.

RIGHT TO OBJECT:

You can object to processing based on legitimate interests or for direct marketing.

RIGHT TO WITHDRAW CONSENT:

Where processing is based on consent, you can withdraw it at any time.

HOW TO EXERCISE YOUR RIGHTS:

Through the app: Settings > Privacy > Manage My Data
By email: privacy@servi-link.com
We will respond within 30 days

ACCOUNT DELETION:

You can delete your account through the app or by contacting support. This will permanently remove your data subject to our retention policy.

We may request verification of your identity before processing requests. Requests are free unless manifestly unfounded or excessive.

COMPLAINTS:

If you believe we have violated your data protection rights, you may lodge a complaint with:

Qatar: National Cyber Security Agency (NCSA)
Saudi Arabia: Saudi Data and Artificial Intelligence Authority (SDAIA)
Your local data protection authority

Children’s Privacy

ServiLink is intended for users who are at least 18 years old. We do not knowingly collect personal data from anyone under 18 years of age.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@servi-link.com. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly.

Users must be 18 or older to create an account, and by creating an account, you represent and warrant that you meet this age requirement.

Cookies and Tracking Technologies

MOBILE APPLICATION:

Our mobile app does not use cookies but may use similar technologies:

Device identifiers for analytics and push notifications
Local storage for app preferences and cached data

WEBSITE:

Our website uses cookies and similar technologies:

ESSENTIAL COOKIES:

Required for website functionality
Cannot be disabled
Example: Session management, security

ANALYTICS COOKIES:

Help us understand how visitors use our website
Can be disabled in your browser settings
We do not currently use third-party analytics cookies

MARKETING COOKIES:

We do not use marketing cookies

MANAGING COOKIES:

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

DO NOT TRACK:

Our Platform does not currently respond to “Do Not Track” browser signals.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

HOW WE NOTIFY YOU:

Material changes: Email notification and in-app notice at least 30 days before the changes take effect
Minor changes: Posted on this page with an updated “Last Updated” date

Your continued use of the Platform after the effective date of changes constitutes acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

Previous versions of this Privacy Policy are available upon request.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Servi link house for services W.L.L.

Qatar

General Privacy Inquiries:

privacy@servi-link.com

Data Subject Requests: