Privacy Policy

Effective: 2026-05-24

This Policy explains how ETapri processes personal data on behalf of merchants ("controllers") and as a controller for its own merchant accounts.

1. Data we collect

Merchant data: name, email, phone, store details, KYC documents (trade licence, ID, IBAN, VAT certificate), payment processor metadata.

End-customer data (processed for merchants): name, contact details, shipping address, order history, IP address, device info.

Usage data: logs, cookies, analytics required to operate and secure the Platform.

2. How we use data

Provide and improve the Services, process payments, prevent fraud, comply with KYC/AML obligations, and send transactional emails. We do not sell personal data.

3. Sharing

We share data with: payment processors (MyFatoorah, Stripe), cloud infrastructure (Lovable Cloud), delivery providers chosen by the merchant, and authorities when required by law.

4. Retention

We retain merchant KYC for the duration of the relationship plus 5 years to meet GCC AML obligations. Customer order data follows the merchant's retention configuration, with a default of 5 years.

5. Your rights

You may request access, correction, deletion or export of your data by emailing privacy@etapri.shop. End-customers should contact the relevant merchant first.

6. Security

Encrypted-in-transit (TLS) and at-rest (AES-256). Payment credentials are additionally encrypted with AES-256-GCM using a server-side key. Access is restricted via row-level security and the principle of least privilege.

7. International transfers

Data may be processed in the UAE, EU and US by our sub-processors under appropriate safeguards.

If you have questions, contact us at legal@etapri.shop.