YALLAHSIR PRIVACY POLICY
Last Updated: January 10, 2026
Effective Date: January 10, 2026
Table of Contents
1. Introduction and Scope
2. Data Controller Information
3. Types of Personal Data We Collect
4. How We Collect Your Personal Data
5. Legal Basis for Processing Personal Data
6. How We Use Your Personal Data
7. Data Sharing and Disclosure
8. International Data Transfers
9. Data Retention and Storage
10. Your Privacy Rights Under GDPR
11. Cookies and Tracking Technologies
12. Security Measures
13. Data Breach Notification
14. Children's Privacy
15. Marketing Communications and Opt-Out
16. Third-Party Services and Links
17. Changes to This Privacy Policy
18. Contact Information and Data Protection Officer
1. INTRODUCTION AND SCOPE
1.1 Our Commitment to Privacy
YallahSir Ltd ("YallahSir," "we," "us," "our") is committed to protecting your privacy and
ensuring the security of your personal data. This Privacy Policy explains how we collect,
use, store, share and protect your personal information when you use the YallahSir
Platform.
1.2 Scope of This Policy
This Privacy Policy applies to:
All Users and Drivers who create accounts on the Platform
Visitors to our website and mobile application
Anyone who communicates with us via email, phone or other channels
Personal data collected through bookings, payments and platform interactions
1.3 Acceptance
By using the YallahSir Platform, you acknowledge that you have read, understood and
agreed to this Privacy Policy. If you do not agree, please do not use our Platform.
1.4 Compliance with Data Protection Laws
We comply with:
General Data Protection Regulation (GDPR) - EU Regulation 2016/679
Irish Data Protection Act 2018
UK Data Protection Act 2018 (for UK users)
Other applicable national and international data protection laws
2. DATA CONTROLLER INFORMATION
2.1 Identity of Data Controller
The data controller responsible for your personal data is:
YallahSir Ltd
A company registered in the Republic of Ireland
Contact Email: privacy@yallahsir.com
Data Protection Email: dpo@yallahsir.com
2.2 Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing
questions in relation to this Privacy Policy and our data protection practices.
Data Protection Officer Contact:
Email: dpo@yallahsir.com
3. TYPES OF PERSONAL DATA WE COLLECT
We collect and process the following categories of personal data:
3.1 Account and Identity Information
Full legal name
Email address
Mobile phone number
Date of birth
Residential or business address
Username and password (encrypted)
Profile photograph (optional)
Government-issued identification (passport, ID card, driving licence)
Proof of address documents
3.2 Driver-Specific Information
For Drivers who offer Transport Services, we collect:
Driving licence number and expiry date
Vehicle registration details
Professional transport operator licence (if applicable)
Insurance policy details and coverage
Tax identification number
Business registration documents
Criminal background check results (where legally permitted)
Bank account and payment details
3.3 Transaction and Payment Information
Payment card details (securely processed by third-party payment providers)
Bank account details (for payouts to Drivers)
Transaction history and invoices
Booking details (collection and delivery addresses, shipment descriptions, pricing)
Payment status and disputes
3.4 Location and Tracking Data
GPS location data (when Driver shares location during active shipments)
IP address and device location
Collection and delivery addresses
Route and travel history
3.5 Communications and User Content
Messages exchanged between Users and Drivers via the Platform
Customer support communications (emails, chat logs, phone call recordings)
Reviews and ratings posted by Users and Drivers
Feedback and complaints
Photographs of shipments, proof of delivery, damage reports
3.6 Technical and Usage Data
Device information (device type, operating system, browser type)
IP address and geolocation
Platform usage data (pages viewed, features used, time spent)
Cookies and similar tracking technologies
Log files and error reports
3.7 Marketing and Preferences
Marketing communication preferences (opt-in/opt-out status)
Language and currency preferences
Notification settings
4. HOW WE COLLECT YOUR PERSONAL DATA
We collect personal data through the following methods:
4.1 Information You Provide Directly
When you create an account on the Platform
When you complete your profile or verify your identity
When you book or offer Transport Services
When you upload documents, photos or other content
When you contact customer support
When you participate in surveys, promotions or feedback requests
4.2 Information Collected Automatically
Device and browser information through cookies and similar technologies
Usage data and analytics (pages visited, features used, interactions)
Location data (when you enable location services on your device)
IP address and network information
4.3 Information from Third Parties
We may receive personal data from:
Identity verification providers (for KYC and background checks)
Payment processors (transaction details, fraud detection)
Credit reference agencies (for Driver verification)
Public databases and registers (sanctions screening, company registries)
Social media platforms (if you choose to link your social media account)
4.4 Information from Other Users
Reviews and ratings posted by other Users or Drivers
Dispute complaints and evidence submitted by counterparties
Referrals from existing Users
5. LEGAL BASIS FOR PROCESSING PERSONAL DATA
Under GDPR, we process your personal data based on the following legal grounds:
5.1 Contract Performance (Article 6(1)(b) GDPR)
Processing is necessary to:
Create and manage your account
Facilitate bookings and transactions between Users and Drivers
Process payments and invoices
Provide customer support and resolve disputes
Enforce our Terms and Conditions
5.2 Legal Obligation (Article 6(1)(c) GDPR)
Processing is required to comply with:
Tax and accounting regulations
Anti-money laundering (AML) and counter-terrorist financing (CTF) laws
Sanctions screening and fraud prevention obligations
Data retention requirements for financial records
Court orders, legal proceedings and law enforcement requests
5.3 Legitimate Interests (Article 6(1)(f) GDPR)
We process data based on our legitimate interests to:
Prevent fraud, abuse and security threats
Improve Platform functionality and user experience
Conduct data analytics and market research
Send service-related notifications (non-marketing)
Enforce intellectual property rights and Platform policies
We balance these interests against your privacy rights and will not process data in ways
that override your fundamental rights.
5.4 Consent (Article 6(1)(a) GDPR)
For certain processing activities, we rely on your explicit consent:
Marketing communications (promotional emails, SMS, push notifications)
Optional location tracking and GPS sharing
Linking social media accounts
Participation in surveys and feedback programs
You may withdraw consent at any time without affecting the lawfulness of processing
based on consent before withdrawal.
5.5 Vital Interests (Article 6(1)(d) GDPR)
In rare cases, processing may be necessary to protect your life or the life of another person
(e.g., emergency medical situations during transport).
6. HOW WE USE YOUR PERSONAL DATA
We use your personal data for the following purposes:
6.1 Platform Services and Account Management
Creating, maintaining and securing your account
Verifying your identity and conducting background checks
Enabling Users and Drivers to discover, communicate and transact
Facilitating bookings, tracking and proof of delivery
Processing payments and distributing funds
6.2 Customer Support and Dispute Resolution
Responding to inquiries, complaints and support requests
Investigating disputes between Users and Drivers
Providing non-binding mediation and recommendations
Collecting evidence and facilitating communication
6.3 Safety, Security and Fraud Prevention
Detecting and preventing fraudulent activity, chargebacks and abuse
Monitoring for suspicious patterns and prohibited items
Conducting sanctions screening and watchlist checks
Investigating security incidents and breaches
Enforcing Platform policies and Terms and Conditions
6.4 Legal Compliance and Law Enforcement
Complying with tax, accounting and financial reporting obligations
Responding to court orders, subpoenas and legal requests
Cooperating with law enforcement investigations
Defending against legal claims and proceedings
Reporting suspected criminal activity to authorities
6.5 Platform Improvement and Analytics
Analyzing usage patterns and user behavior
Improving Platform functionality, design and user experience
Conducting research and development of new features
Testing and optimizing performance and security
Generating aggregated, anonymized statistics
6.6 Marketing and Communications (with Consent)
Sending promotional emails, SMS and push notifications about new features, offers
and updates
Personalizing marketing content based on your preferences and activity
Conducting surveys and feedback requests
Informing you about referral programs and incentives
You may opt out of marketing communications at any time.
7. DATA SHARING AND DISCLOSURE
We share your personal data with the following categories of recipients:
7.1 Between Users and Drivers
When you book or offer Transport Services:
Users can see: Driver name, profile photo, ratings, vehicle details, approximate
location (during active shipments)
Drivers can see: User name, contact information, collection and delivery addresses,
shipment details
This sharing is necessary to facilitate the transport contract between User and Driver.
7.2 Payment Processors and Financial Institutions
We share payment information with:
Payment service providers (Stripe, PayPal, etc.) to process transactions
Banks and card networks to facilitate payments and payouts
Fraud detection services to prevent fraudulent transactions
These third parties process payment data under their own privacy policies and security
standards (PCI-DSS compliance).
7.3 Identity Verification and Background Check Providers
We share identity documents with:
KYC (Know Your Customer) verification services to confirm identity
Background check providers to screen Drivers for criminal records (where legally
permitted)
Sanctions screening services to ensure compliance with AML/CTF regulations
7.4 Cloud Hosting and IT Service Providers
We use third-party infrastructure and services to host, store and process data:
Cloud storage providers (AWS, Google Cloud, Microsoft Azure)
Database and server hosting services
Analytics and monitoring tools
Customer support platforms (Zendesk, Intercom, etc.)
These providers operate under strict data processing agreements and security standards.
7.5 Law Enforcement and Regulatory Authorities
We may disclose personal data to:
Police, customs and border control agencies (for investigations)
Tax authorities (for tax compliance and reporting)
Courts and arbitrators (in legal proceedings)
Regulatory bodies (for compliance audits and investigations)
National security agencies (when legally required)
7.6 Legal and Professional Advisors
We may share data with:
Lawyers and legal counsel (for legal advice and representation)
Accountants and auditors (for financial reporting and compliance)
Insurance providers (for claims and risk management)
7.7 Business Transfers and Acquisitions
In the event of a merger, acquisition, sale of assets or insolvency:
Your personal data may be transferred to the acquiring entity
We will notify you of any change in data controller
Your privacy rights will continue to be protected under applicable law
7.8 Aggregated and Anonymized Data
We may share aggregated, anonymized data that cannot identify individuals:
Industry reports and statistics
Research publications and academic studies
Marketing and promotional materials
8. INTERNATIONAL DATA TRANSFERS
8.1 Cross-Border Transfers
The YallahSir Platform operates across multiple countries. Your personal data may be
transferred to and processed in countries outside the European Economic Area (EEA),
including:
Morocco, Algeria, Tunisia (North Africa)
United States (cloud hosting providers)
Other jurisdictions where our service providers operate
8.2 Safeguards for International Transfers
When we transfer personal data outside the EEA, we ensure adequate protection through:
(a) European Commission Adequacy Decisions
Transfers to countries recognized by the EU as providing adequate data protection (e.g., UK,
Switzerland, Canada).
(b) Standard Contractual Clauses (SCCs)
We use EU-approved Standard Contractual Clauses with third-party processors in countries
without adequacy decisions.
(c) Binding Corporate Rules
For transfers within multinational organizations that have approved BCRs.
(d) Derogations for Specific Situations
In limited cases, transfers may occur based on:
Your explicit consent
Performance of a contract between you and a third party
Important public interest grounds
Legal claims or proceedings
8.3 Your Rights Regarding International Transfers
You have the right to:
Request information about safeguards in place for international transfers
Object to transfers in certain circumstances
Withdraw consent (if transfer is based on consent)
Contact our Data Protection Officer for more information: dpo@yallahsir.com
9. DATA RETENTION AND STORAGE
9.1 Retention Periods
We retain your personal data for as long as necessary to fulfill the purposes outlined in this
Privacy Policy and comply with legal obligations.
Retention Schedule:
Data Category
Retention Period
Legal Basis
Account information
(active accounts)
Duration of account +
1 year
Contract
performance
Transaction and
payment records
7 years from
transaction date
Tax and accounting
laws (Ireland)
Identity verification
documents
5 years from account
closure
AML/CTF regulations
Communications
and support logs
3 years from last
interaction
Legitimate interests
(dispute resolution)
Marketing
communications
data
Until consent
withdrawn + 6
months
Consent / legitimate
interests
GPS and location
data
30 days from
shipment completion
Contract
performance
Reviews and ratings
Indefinitely (unless
removal requested)
Legitimate interests
(trust and safety)
Anonymized
analytics data
Indefinitely
No personal data
9.2 Account Deletion
When you close your account or request deletion:
We will delete or anonymize personal data that is no longer required
We may retain certain data for legal compliance (tax records, fraud prevention)
Data subject to legal holds or ongoing investigations will be retained until resolved
9.3 Inactive Accounts
Accounts inactive for 6+ months may be suspended. Accounts inactive for 2+ years may be
deleted, subject to legal retention requirements.
9.4 Storage Location
Your data is stored on secure servers located in:
European Union (primary data center)
Ireland (local data storage)
Backup servers in EEA-compliant jurisdictions
10. YOUR PRIVACY RIGHTS UNDER GDPR
As a data subject under GDPR, you have the following rights:
10.1 Right of Access (Article 15 GDPR)
You have the right to request:
Confirmation of whether we process your personal data
A copy of your personal data
Information about processing purposes, categories, recipients and retention periods
How to exercise: Email dpo@yallahsir.com with subject line "Data Access Request"
Response time: Within 1 month (may be extended by 2 months for complex requests)
10.2 Right to Rectification (Article 16 GDPR)
You have the right to:
Correct inaccurate personal data
Complete incomplete personal data
How to exercise: Update your profile directly on the Platform or email dpo@yallahsir.com
10.3 Right to Erasure ("Right to be Forgotten") (Article 17 GDPR)
You have the right to request deletion of your personal data when:
Data is no longer necessary for the purposes collected
You withdraw consent (where processing is based on consent)
You object to processing (and no overriding legitimate grounds exist)
Data has been unlawfully processed
Deletion is required for legal compliance
Exceptions: We may refuse erasure if data is required for:
Legal compliance (tax, accounting, AML/CTF)
Legal claims or proceedings
Public interest or scientific research
How to exercise: Email dpo@yallahsir.com with subject line "Erasure Request"
10.4 Right to Restriction of Processing (Article 18 GDPR)
You have the right to request restriction (but not deletion) when:
You contest the accuracy of data (restriction during verification)
Processing is unlawful but you prefer restriction over erasure
We no longer need the data but you need it for legal claims
You have objected to processing (restriction pending verification)
How to exercise: Email dpo@yallahsir.com with subject line "Restriction Request"
10.5 Right to Data Portability (Article 20 GDPR)
You have the right to:
Receive your personal data in a structured, machine-readable format (e.g., CSV, JSON)
Request direct transfer to another data controller (where technically feasible)
Applies to: Data provided by you and processed based on consent or contract
performance
How to exercise: Email dpo@yallahsir.com with subject line "Data Portability Request"
10.6 Right to Object (Article 21 GDPR)
You have the right to object to processing based on:
Legitimate interests (unless we demonstrate compelling legitimate grounds)
Direct marketing (absolute right - we must stop immediately)
Profiling and automated decision-making
How to exercise: Email dpo@yallahsir.com or use opt-out links in marketing emails
10.7 Right to Withdraw Consent (Article 7(3) GDPR)
Where processing is based on consent, you have the right to withdraw consent at any time.
Withdrawal does not affect the lawfulness of processing before withdrawal
After withdrawal, we will stop processing unless we have another legal basis
How to exercise: Email dpo@yallahsir.com or update your preferences in Platform settings
10.8 Right to Lodge a Complaint (Article 77 GDPR)
You have the right to lodge a complaint with a supervisory authority if you believe we have
violated your data protection rights.
Ireland: Data Protection Commission (DPC)
Website: www.dataprotection.ie
Email: info@dataprotection.ie
Phone: +353 (0)761 104 800
Other EU/EEA Countries: Contact your local data protection authority
11. COOKIES AND TRACKING TECHNOLOGIES
11.1 What Are Cookies?
Cookies are small text files stored on your device when you visit our website or use our
mobile application. They help us recognize your device and remember your preferences.
11.2 Types of Cookies We Use
(a) Strictly Necessary Cookies
Essential for Platform functionality:
Session management and authentication
Security and fraud prevention
Load balancing and performance
Legal basis: Legitimate interests / contract performance
No consent required
(b) Performance and Analytics Cookies
Track usage and performance:
Google Analytics (page views, session duration, bounce rate)
Error tracking and diagnostics
A/B testing and feature optimization
Legal basis: Consent (optional)
(c) Functionality Cookies
Remember your preferences:
Language and currency settings
Location preferences
Display preferences (dark mode, layout)
Legal basis: Consent (optional)
(d) Marketing and Advertising Cookies
Personalize marketing content:
Facebook Pixel, Google Ads tracking
Retargeting and remarketing campaigns
Conversion tracking
Legal basis: Consent (required)
11.3 Third-Party Cookies
We use cookies from third-party services:
Google Analytics - website analytics
Facebook Pixel - advertising and retargeting
Stripe - payment processing
Intercom - customer support chat
Hotjar - user behavior analytics
These third parties may collect and process data under their own privacy policies.
11.4 Managing Cookies
You can control cookies through:
(a) Cookie Consent Banner
Accept or reject optional cookies when you first visit the Platform.
(b) Browser Settings
Most browsers allow you to:
Block all cookies
Delete existing cookies
Accept cookies only from specific sites
Note: Blocking necessary cookies may affect Platform functionality.
(c) Opt-Out Tools
Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout
Facebook Opt-Out: Adjust ad preferences in Facebook settings
11.5 Mobile App Tracking
Our mobile app uses:
Device identifiers (IDFA for iOS, AAID for Android)
Push notification tokens
Location services (when enabled)
You can manage permissions in your device settings (Settings > Privacy > YallahSir).
12. SECURITY MEASURES
12.1 Technical and Organizational Measures
We implement industry-standard security measures to protect your personal data:
(a) Encryption
TLS/SSL encryption for data in transit
AES-256 encryption for sensitive data at rest
Encrypted database backups
(b) Access Controls
Role-based access control (RBAC) for employees
Multi-factor authentication (MFA) for admin accounts
Regular access reviews and audits
(c) Network Security
Firewalls and intrusion detection systems (IDS)
DDoS protection and rate limiting
Secure API authentication (OAuth 2.0, JWT tokens)
(d) Application Security
Regular security testing and vulnerability assessments
Penetration testing by third-party security firms
Secure development lifecycle (SDLC) practices
Input validation and SQL injection prevention
(e) Physical Security
Data centers with 24/7 surveillance and access control
Environmental controls (fire suppression, cooling)
Redundant power and network infrastructure
(f) Employee Training
Mandatory data protection and security training
Confidentiality agreements and NDAs
Background checks for employees with data access
12.2 Data Breach Response
We monitor for security incidents and have procedures to:
Detect and contain breaches promptly
Assess the risk and impact on data subjects
Notify affected individuals and supervisory authorities within 72 hours (as required
by GDPR Article 33)
Implement remedial measures to prevent recurrence
13. DATA BREACH NOTIFICATION
13.1 Our Obligations
In the event of a personal data breach, we will:
(a) Notify the Supervisory Authority
Within 72 hours of becoming aware of the breach (GDPR Article 33), unless the breach is
unlikely to result in a risk to your rights and freedoms.
(b) Notify Affected Data Subjects
Without undue delay (GDPR Article 34), if the breach is likely to result in a high risk to your
rights and freedoms.
13.2 What We Will Tell You
Breach notifications will include:
Nature of the breach (what happened)
Categories and approximate number of data subjects affected
Categories and approximate number of records affected
Likely consequences of the breach
Measures taken or proposed to address the breach
Contact details for further information (DPO)
13.3 Your Actions
If you are notified of a breach:
Change your password immediately
Monitor your account for suspicious activity
Be alert for phishing attempts or fraud
Contact us if you have questions: dpo@yallahsir.com
14. CHILDREN'S PRIVACY
14.1 Age Restriction
The YallahSir Platform is not intended for children under the age of 18. We do not
knowingly collect or process personal data from children.
14.2 Parental Consent
If we discover that we have inadvertently collected personal data from a child under 18
without parental consent, we will:
Delete the data immediately
Terminate the account
Notify the parent or guardian (if contact information is available)
14.3 Reporting Underage Users
If you believe a child under 18 has created an account, please contact us immediately at:
privacy@yallahsir.com
15. MARKETING COMMUNICATIONS AND OPT-OUT
15.1 Types of Marketing Communications
With your consent, we may send:
Promotional emails about new features, offers and updates
SMS messages with special deals and referral programs
Push notifications on mobile devices
Personalized recommendations based on your activity
15.2 Consent and Legal Basis
We only send marketing communications based on:
Explicit consent (opt-in checkbox during registration)
Soft opt-in (for existing customers regarding similar services)
We will not sell or rent your personal data to third parties for their marketing purposes.
15.3 How to Opt Out
You can opt out at any time through:
(a) Unsubscribe Links
Click "Unsubscribe" at the bottom of any marketing email.
(b) Platform Settings
Manage notification preferences in your account settings.
(c) Email Request
Email privacy@yallahsir.com with subject line "Marketing Opt-Out"
(d) SMS Opt-Out
Reply "STOP" to any marketing SMS
15.4 Service Communications
Please note: You cannot opt out of essential service communications, including:
Account verification and security alerts
Booking confirmations and shipment updates
Payment receipts and invoices
Terms and Privacy Policy updates
Legal notices and compliance communications
16. THIRD-PARTY SERVICES AND LINKS
16.1 Third-Party Websites and Apps
The Platform may contain links to third-party websites, applications or services that are
not controlled by YallahSir.
We are not responsible for:
Privacy practices of third-party sites
Content or security of external links
Data collected by third parties
16.2 Third-Party Privacy Policies
When you access third-party services:
You are subject to their privacy policies and terms of use
We encourage you to review their policies before providing personal data
16.3 Social Media Integration
If you choose to link your social media accounts (Facebook, Google, etc.):
We may access basic profile information (name, email, profile photo)
Social media platforms may collect data about your interactions with our Platform
Review their privacy settings and policies
17. CHANGES TO THIS PRIVACY POLICY
17.1 Updates and Amendments
We reserve the right to update this Privacy Policy at any time to reflect:
Changes in our data processing practices
New legal requirements or regulatory guidance
New features or services on the Platform
Feedback from users and supervisory authorities
17.2 Notification of Changes
When we make material changes:
We will update the "Last Updated" date at the top of this Privacy Policy
We will notify you via email (if you have an account)
We will display a prominent notice on the Platform
For significant changes, we may request your renewed consent
17.3 Continued Use
Continued use of the Platform after changes are published constitutes acceptance of the
updated Privacy Policy.
17.4 Review Regularly
We encourage you to review this Privacy Policy periodically to stay informed about how we
protect your data.
18. CONTACT INFORMATION AND DATA PROTECTION
OFFICER
18.1 Privacy Questions and Requests
For any questions, concerns or requests regarding this Privacy Policy or your personal
data, please contact:
Email: privacy@yallahsir.com
Data Protection Officer: dpo@yallahsir.com
Company Information:
YallahSir Ltd
Republic of Ireland
18.2 Response Times
We aim to respond to all privacy inquiries and data subject requests within:
1 month for standard requests (may be extended by 2 months for complex requests)
72 hours for urgent security or breach-related matters
18.3 Supervisory Authority
If you are not satisfied with our response or believe we have violated your data protection
rights, you have the right to lodge a complaint with the Irish Data Protection Commission:
Data Protection Commission (DPC)
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
Website: www.dataprotection.ie
Email: info@dataprotection.ie
Phone: +353 (0)761 104 800
ACKNOWLEDGMENT
By using the YallahSir Platform, you acknowledge that:
✓ You have read and understood this Privacy Policy;
✓ You consent to the collection, use and disclosure of your personal data as described
herein;
✓ You understand your privacy rights under GDPR and how to exercise them;
✓ You understand that you can withdraw consent or opt out of certain data processing
activities at any time;
✓ You have had the opportunity to contact us with questions or concerns.
END OF PRIVACY POLICYBack to Yallah Sir
Legal
Privacy Policy
This page reproduces the YallahSir Privacy Policy from the official PDF document.