سياسة الخصوصية · Privacy Policy

1) Introduction

sahl | سهل is a local community platform for posting news, classifieds, lost-and-found, marketplace listings, and service ratings — scoped to your neighbourhood or village.

By using the app, you agree to the data-handling practices described in this policy.

2) Account data we collect

• Full name or business name
• Email address
• Primary phone number (plus additional numbers for service providers)
• Free-text address or business location
• Profile picture or shop-front photo
• Account type (regular user vs. service provider) and job
• Password (stored securely by Firebase Authentication; the app itself never sees the plaintext)

3) Photos, camera, and microphone

• Camera — to capture photos attached to posts, your profile, and product listings.
• Photo and video library — to pick existing images from your device.
• Microphone — used only for recording voice messages in chat, and only while the record button is held.
• Photos and audio are uploaded to Supabase Storage over an encrypted (HTTPS) connection.

4) Location data

We request location permission so you can auto-select your neighbourhood from the available map. Coordinates are used only at the moment of selection to find the nearest neighbourhood — we do not store precise GPS coordinates on our servers.

We may pass coordinates to Google Maps Geocoding (or OpenStreetMap Nominatim as a fallback) to translate them into a place name. Your location is never tracked in the background and is never sold to any third party.

5) Messages and chat

Your private messages with other users are stored in Supabase so you can read them on any device. A temporary local copy is cached on your device for faster loading and offline access.

Messages are not end-to-end encrypted. Administrators may access messages only when investigating abuse reports.

6) Public content

Any content you post — including posts, photos, classifieds, service ratings, comments, and reactions — is visible to other users in the same neighbourhood (and optionally an adjacent neighbourhood, if you opt in).

You are fully responsible for the content you publish. We reserve the right to remove any content that violates our terms without prior notice.

7) Push notifications

We use Firebase Cloud Messaging (FCM) to deliver push notifications such as new posts, replies to your comments, likes, and incoming messages.

A device token (FCM token) is stored on your account so notifications can be routed to your device. Notifications are dispatched through a Cloudflare Workers service that verifies the sender's identity before forwarding to FCM.

You can disable notification categories from the Settings screen.

8) Crash reports and diagnostics

We use Firebase Crashlytics to collect automatic crash reports when the app encounters an error. These reports include technical information such as device model, OS version, and app version — they do not include the contents of your account or your messages.

9) Third-party service providers

We do not sell your data. We share it with the following service providers only as needed to operate the app:

• Firebase (Google LLC) — authentication, push notifications, crash reporting
• Supabase (Supabase Inc) — database, file storage, realtime messaging
• Cloudflare Workers (Cloudflare Inc) — notification dispatch
• Google Maps Geocoding (optional) — converting coordinates to place names
• OpenStreetMap Nominatim — free fallback geocoder
• Google Sign-In — optional sign-in via Google account

We may disclose specific data in response to a lawful request from a competent authority.

10) Data security

• All communication with our servers is encrypted with HTTPS / TLS.
• Passwords are managed by Firebase Authentication and are never stored by us.
• We enforce Row-Level Security policies in the database to restrict access to your data.
• Administrator access is limited and logged.

No system is 100% secure — in the event of a breach we will notify affected users as required by applicable law.

11) Data retention

We retain your account data as long as the account is active. When the account is deleted, all your personal data, posts, photos, and conversations are permanently deleted within 30 days at the latest — unless we are required by law to retain specific records for a defined period.

12) Account deletion

You can delete your account at any time from inside the app:
Settings → Delete account

Or use the online deletion request form if you cannot sign in. We will delete the account manually within 30 days.

When deleted:

• The account is invalidated immediately
• All personal data, posts, photos, and conversations are removed
• The account and its content cannot be restored.

13) Your rights

You have the right to access, correct, or request deletion of your data. Users in the EU and UK have additional rights under GDPR / UK GDPR, including data portability and the right to object to certain processing.

To exercise these rights, contact us at the email below.

14) Children's privacy

The app is not intended for children under 13. We do not knowingly collect data from children under this age. If we discover an account belonging to a child, we will delete it immediately.

15) Updates to this policy

We may update this policy from time to time. The updated version will be published inside the app and on the public policy page, with the "last updated" date at the top reflecting the change.

16) Contact us

For any privacy question, data-deletion request, or to exercise your rights:

📧 mahaletmarhom.support@gmail.com

We respond to privacy requests within 30 days.