SharmBeat ← Back to site
Legal

Privacy Policy

Last updated: July 12, 2026

On this page

  1. 1. Who we are
  2. 2. Scope of this policy
  3. 3. Personal data we collect
  4. 4. Why we collect your data
  5. 5. Legal basis for processing
  6. 6. Who we share your data with
  7. 7. International data transfers
  8. 8. How long we keep your data
  9. 9. Your rights
  10. 10. Where we collect your data from
  11. 11. Children's privacy
  12. 12. Cookies (website)
  13. 13. Security
  14. 14. Complaints to the PDPC
  15. 15. How we present this notice
  16. 16. Updates to this policy
  17. 17. Contact us

Welcome to SharmBeat — the app and website that help visitors, residents and local businesses discover and connect in Sharm El Sheikh. This Privacy Policy describes how SAFWA STAR S&S LTD ("we", "us", "our") collects, uses, stores and protects your personal data when you use the SharmBeat mobile app and the sharmbeat.com website (together, the "Service").

1. Who we are — identity and contact details

  • Full legal name: SAFWA STAR S&S LTD
  • Legal form: Limited Liability Company (LLC)
  • Registered office: 48 Ahmed Zaki Street, Maadi, Cairo, Egypt
  • Commercial Registration No.: 150190
  • Tax Card No.: EG 583803393
  • Privacy email: [email protected]
  • Phone: +20 100 101 2469

Data Protection Officer (DPO): We have not formally appointed a DPO at this time. For any data-protection request, contact [email protected] — our team handles every request personally.

2. Scope of this policy

This policy covers all parts of the Service: browsing and searching listings, creating an account, messaging businesses through in-app chat, booking services, leaving reviews, uploading photos, using the interactive map, and receiving push notifications — on both the mobile app and the sharmbeat.com website.

3. Personal data we collect

Depending on how you use the Service, we may collect:

  • Account data: first and last name, email address, phone number, password (stored encrypted).
  • Profile & preferences: language, saved places, preferences you set during onboarding.
  • Location: approximate or precise geographic location, only when you enable it, to show nearby places and the interactive map.
  • Photos: images you choose to upload from your camera or photo library (e.g., for a business listing or a review).
  • Messages: chat content, metadata (timestamps, sender/recipient, conversation duration), and conversation history between visitors and businesses.
  • Bookings & reviews: booking requests, dates, status, review text and ratings you submit.
  • Payment-related data: when you pay for a booking, our payment processor handles your card details directly — we receive only the transaction status and reference, never your full card number.
  • Device & technical data: IP address, device model, operating system, unique device identifier, app version, crash reports and diagnostic logs.
  • Push notification token: to deliver booking updates, chat messages and broadcast notifications.

We do not collect your date of birth, gender, or passive in-app usage analytics (e.g., time spent, open frequency) beyond standard crash/error diagnostics.

4. Why we collect your data

  • To create and manage your account
  • To show you relevant places, offers and map results near you
  • To enable messaging between visitors and businesses
  • To process and manage bookings, including payment
  • To publish reviews and maintain their reliability
  • To send booking updates, chat alerts and (with your consent) promotional notifications
  • To respond to customer support requests
  • To prevent fraud, moderate illegal or abusive content, and secure the platform
  • To diagnose crashes and improve app stability

5. Legal basis for processing your data

  • Performance of a contract: processing necessary to provide the account, booking, chat and listing features you request.
  • Legitimate interest: to improve the Service, prevent abuse and fraud, and keep the platform secure, provided this does not override your fundamental rights.
  • Legal obligation: where retention or disclosure is required by Egyptian law (e.g., in response to a lawful authority request).

We do not rely on consent as the basis for ordinary processing, but we always ask for your explicit consent for marketing communications and before accessing precise location or your photo library.

6. Who we share your data with

To operate the Service, we share data with the following processors, strictly for the purposes below. We never sell your data.

ServiceProviderPurpose
Database & backendSupabaseStorage of accounts, messages, bookings, reviews
Website hostingVercelDelivery of sharmbeat.com
Mobile build & deliveryExpo (EAS)App builds, over-the-air updates
Push notificationsGoogle Firebase (FCM)Delivering push notifications
Usage statisticsGoogle AnalyticsAnonymized, aggregate usage analysis
Crash & error monitoringSentry (EU-hosted)Diagnosing app crashes and bugs
Payment processingPaymob (licensed Egyptian payment service provider)Secure processing of booking payments
MapsGoogle Maps PlatformInteractive map, directions, nearby search

We may also disclose data if required by Egyptian law, court order, or to protect the rights, property or safety of SharmBeat, our users or the public.

7. International data transfers

Some of the providers above process data on servers located outside Egypt, mainly in the United States and the European Union (Supabase, Vercel, Google Firebase, Google Analytics, Expo). Paymob processes payment data within Egypt.

Since the United States is not currently recognized as offering an adequate level of protection under Egyptian standards, we rely on the following safeguards for these transfers:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) signed with each provider
  • Encryption in transit and pseudonymization measures where applicable

To request a copy of the safeguards adopted for a specific transfer, write to [email protected].

Egypt's Personal Data Protection Law (151/2020) Executive Regulations, in force since November 2025, introduce a specific licensing requirement for cross-border data transfers. We are reviewing our transfer arrangements against this requirement ahead of the compliance deadline.

8. How long we keep your data

  • Account data: for as long as your account is active, plus a reasonable period afterward to comply with legal obligations and resolve disputes.
  • Chat messages & metadata: up to 24 months from the last message in a conversation, then automatically deleted.
  • Bookings & payment records: retained as required by Egyptian tax and consumer-protection law.

Data is deleted earlier if you delete your account or request erasure (see Section 9), unless we must retain it for legal reasons or an ongoing dispute.

9. Your rights

Under the Egyptian Personal Data Protection Law (Law No. 151 of 2020), you have the right to:

  1. Access the personal data we hold about you
  2. Request rectification of inaccurate or incomplete data
  3. Request erasure of your data ("right to be forgotten")
  4. Object to processing for legitimate reasons
  5. Withdraw consent at any time, where processing is based on consent

To exercise any of these rights, contact [email protected]. We respond within 30 days, as required by law.

Account deletion: you can permanently delete your account and associated personal data from the app (Profile → Settings → Delete my account), or follow the steps on our dedicated page: Delete your account. That page is also the public web link for store account-deletion requirements.

10. Where we collect your data from

We collect your personal data directly from you: when you create an account, use the chat, fill in your profile, upload photos, make a booking, or interact with any Service feature. We do not purchase or source data about you from social media platforms or third-party partners.

11. Children's privacy

SharmBeat is not directed at children and is not intended for use by anyone below the minimum age required to enter into a binding agreement under applicable law (see our Terms of Service for the applicable age). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at [email protected] and we will delete it.

12. Cookies (website)

The sharmbeat.com website uses only essential cookies required for the site to function, plus, where enabled, privacy-conscious analytics cookies (Google Analytics) to understand aggregate traffic. We do not use third-party advertising cookies.

13. Security

We apply technical and organizational measures appropriate to the risk, including encryption in transit, encrypted credential storage, and access controls, to protect your data against unauthorized access, loss or misuse. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

14. Right to lodge a complaint with the PDPC

Under Egyptian law, you have the right to lodge a complaint with the Personal Data Protection Center (PDPC) if you believe our processing of your personal data violates the law. We kindly ask that you first contact us at [email protected] so we can try to resolve the matter directly.

15. How we present this notice

  • A visible link in the app's settings menu and on the registration screen
  • An informational banner on first launch, linking to the full notice
  • "Just-in-time" notices when you first enable a feature that needs specific data (e.g., precise location or photo access)

16. Updates to this policy

We may update this policy periodically. We will notify you of material changes through an in-app notice or by email. The version in effect always displays the date of the last revision at the top of this page.

17. Contact us

SAFWA STAR S&S LTD
48 Ahmed Zaki Street, Maadi, Cairo, Egypt
Email: [email protected]
Phone: +20 100 101 2469

This Privacy Policy works together with our Terms of Service.