Privacy Policy
Last updated: July 12, 2026
Welcome to SharmBeat — the app and website that help visitors, residents and local businesses discover and connect in Sharm El Sheikh. This Privacy Policy describes how SAFWA STAR S&S LTD ("we", "us", "our") collects, uses, stores and protects your personal data when you use the SharmBeat mobile app and the sharmbeat.com website (together, the "Service").
1. Who we are — identity and contact details
- Full legal name: SAFWA STAR S&S LTD
- Legal form: Limited Liability Company (LLC)
- Registered office: 48 Ahmed Zaki Street, Maadi, Cairo, Egypt
- Commercial Registration No.: 150190
- Tax Card No.: EG 583803393
- Privacy email: [email protected]
- Phone: +20 100 101 2469
Data Protection Officer (DPO): We have not formally appointed a DPO at this time. For any data-protection request, contact [email protected] — our team handles every request personally.
2. Scope of this policy
This policy covers all parts of the Service: browsing and searching listings, creating an account, messaging businesses through in-app chat, booking services, leaving reviews, uploading photos, using the interactive map, and receiving push notifications — on both the mobile app and the sharmbeat.com website.
3. Personal data we collect
Depending on how you use the Service, we may collect:
- Account data: first and last name, email address, phone number, password (stored encrypted).
- Profile & preferences: language, saved places, preferences you set during onboarding.
- Location: approximate or precise geographic location, only when you enable it, to show nearby places and the interactive map.
- Photos: images you choose to upload from your camera or photo library (e.g., for a business listing or a review).
- Messages: chat content, metadata (timestamps, sender/recipient, conversation duration), and conversation history between visitors and businesses.
- Bookings & reviews: booking requests, dates, status, review text and ratings you submit.
- Payment-related data: when you pay for a booking, our payment processor handles your card details directly — we receive only the transaction status and reference, never your full card number.
- Device & technical data: IP address, device model, operating system, unique device identifier, app version, crash reports and diagnostic logs.
- Push notification token: to deliver booking updates, chat messages and broadcast notifications.
We do not collect your date of birth, gender, or passive in-app usage analytics (e.g., time spent, open frequency) beyond standard crash/error diagnostics.
4. Why we collect your data
- To create and manage your account
- To show you relevant places, offers and map results near you
- To enable messaging between visitors and businesses
- To process and manage bookings, including payment
- To publish reviews and maintain their reliability
- To send booking updates, chat alerts and (with your consent) promotional notifications
- To respond to customer support requests
- To prevent fraud, moderate illegal or abusive content, and secure the platform
- To diagnose crashes and improve app stability
5. Legal basis for processing your data
- Performance of a contract: processing necessary to provide the account, booking, chat and listing features you request.
- Legitimate interest: to improve the Service, prevent abuse and fraud, and keep the platform secure, provided this does not override your fundamental rights.
- Legal obligation: where retention or disclosure is required by Egyptian law (e.g., in response to a lawful authority request).
We do not rely on consent as the basis for ordinary processing, but we always ask for your explicit consent for marketing communications and before accessing precise location or your photo library.
6. Who we share your data with
To operate the Service, we share data with the following processors, strictly for the purposes below. We never sell your data.
| Service | Provider | Purpose |
|---|---|---|
| Database & backend | Supabase | Storage of accounts, messages, bookings, reviews |
| Website hosting | Vercel | Delivery of sharmbeat.com |
| Mobile build & delivery | Expo (EAS) | App builds, over-the-air updates |
| Push notifications | Google Firebase (FCM) | Delivering push notifications |
| Usage statistics | Google Analytics | Anonymized, aggregate usage analysis |
| Crash & error monitoring | Sentry (EU-hosted) | Diagnosing app crashes and bugs |
| Payment processing | Paymob (licensed Egyptian payment service provider) | Secure processing of booking payments |
| Maps | Google Maps Platform | Interactive map, directions, nearby search |
We may also disclose data if required by Egyptian law, court order, or to protect the rights, property or safety of SharmBeat, our users or the public.
7. International data transfers
Some of the providers above process data on servers located outside Egypt, mainly in the United States and the European Union (Supabase, Vercel, Google Firebase, Google Analytics, Expo). Paymob processes payment data within Egypt.
Since the United States is not currently recognized as offering an adequate level of protection under Egyptian standards, we rely on the following safeguards for these transfers:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements (DPAs) signed with each provider
- Encryption in transit and pseudonymization measures where applicable
To request a copy of the safeguards adopted for a specific transfer, write to [email protected].
8. How long we keep your data
- Account data: for as long as your account is active, plus a reasonable period afterward to comply with legal obligations and resolve disputes.
- Chat messages & metadata: up to 24 months from the last message in a conversation, then automatically deleted.
- Bookings & payment records: retained as required by Egyptian tax and consumer-protection law.
Data is deleted earlier if you delete your account or request erasure (see Section 9), unless we must retain it for legal reasons or an ongoing dispute.
9. Your rights
Under the Egyptian Personal Data Protection Law (Law No. 151 of 2020), you have the right to:
- Access the personal data we hold about you
- Request rectification of inaccurate or incomplete data
- Request erasure of your data ("right to be forgotten")
- Object to processing for legitimate reasons
- Withdraw consent at any time, where processing is based on consent
To exercise any of these rights, contact [email protected]. We respond within 30 days, as required by law.
Account deletion: you can permanently delete your account and associated personal data from the app (Profile → Settings → Delete my account), or follow the steps on our dedicated page: Delete your account. That page is also the public web link for store account-deletion requirements.
10. Where we collect your data from
We collect your personal data directly from you: when you create an account, use the chat, fill in your profile, upload photos, make a booking, or interact with any Service feature. We do not purchase or source data about you from social media platforms or third-party partners.
11. Children's privacy
SharmBeat is not directed at children and is not intended for use by anyone below the minimum age required to enter into a binding agreement under applicable law (see our Terms of Service for the applicable age). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at [email protected] and we will delete it.
12. Cookies (website)
The sharmbeat.com website uses only essential cookies required for the site to function, plus, where enabled, privacy-conscious analytics cookies (Google Analytics) to understand aggregate traffic. We do not use third-party advertising cookies.
13. Security
We apply technical and organizational measures appropriate to the risk, including encryption in transit, encrypted credential storage, and access controls, to protect your data against unauthorized access, loss or misuse. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
14. Right to lodge a complaint with the PDPC
Under Egyptian law, you have the right to lodge a complaint with the Personal Data Protection Center (PDPC) if you believe our processing of your personal data violates the law. We kindly ask that you first contact us at [email protected] so we can try to resolve the matter directly.
15. How we present this notice
- A visible link in the app's settings menu and on the registration screen
- An informational banner on first launch, linking to the full notice
- "Just-in-time" notices when you first enable a feature that needs specific data (e.g., precise location or photo access)
16. Updates to this policy
We may update this policy periodically. We will notify you of material changes through an in-app notice or by email. The version in effect always displays the date of the last revision at the top of this page.
17. Contact us
SAFWA STAR S&S LTD
48 Ahmed Zaki Street, Maadi, Cairo, Egypt
Email: [email protected]
Phone: +20 100 101 2469
