Privacy Policy

Welcome to Rawwij ("we," "our," or "us"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media management platform at rawwij.com (the "Service"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last Updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

We collect information that you provide directly to us, information we obtain automatically when you use our Service, and information from third-party sources.

Personal Information You Provide: • Account Information: Name, email address, password, profile picture • Billing Information: Payment card details (processed securely by our payment provider), billing address • Social Media Accounts: When you connect your social media accounts, we access your profile information, posts, analytics, and engagement data as authorized by you • Communications: Information you provide when you contact our support team • Content: Posts, images, videos, and other content you create or upload through our Service

Information Collected Automatically: • Device Information: IP address, browser type, operating system, device identifiers • Usage Data: Pages visited, features used, time spent on the platform, click patterns • Cookies and Similar Technologies: We use cookies, pixels, and similar technologies to enhance your experience and gather analytics

Information from Third Parties: • Social Media Platforms: Profile information, followers, engagement metrics, and analytics from connected platforms (Instagram, Facebook, X (Twitter), TikTok, LinkedIn, YouTube, Threads, Snapchat, and Telegram) • Analytics Providers: Aggregated usage data from services like Google Analytics

Platform-Specific Data Access: When you connect your accounts, we access the following data through each platform's official API using OAuth 2.0 authorization:

• Meta (Facebook & Instagram): Profile information, page/account data, post content, engagement metrics (likes, comments, shares, reach, impressions), follower/following counts, audience demographics, and publishing capabilities via Meta's Graph API.

• X (Twitter): Profile information, tweet content, engagement metrics (retweets, likes, replies), follower counts, and publishing capabilities via the X API.

• TikTok: Profile information, video content metadata, engagement metrics (views, likes, comments, shares), follower counts, and publishing capabilities via TikTok's API.

• LinkedIn: Profile information, company page data, post content, engagement metrics (reactions, comments, shares, impressions), follower counts, and publishing capabilities via LinkedIn's API.

• YouTube: Channel information, video metadata (titles, descriptions, tags, thumbnails), video analytics (views, likes, comments, watch time), subscriber counts, and publishing capabilities. We access this data through YouTube API Services. By using our Service with YouTube integration, you agree to be bound by the YouTube Terms of Service (https://www.youtube.com/t/terms). Please also review Google's Privacy Policy at https://policies.google.com/privacy.

• Snapchat: Profile information, story/post content metadata, engagement metrics (views, screenshots), follower counts, and publishing capabilities via Snap's API.

• Threads: Profile information, post content, engagement metrics, and publishing capabilities via Meta's API.

• Telegram: Channel/group information, message content metadata, subscriber counts, and publishing capabilities via the Telegram Bot API. Telegram integration uses Bot API tokens rather than OAuth 2.0; the bot token is stored securely and provides access only to channels and groups where the bot has been explicitly added by the Customer.

Important: We use OAuth 2.0 protocol for all platform connections (except Telegram, which uses the Bot API). We NEVER have access to your social media passwords. We only access the data and permissions you explicitly authorize.

We use the information we collect for various purposes, including:

Service Delivery: • To create and manage your account • To provide, operate, and maintain our Service • To process transactions and send related information • To schedule and publish content to your connected social media accounts • To provide analytics and insights about your social media performance

Communication: • To send you technical notices, updates, and support messages • To respond to your comments, questions, and customer service requests • To send promotional communications (with your consent)

Improvement and Development: • To understand how users interact with our Service • To develop new products, services, features, and functionality • To detect, prevent, and address technical issues • To protect against fraudulent or illegal activity

Legal Compliance: • To comply with applicable laws, regulations, and legal processes • To protect our rights, privacy, safety, or property

We do not sell your personal information. We may share your information in the following circumstances:

Service Providers: We share information with third-party vendors who perform services on our behalf, including: • Cloud hosting (Vercel, Supabase) • Media storage (Supabase Storage) • Payment processing (Tap Payments) • Email delivery (Resend) • Analytics (Google Analytics) • Customer support tools

Social Media Platforms: When you connect your social media accounts, we share content and data as necessary to provide the Service. This is governed by the respective platform's terms and privacy policies.

Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.

Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition, your information may be transferred as part of that transaction.

Team Workspaces: If you join a team on Rawwij, certain information is shared with other team members based on their assigned role: • Team Owner and Admins can view all connected social media accounts, analytics, content, and team member information (name, email, role). • Editors can view content, scheduling data, and analytics but not billing or account connection details. • Viewers can view dashboards, analytics, and published content in read-only mode. • Your personal account information (password, personal billing details) is never shared with other team members. • The team Owner's subscription plan determines access limits for all team members. By joining a team, you consent to the sharing of your name, email address, and role with other members of that team.

With Your Consent: We may share your information for other purposes with your explicit consent.

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Security Measures Include: • Encryption of data in transit using TLS/SSL • Encryption of sensitive data at rest • Regular security assessments and penetration testing • Access controls and authentication mechanisms • Secure cloud infrastructure with industry-leading providers • Regular backups and disaster recovery procedures

OAuth Security: When you connect social media accounts, we use OAuth 2.0 protocol. We store access tokens securely and never have access to your social media passwords.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods: • Account Information: Retained while your account is active and for 30 days after account deletion • Analytics Data: Retained for up to 24 months • Payment Records: Retained for 7 years as required for tax and legal purposes • Support Communications: Retained for 2 years

Account Deletion: When you delete your account: • Your personal information will be deleted within 30 days • Connected social media tokens are immediately revoked • Analytics data is anonymized or deleted • Some information may be retained in backups for a limited period

You can request deletion of your account at any time by contacting us at privacy@rawwij.com.

Depending on your location, you may have certain rights regarding your personal information:

Access and Portability: You have the right to request a copy of your personal information in a structured, commonly used format.

Correction: You can update or correct your account information at any time through your account settings.

Deletion: You can request deletion of your personal information, subject to certain exceptions.

Opt-Out: • Marketing Communications: You can opt out of marketing emails by clicking "unsubscribe" in any marketing email • Cookies: You can manage cookie preferences through your browser settings • Analytics: You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on

Disconnect Social Accounts: You can disconnect any connected social media account at any time through your account settings.

Data Portability: You can export your data at any time from your account settings.

To exercise any of these rights, please contact us at privacy@rawwij.com.

Revoking Social Media Access: You can disconnect any connected social media account at any time through your Rawwij account settings, or directly through each platform: • Meta (Facebook/Instagram): facebook.com/settings > Apps and Websites • X (Twitter): x.com/settings > Apps and Sessions • TikTok: Settings > Security and Permissions • LinkedIn: linkedin.com/psettings > Permitted Services • YouTube/Google: https://security.google.com/settings/security/permissions • Snapchat: Settings > Connected Apps • Telegram: Remove the bot from your channel/group settings

You have the right to request the deletion of your data at any time.

How to Request Data Deletion: • Through the Service: Go to Settings > Account > Delete Account to permanently delete your account and all associated data. • By Email: Send a deletion request to privacy@rawwij.com with the subject "Data Deletion Request" and your registered email address. • Platform-Specific: Disconnect individual social media accounts through Settings > Accounts to delete data for that specific platform connection.

What Gets Deleted: • Your account profile and settings • All connected social media account data and access tokens • Your content library (drafts, scheduled posts, media files) • Your analytics and reporting data • Any other personal information associated with your account

What May Be Retained: • Billing and transaction records (retained for 7 years for tax/legal compliance in Kuwait) • Anonymized, aggregated data that cannot identify you • Information necessary to resolve disputes or enforce our agreements

Deletion Timeline: • Data deletion from active systems: Within 30 days of your request • Data deletion from backups: Within 90 days of your request • YouTube API data: Within 30 days per YouTube API Services requirements

Meta (Facebook/Instagram) Data Deletion: We support Meta's data deletion callback. When you remove Rawwij from your Facebook Apps and Websites settings, we receive a deletion request and process it within 30 days. You can check the status of your deletion by contacting privacy@rawwij.com.

Data Deletion Callback URL: https://dzjnqihaejkrgilyakdh.supabase.co/functions/v1/meta-data-deletion

For any data deletion inquiries, please contact privacy@rawwij.com.

Rawwij's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.

YouTube API Services: Rawwij uses YouTube API Services to enable users to publish, schedule, and manage content on their YouTube channels. By using the YouTube features of our Service, you agree to be bound by: • The YouTube Terms of Service (https://www.youtube.com/t/terms) • Google's Privacy Policy (https://policies.google.com/privacy)

Data We Access from YouTube: Through YouTube API Services and Google OAuth 2.0, we access the following data only with your explicit authorization: • Channel information (channel ID, name, thumbnail, subscriber count) • Video metadata (titles, descriptions, tags, thumbnails, privacy status) • Video upload and publishing capabilities • Basic analytics (views, likes, comments) for videos published through Rawwij

How We Use YouTube Data: • Solely to provide the Service features you have requested (scheduling, publishing, analytics) • To display your channel information and content within the Rawwij dashboard • To generate aggregated, non-personalized usage statistics for service improvement

What We Do NOT Do with YouTube Data: • We do NOT use YouTube data for advertising purposes • We do NOT sell, transfer, or disclose YouTube data to third parties for advertising, profiling, or any other unauthorized purpose • We do NOT use YouTube data to train, develop, or improve generalized or non-personalized AI/ML models • We do NOT allow humans to read your YouTube data, except: (a) with your explicit consent, (b) for security purposes (such as investigating abuse), (c) to comply with applicable law, or (d) where the data has been aggregated and anonymized

Revoking YouTube Access: You may revoke Rawwij's access to your YouTube account at any time through: • Your Rawwij account settings (Settings > Connected Accounts > Disconnect YouTube) • Google's security settings page: https://security.google.com/settings/security/permissions

Upon revocation, all OAuth tokens are immediately invalidated and YouTube data associated with your account will be deleted within 30 days, in accordance with the YouTube API Services Terms of Service.

YouTube Data Retention: Data obtained from YouTube API Services is retained only as long as necessary to provide the Service. Specifically: • OAuth access tokens: stored encrypted, refreshed as needed • Channel and video metadata: retained while your account is connected • Upon disconnection or account deletion: all YouTube-derived data is deleted within 30 days

For any questions regarding our use of Google or YouTube data, contact privacy@rawwij.com.

For EU/EEA Residents (GDPR):

Legal Basis for Processing: • Consent: Where you have given explicit consent (e.g., marketing communications, connecting social media accounts) • Contract: Where processing is necessary to fulfill our contract with you (e.g., providing the Service) • Legitimate Interest: Where processing is in our legitimate business interest and not overridden by your rights (e.g., security, fraud prevention, service improvement) • Legal Obligation: Where processing is required by law

Your Additional GDPR Rights: • Right to restrict processing • Right to data portability • Right to object to processing • Right not to be subject to automated decision-making

Data Protection Contact: For GDPR-related inquiries: privacy@rawwij.com

Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority.

For California Residents (CCPA/CPRA):

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected. • Right to Delete: You can request deletion of your personal information. • Right to Opt-Out of Sale: We do NOT sell your personal information. No opt-out is necessary. • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights. • Right to Correct: You can request correction of inaccurate personal information.

Categories of personal information collected (as defined by CCPA): Identifiers, Internet activity information, commercial information, and professional information.

To exercise your rights, contact privacy@rawwij.com.

Rawwij is based in Kuwait and operates globally. Your information may be transferred to, stored, and processed in countries other than your country of residence.

Data Transfer Safeguards: • We use standard contractual clauses approved by relevant authorities • We ensure our service providers maintain appropriate security measures • We comply with applicable data protection laws in all jurisdictions where we operate

Regional Compliance: • European Union: We comply with GDPR requirements for EU residents • California: We comply with CCPA requirements for California residents • Middle East: We comply with local data protection regulations in the GCC region

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@rawwij.com. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

Users between 13 and 18 years of age may use the Service only with parental or guardian consent and supervision.

Our Service integrates with and contains links to third-party websites and services. This Privacy Policy does not apply to third-party services.

Connected Platforms: When you connect your social media accounts, your use of those platforms is governed by their respective privacy policies: • Instagram/Facebook: facebook.com/privacy • X (Twitter): x.com/privacy • TikTok: tiktok.com/legal/privacy-policy • LinkedIn: linkedin.com/legal/privacy-policy • YouTube: policies.google.com/privacy • Threads: facebook.com/privacy • Snapchat: snap.com/privacy • Telegram: telegram.org/privacy

We encourage you to review the privacy policies of any third-party services you access through our platform.

We use cookies and similar tracking technologies to collect and track information and to improve and analyze our Service.

Types of Cookies We Use: • Essential Cookies: Required for the operation of our Service • Analytical Cookies: Allow us to recognize and count visitors and understand how visitors use our Service • Functional Cookies: Enable enhanced functionality and personalization • Marketing Cookies: Used to track visitors across websites for advertising purposes

Cookie Management: You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of our Service may become inaccessible or not function properly.

Do Not Track: Our Service does not currently respond to "Do Not Track" signals. However, you can opt out of tracking through cookie settings or browser extensions.

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date at the top of this page.

We will notify you of any material changes by: • Sending an email to the address associated with your account • Displaying a prominent notice on our Service • Updating the "Last Updated" date

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the changes.

We encourage you to review this Privacy Policy periodically for any changes.

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Rawwij Kuwait City, Kuwait

Email: • Privacy inquiries: privacy@rawwij.com • General support: support@rawwij.com • Legal matters: legal@rawwij.com

Response Time: We aim to respond to all privacy-related inquiries within 24-48 hours.

For complaints, you may also have the right to lodge a complaint with your local data protection authority.