Privacy Policy

Version: V1 — 01/04/2026

This Policy sets out the principles and standards under which we undertake to collect, process, protect, and maintain the confidentiality of your data when you use the platform and the services provided through it. The platform is intended to enable booking services and the management and organization of appointments between users and the participating medical entities, and to support the operation of these services in a secure, organized, and effective manner. Use of the platform and the processing of data associated with it shall be limited to the legitimate purposes necessary for providing the service, operating, administering, securing, and supporting the platform, and for fulfilling the relevant legal and regulatory obligations, in accordance with the applicable laws and regulations.

We collect your data to enable booking services and the management and organization of appointments between the user and the medical provider through the platform, including enabling users to search for providers and book appointments, and enabling providers to manage, create, or coordinate appointments for users where needed. We also collect data to ensure that the application operates properly and securely, and to prevent misuse of the application or use in a manner that may cause harm or adversely affect the service. We do not use your data for commercial or marketing purposes unless we have your explicit consent.

User: The individual who uses the application or whose data is processed through it.

Medical Provider: The hospital, health center, clinic, or medical entity participating in the platform.

Application Provider: The owner and operator of the platform.

Roles of the Parties: Each party's role as a Data Controller or Data Processor may vary depending on the type of data and the purpose of processing. The Medical Provider acts as an independent Data Controller in relation to the data it processes for the operation of its facility and the provision of its services. The Application Provider acts as an independent Data Controller in relation to the data it processes for operating, administering, securing, supporting, and improving the platform. In addition, the Application Provider may act as a Data Processor on behalf of the Medical Provider in relation to certain personal data processed through the platform to enable the services provided through it.

a) User Identification Data: such as name, date of birth, phone number, email address, gender, and any other identifying data necessary to provide the service, including data provided during registration through Google or Apple, for the purposes of account creation, account verification, communication, enabling use of the application, and booking appointments.

b) Location Data: to enable users to search for nearby providers or providers within the relevant geographic area.

c) Service-Related Data: including data necessary to organize, coordinate, and manage the requested medical service and the related appointment.

d) Appointment Data and Status: including appointment details, status, and related updates, in order to facilitate appointment management and interaction between the user and the medical provider.

e) Application Usage Data: including login-related information, booking and usage activity logs, user interaction with the application, and technical information necessary to operate, protect, and support the application, or to prevent misuse.

f) Voluntarily Provided Data: including any information that the user voluntarily provides, such as ratings, comments, or other information, for the purpose of improving, delivering, or evaluating the service.

We process personal data on one or more of the following bases, as applicable depending on the data type and the nature of the service:

1. Service Delivery and Performance of the User's Request
2. Secure and Effective Operation of the Application
3. Legal and Regulatory Compliance
4. Consent: where explicit consent is required for optional processing activities. Users may withdraw consent at any time; however, withdrawal may affect optional features.

We may disclose information where required by law or upon request from competent governmental, judicial, or regulatory authorities.

1. The Medical Provider registered on the application, and its authorized personnel.
2. The Application Provider, in its capacity as the owner and operator of the platform.
3. Authorized technical or operational service providers, including cloud infrastructure providers, messaging or verification service providers.

We implement appropriate technical and organizational measures to protect personal data, including encryption during transmission and storage, appropriate access controls, and periodic backups.

The application relies on cloud infrastructure, and data may be processed, stored, or backed up within or outside the user's country where necessary to operate, provide, and support the platform. We implement appropriate safeguards to protect data in accordance with applicable laws and regulations.

We retain personal data, including appointment and booking data, for as long as necessary to provide the service, operate the platform, enable users to access their appointment history, and comply with applicable legal, regulatory, and operational requirements.

Subject to applicable law, users may request access to their personal data or correction of such data. They may also request deletion where applicable, and may withdraw their consent where processing is based on consent.

In the event of a data breach, we will take appropriate steps to address it and provide notification where required in accordance with applicable laws and regulations.

Application Provider: applies appropriate security measures to protect the platform and data.

Medical Provider: is responsible for securing its own environment.

User: is responsible for the accuracy of the information provided and for maintaining the confidentiality of login credentials.

1. It is prohibited to use, disclose, sell, or exploit data for unauthorized commercial or marketing purposes.
2. The application is not intended for children below the legal age.
3. The application may not be used unless the applicable Terms and Privacy Policy have been accepted.
4. It is prohibited to use the application to make fake or improperly repetitive bookings.
5. Phone number verification is required to complete a booking.

Application Provider: may contact you for account verification, support, in-app notifications, or important updates.

Medical Provider: may contact you regarding appointment confirmation or updates.

This Policy shall be governed by the laws of the State of Qatar, and the Qatari courts shall have jurisdiction unless otherwise agreed in writing.

We may update this Policy from time to time, and the updated version will be published on the website or through the communication channels adopted by the Application Provider.

This Policy has been adopted in Arabic, and an English translation may be provided for convenience. In the event of any inconsistency, the Arabic text shall prevail unless otherwise stated.

By using the application or the services provided through it, you acknowledge that you have reviewed this Privacy Policy and understand its contents.

For any inquiries or urgent data-related reports, please contact:

privacy@yalla.systems