Privacy Policy
Last updated: April 2026
This Privacy Policy explains how Tkibili collects, uses, stores, and protects your personal data when you use our website, mobile applications (iOS and Android), and related services (collectively, the "Platform"). By accessing or using any part of the Platform, you acknowledge that you have read and understood this policy. This policy is issued in compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and applicable regulations.
Scope & Consent
This Privacy Policy applies to all personal data collected through the Tkibili Platform, which includes our website (tkibili.com), our iOS mobile application, our Android mobile application, and any services, features, or content offered through these channels.
By creating an account, placing an order, browsing our Platform, subscribing to notifications, or otherwise interacting with our services, you consent to the collection and processing of your personal data as described in this policy.
If you do not agree with this policy, you must discontinue use of the Platform and may request deletion of your account and personal data by contacting us.
Information We Collect
Personal Information
When you create an account, place an order, or contact us, we collect your name, email address, phone number, shipping and billing addresses, and date of birth (if provided for loyalty rewards).
Account & Authentication Data
If you sign in using Google or Apple, we receive your name, email address, and a unique provider identifier. We do not receive or store your social account password.
Order & Transaction Data
Details of products you purchase, order history, payment method used, delivery preferences, coupon usage, loyalty points transactions, and communications related to your orders.
Payment Data
Payment card details are processed directly by our payment providers (Stripe and Tabby) and are never stored on our servers. We retain only transaction references and payment status.
Device & App Data
When you use our mobile app, we collect device model, operating system, app version, language preference, push notification tokens (Firebase Cloud Messaging), and crash reports via Firebase Crashlytics.
Browsing & Engagement Data
IP address, browser type, device information, referring URLs, pages visited, search queries, wishlist items, products viewed, items added to cart, and abandoned cart data.
Loyalty & Referral Data
Loyalty points balance, tier status, referral codes, referral history, and any rewards earned through our loyalty and referral programs.
How We Use Your Data
Process and fulfill your orders, including payment, shipping, and delivery
Send transactional communications such as order confirmations, shipping updates, and review invitations
Deliver push notifications for order status, promotions, flash sales, and abandoned cart reminders
Personalize your shopping experience, product recommendations, and content based on your preferences
Manage your loyalty points, tier status, referral rewards, and birthday bonuses
Prevent fraud, detect unauthorized activity, and ensure secure transactions
Analyze website and app usage trends, monitor performance, and diagnose crashes via Firebase Crashlytics
Send marketing communications, promotional offers, and re-engagement campaigns (with your consent)
Recover abandoned carts and send reminders about items left in your shopping cart
Comply with legal and regulatory obligations, resolve disputes, and enforce our Terms & Conditions
Legal Basis for Processing
We process your personal data under the following lawful bases as permitted by UAE Federal Decree-Law No. 45 of 2021:
Contractual Necessity
Processing required to fulfill your orders, manage your account, and provide our services to you
Legitimate Interest
Fraud prevention, Platform security, analytics, and improving our products and services
Your Consent
Marketing communications, push notifications, cookie-based tracking, and advertising pixels
Legal Obligation
Compliance with UAE tax laws, commercial transaction records, and regulatory requirements
Data Sharing & Third Parties
We do not sell your personal data. We share information with trusted third parties strictly for the following purposes:
International Data Transfers
Some of the third-party services we use are located outside the United Arab Emirates. Your personal data may be transferred to and processed in the following jurisdictions:
United States — Stripe (payment processing), Google Firebase (push notifications, crash reporting, authentication), Apple (Sign-In verification)
United Arab Emirates — Tabby (Buy Now, Pay Later services)
These transfers are conducted with appropriate safeguards in accordance with Article 22 of the UAE Personal Data Protection Law, including contractual data protection clauses with our service providers.
Push Notifications
When you use our mobile app and grant notification permissions, we collect a Firebase Cloud Messaging (FCM) token from your device along with your language preference (English or Arabic) and device platform (iOS or Android). We use this data to send you:
Shipping confirmations, delivery status, and order-related notifications
Flash sale alerts, new product announcements, and special offers
Abandoned cart reminders, reorder suggestions, and review invitations
Security notifications and account activity alerts
You can disable push notifications at any time through your device's system settings or within the app. Guest order notification tokens are automatically purged 7 days after order completion or cancellation.
Data Security
We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
Encryption
All data transmitted via SSL/TLS. Sessions and cookies are encrypted. HTTPS enforced across the entire Platform
PCI Compliant
Payment processing meets PCI-DSS standards. Card details handled by certified processors, never stored on our servers
Access Controls
Authentication tokens expire automatically. Rate limiting on all sensitive endpoints. Role-based access for staff
While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any data breach in accordance with applicable law.
Data Retention
We retain your personal data only as long as necessary for the purposes described in this policy or as required by law:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 2 years after deletion |
| Order & transaction records | 7 years (UAE Commercial Transactions Law) |
| Payment records | 7 years (financial compliance) |
| Loyalty & referral data | 7 years (financial records) |
| Push notification tokens | Active while account exists; guest tokens purged 7 days after order delivery |
| Abandoned cart data | 90 days |
| Activity & audit logs | 1 year |
Your Rights
Under UAE Federal Decree-Law No. 45 of 2021, you have the following rights regarding your personal data:
Access
Request a copy of the personal data we hold about you
Correction
Request correction of any inaccurate or incomplete data
Deletion
Request deletion of your account and personal data. You can initiate this from your account settings in the app or on the website
Data Portability
Request your data in a structured, machine-readable format
Withdraw Consent
Withdraw your consent for marketing emails, push notifications, or cookie-based tracking at any time
Opt-out
Unsubscribe from marketing communications via the link in any email, or disable push notifications in your device settings
Please note that account deletion will result in forfeiture of all loyalty points, tier status, and referral rewards. Certain data may be retained as required by law (see Data Retention section above). To exercise any of these rights, contact us using the details below.
Children's Privacy
Our Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately so we can take appropriate action to delete such information.
Policy Changes
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The updated version will be posted on this page with a revised "Last Updated" date. For material changes, we will notify you via email or through a notification in our mobile app. We encourage you to review this policy periodically. Continued use of the Platform after changes constitutes acceptance of the updated policy.
Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a complaint about how we handle your data, please reach out: