Privacy policy

Testahel offers cashless tipping for Oman's service sector. We collect as little personal data as possible. When you leave a tip you stay anonymous — we do not ask for your name, email, or phone number, and we never see or store your card details, which are handled directly by our payment provider. This policy explains what we collect, why, and your rights under Oman's Personal Data Protection Law (PDPL).

Data we collect and why

From people leaving a tip, the only optional information is a short thank-you message and a 1–5 rating, both shared by choice (consent). For staff and venue owners with an account, we hold an email and display name to enable login and route payouts (contract), and a payout destination token — never raw bank documents. To protect the service from abuse we process IP and device identifiers as short-lived security counters (legitimate interest); these are not linked to any profile. We keep audit logs as a security and accountability record. We do not store card data or identity (KYC) documents — these stay with our payment and onboarding providers.

Retention

Tip records and the messages attached to them are retained for financial and audit purposes; a message held on the basis of consent is purged on request. Rate-limit counters auto-expire within minutes via automatic Firestore expiry. Audit logs are kept as a long-term security record. Account data for staff and owners is kept while the account is active and for any applicable legal hold.

Your rights

Under Oman's PDPL you have the right to access the personal data we hold about you and to request its correction or erasure. Because tippers are anonymous, we usually cannot link a tip to a person; if you can identify a specific tip (for example by amount, venue, and time), we can review a request to remove its message.

To exercise your rights or ask a question about this policy, contact us at privacy@testahel.om. We review each request manually.