NAWRLY  is committed to protecting your privacy. This Policy explains how we collect, use, share, and safeguard personal information when you visit nawrly.com or use our Android/iOS applications (collectively, the “Services”). By using the Services, you consent to this Policy.

1) Who we are

Data Controller: NAWRLY
Website: https://nawrly.com
Contact: [email protected]
Registered location: Cairo, Egypt

2) Information we collect

We may collect the following categories of data:

A. Information you provide

  • Account details (name, email, phone), passwords (hashed), and communication preferences.

  • Order details (items, prices, discounts), shipping & billing addresses, and notes.

  • Support communications (emails, chats) and uploaded content (e.g., product reviews).

B. Automatically collected information

  • Device & log data (IP address, device model, OS/version, browser/app version, language, time zone).

  • Usage data and in‑app events (product views, cart actions, purchases).

  • Identifiers (Firebase Instance ID, Instance Token, and—if advertising is enabled—Advertising ID).

  • Cookies, SDK signals, and similar technologies (see §6).

C. Payments

  • Payments are processed by Paymob. We do not store full card numbers or CVV. We may receive tokens, payment result/status, and fraud signals to complete your order.

D. Optional data (only if you enable a feature)

  • Notifications (push token for Firebase Cloud Messaging).

  • Camera/Photos/Files (e.g., profile avatar, order attachments) – only when you choose to use such features.

  • Location (approximate/precise) – only if a feature requires it and you grant permission.

3) How we use your data

  • Provide, operate, and improve the Services.

  • Process orders, payments, refunds, and deliveries.

  • Authenticate logins (including Google/Facebook) and maintain accounts.

  • Send order updates, service messages, and optional marketing.

  • Personalize content, recommendations, and promotions.

  • Measure performance and analyze trends (e.g., Google Analytics, Firebase Analytics).

  • Prevent fraud/abuse and ensure security.

  • Comply with legal and tax obligations.

Legal bases (where applicable): performance of contract, legitimate interests, consent, and legal obligation.

4) Sharing & disclosure

We do not sell, rent, or trade your personal data. We may share data with:

  • Service providers under contract (hosting, support, analytics, messaging, crash reporting).

  • Payments: Paymob to securely process transactions.

  • Analytics & marketing: Google Analytics, Facebook Pixel/SDK (where enabled and subject to your settings/consent).

  • Shipping carriers to deliver orders.

  • Affiliates and professional advisors (as needed) under confidentiality.

  • Business transfers (merger, acquisition) and legal requests (to comply with law, protect rights).

5) Cookies, SDKs & similar technologies

We use cookies/SDKs to remember preferences, keep you signed in, analyze usage, and measure campaigns (including retargeting). You can manage cookies in your browser and control ad tracking or reset the advertising ID in device settings. Opting out may limit certain features.

6) Mobile permissions

The app may request permissions to enable features you choose to use, such as Notifications, Camera/Photos/Files, or Location. You can revoke permissions at any time from your device settings; some features may stop working without permission.

7) Data retention

We keep data for as long as necessary to provide the Services, meet legal/tax obligations, resolve disputes, and enforce agreements. Retention periods vary by category and context.

8) Security

We implement technical and organizational measures (encryption in transit via HTTPS, access controls). No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9) International transfers

We may transfer data to countries that may have different data protection laws. Where required, we use appropriate safeguards (e.g., contractual clauses).

10) Children’s privacy

The Services are not directed to children under 13. If we learn that we collected data from a child under 13, we will delete it.

11) Your rights

Subject to law, you may request: access, correction, deletion, portability, restriction, objection, or withdrawal of consent. We may ask for verification. Contact us at [email protected].

Marketing: you can opt out of marketing emails via the unsubscribe link; push notifications can be turned off in device settings.

12) Third‑party services & social logins

Our Services may link to third‑party sites/apps whose privacy practices differ. Social logins (e.g., Google/Facebook) are governed by those providers’ policies. Please review their privacy notices.

13) Changes to this Policy

We may update this Policy from time to time. The updated version will be posted here with a new “Last updated” date. Continued use of the Services after changes means you accept the revised Policy.

14) Contact us

If you have questions or requests, contact: [email protected]

To delete your account and associated data: 1) Email us from your registered address to [email protected] with the subject “Delete my account”. 2) Include: full name, registered email (phone optional). 3) We will process within 30 days and confirm via email. Note: We may retain legally required records (invoices/tax) for the necessary period.