Receiptable | Privacy Policy

Privacy Notice

Effective Date: 12/02/2026
Last Updated: 01/01/2026

This Privacy Policy explains how Receiptable (“we”, “our”, or “us”) collects, uses, processes, and protects information when you access or interact with: receiptable.co, receipts.bh and receipts.ae.

(collectively, the “Services”).

This Policy is designed to comply with:
- The UAE Personal Data Protection Law (Federal Decree Law No. 45 of 2021)
- The Bahrain Personal Data Protection Law (Law No. 30 of 2018)

Who We Are (Data Controller)

For the purposes of applicable data protection laws, Receiptable acts as the Data Controller in relation to usage and analytics data collected through the Services.

Where we provide services to merchants or payment providers, we may also act as a Data Processor under separate contractual agreements.

For questions regarding this Policy, contact:

Email: legal@receiptable.co

Categories of Data We Collect

When you access a digital receipt page, we may collect the following categories of data:

A. Usage Data
- Pages viewed
- Click activity (e.g., product clicks, promotional offers, social media links)
- Date and time of interaction
- Time spent on pages
- Navigation paths

B. Technical Data
- IP address
- Browser type and version
- Device type and operating system
- Screen resolution
- Referrer URL
- Error logs and performance data

C. Aggregated Data
We generate anonymised and aggregated analytics that do not identify individuals.

We do not intentionally collect:
- Names
- Email addresses
- Phone numbers
- National ID numbers
Payment card details

Unless such data is separately and explicitly provided under a different lawful basis.

Legal Basis for Processing

We process data under one or more of the following lawful bases:

- Legitimate Interests
   To analyse engagement, improve digital receipt performance, measure promotional effectiveness, and ensure platform security.

- Contractual Necessity
   Where processing is required to provide digital receipt services to merchants.

- Legal Obligations
   Where required to comply with applicable law.

We conduct balancing assessments to ensure our legitimate interests do not override your fundamental rights.

How We Use Personal Data

We use collected data to:
- Operate and maintain the Services
- Measure engagement with digital receipts
- Analyse clicks on promotions and social media links
- Improve user experience and page performance
- Detect and prevent fraud or misuse
- Produce anonymised statistical reports for merchants

We do not:
- Sell personal data
- Share behavioural data with advertising networks
- Use data for cross-site targeted advertising

Cookies and Tracking Technologies

The Services use standard cookies and similar technologies to:
- Enable functionality
- Measure performance
- Understand engagement patterns

In Bahrain and the UAE, we provide transparency through this Privacy Policy and a visible link on each digital receipt page.You may disable cookies via your browser settings. Doing so may impact certain functionalities.

Data Sharing

We may share data with:

‍Service Providers
‍Analytics providers, cloud hosting providers, and infrastructure partners who process data under strict contractual confidentiality and data protection obligations.

‍Merchants
‍We may provide merchants with anonymised or aggregated engagement reports.

‍Legal Authorities
‍Where required by law, regulation, or court order.We do not share personal data for third-party marketing.

International Transfers

Your data may be processed in jurisdictions outside the UAE or Bahrain.

Where required under applicable law, we implement appropriate safeguards, including:
- Contractual data protection clauses
- Transfers to jurisdictions with adequate protection standards

Data Retention

We retain personal data only for as long as necessary to:
- Fulfil the purposes described above
- Comply with legal obligations
- Resolve disputes and enforce agreements

Aggregated and anonymised data may be retained indefinitely.

Data Subject Rights

Under UAE and Bahrain PDPL, you may have the right to:
- Request access to your personal data
- Request correction of inaccurate data
- Request deletion of personal data
- Restrict or object to certain processing
- Withdraw consent (where consent is the legal basis)
- Request data portability (where applicable)

To exercise your rights, contact:
legal@receiptable.co

We may request verification of identity before responding.

Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:Encrypted data transmission (HTTPS/TLS)
- Access controls
- Secure cloud infrastructure
- Role-based data access
- Monitoring and logging controls

Automated Decision-Making

We do not use personal data for automated decision-making that produces legal or similarly significant effects on individuals.

Updates to This Policy

We may update this Privacy Policy periodically. Updates will be published on the Services with a revised “Last Updated” date.

Continued use of the Services after changes are published constitutes acceptance of the updated Policy.