Privacy Policy & Terms of Service

Bookly ("we", "us", or "our"), a product of Ultimate IT Solutions, operates the bookly.qa website and mobile applications (the "Service"). This Privacy Policy and Terms of Service explain how we collect, use, disclose, and safeguard your personal information when you use our Service, and govern the relationship between Bookly, Hosts, and Guests. By accessing or using the Service, you agree to this Privacy Policy and Terms of Service. If you do not agree, please discontinue use of the Service immediately. This policy complies with the Qatar Personal Data Privacy Law (PDPL), the European Union General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

We collect the following categories of personal information: • Identity Data: First name, last name, date of birth, nationality, government-issued ID or passport details (for booking verification). • Contact Data: Email address, phone number, postal address. • Account Data: Username, password (encrypted), account preferences, language preference. • Booking Data: Property selections, check-in/check-out dates, guest count, special requests, booking history. • Financial Data: Payment card details (processed via PCI-DSS compliant gateways — we do not store full card numbers), bank transfer receipts, transaction history. • Technical Data: IP address, browser type, device information, operating system, access times, referring URLs. • Usage Data: Pages visited, features used, search queries, interaction patterns. • Communication Data: Messages sent through our platform, support tickets, feedback, reviews. • Document Data: Guest identification documents, contracts, and uploaded receipts as required by property policies. We collect this data directly from you, automatically through cookies and similar technologies, and from third-party sources (payment processors, OTA partners).

We use your personal data for the following purposes: • Service Delivery: To create and manage your account, process bookings, generate contracts, and facilitate payments. • Communication: To send booking confirmations, check-in instructions, receipts, and respond to your inquiries. • Personalization: To display relevant properties, provide AI-powered recommendations, and remember your language and currency preferences. • Security: To verify identity, prevent fraud, enforce our terms, and protect the safety of our users. • Analytics: To understand usage patterns, improve our platform, and optimize performance. • Legal Compliance: To comply with applicable laws, regulations, and legal processes, including tax reporting and anti-money laundering requirements. • Marketing: With your consent, to send promotional offers, newsletters, and property recommendations. You can opt out at any time.

We process your personal data under one or more of the following legal bases: • Contractual Necessity: Processing required to perform a booking contract between you and a property owner. • Legitimate Interest: Platform security, fraud prevention, service improvement, and analytics. • Consent: Marketing communications, non-essential cookies, and AI-powered personalization features. • Legal Obligation: Tax compliance, anti-money laundering, and regulatory reporting. You may withdraw your consent at any time by contacting us at [email protected] or through your account settings.

We share your information only as described below: • Property Owners & Hosts: Your name, contact details, and booking information are shared with the property owner to fulfill your reservation. • Payment Processors: Financial data is shared with licensed payment gateways (SkipCash, MyFatoorah) for transaction processing under PCI-DSS standards. • Travel Agents: If your booking was made through an agent, relevant booking details are shared with them. • Service Providers: We use trusted third-party services for email delivery (Resend), analytics, cloud hosting (Firebase/Google Cloud), and AI processing (Google Gemini). These providers are bound by data processing agreements. • Legal Requirements: We may disclose data when required by law, court order, or government regulation. • Business Transfers: In the event of a merger, acquisition, or asset sale, user data may be transferred as part of the business assets. We do NOT sell your personal information to third parties.

We use cookies and similar technologies to: • Essential Cookies: Maintain your session, authentication, and security tokens. These are required for the Service to function. • Preference Cookies: Remember your language, currency, and display preferences. • Analytics Cookies: Understand how you use the Service (via Firebase Analytics). These are anonymized. • Marketing Cookies: With your consent, track the effectiveness of promotional campaigns. You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent you from using certain features. We also use local storage and session storage for temporary data such as booking drafts and form state.

We retain your personal data only as long as necessary for the purposes outlined in this policy: • Active Accounts: Data is retained for the lifetime of your account plus 30 days after deletion. • Booking Records: Retained for 7 years after the booking date for tax, accounting, and legal compliance. • Financial Records: Retained for 7 years as required by Qatar Commercial Company Law and tax regulations. • Communication Logs: Support tickets and messages are retained for 3 years. • Technical Logs: Server and access logs are retained for 12 months. • Marketing Preferences: Retained until you withdraw consent. After the retention period, data is securely deleted or anonymized.

Depending on your location, you have the following rights regarding your personal data: • Right of Access: Request a copy of the personal data we hold about you. • Right to Rectification: Request correction of inaccurate or incomplete data. • Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention requirements. • Right to Restrict Processing: Request that we limit how we use your data. • Right to Data Portability: Receive your data in a structured, machine-readable format. • Right to Object: Object to processing based on legitimate interests or direct marketing. • Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing. • CCPA Rights: California residents may request disclosure of data collected and shared, and may opt out of the "sale" of personal information (we do not sell data). To exercise any of these rights, contact us at [email protected]. We will respond within 30 days (or as required by applicable law).

Your data may be processed in countries outside of Qatar, including: • Google Cloud servers (for Firebase services) located in the EU, US, and other regions. • Payment processors that operate internationally. When transferring data internationally, we ensure adequate protection through: • Standard Contractual Clauses (SCCs) approved by the European Commission. • Data processing agreements with all third-party providers. • Compliance with the Qatar PDPL requirements for cross-border transfers. • Encryption of data in transit and at rest.

We implement industry-standard security measures to protect your data: • Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.3. Sensitive data at rest is encrypted using AES-256. • Authentication: Multi-factor authentication is available. Passwords are hashed using bcrypt. • Access Control: Role-based access ensures only authorized personnel can access personal data. • Infrastructure: Hosted on Google Cloud / Firebase with SOC 2, ISO 27001, and ISO 27017 certifications. • Monitoring: Continuous security monitoring, intrusion detection, and automated threat response. • Payment Security: All payment processing is handled by PCI-DSS Level 1 certified providers. We never store complete card numbers. • Incident Response: We maintain a documented incident response plan. In the event of a breach affecting your data, we will notify you and relevant authorities within 72 hours as required by GDPR.

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at [email protected].

Our Service may contain links to third-party websites, payment processors, or OTA platforms (Airbnb, Booking.com, Agoda, Expedia). We are not responsible for the privacy practices of these external sites. We recommend reviewing the privacy policies of any third-party service before providing your personal information.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes: • We will update the "Last Updated" date at the top of this page. • For significant changes, we will notify you via email or a prominent notice on the Service. • Continued use of the Service after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Bookly — A Product of Ultimate IT Solutions Email: [email protected] Phone: +974 3004 7177 Address: Grand Hamad St, Doha, Qatar For EU residents, you also have the right to lodge a complaint with your local Data Protection Authority. For Qatar residents, complaints may be directed to the Compliance and Data Protection Department of the Ministry of Transport and Communications.

Bookly is an online marketplace and technology platform operated by Ultimate IT Solutions that connects property owners ("Hosts") with travelers ("Guests"). Bookly acts solely as an intermediary channel and is NOT a party to any rental agreement, lease, or accommodation contract between Hosts and Guests. • Bookly does not own, manage, operate, or control any properties listed on the platform. • Bookly does not make representations or warranties regarding the quality, safety, suitability, legality, or condition of any listed property. • All property descriptions, photographs, pricing, availability, and terms of accommodation are the sole responsibility of the Host. • Bookly is not liable for any disputes, damages, injuries, losses, or claims arising from or related to any booking, stay, or interaction between Hosts and Guests. By using this platform, you acknowledge and agree that Bookly's role is limited to providing the technology infrastructure that facilitates the connection between Hosts and Guests.

All Hosts listing properties on Bookly are solely and fully responsible for: • Compliance with all applicable local, national, and international laws, regulations, ordinances, and licensing requirements related to short-term rentals and property management. • Ensuring properties meet all safety, health, fire, and building code standards as required by the State of Qatar and any other applicable jurisdiction. • Providing accurate, truthful, and complete property descriptions, photographs, pricing, and availability information. • Maintaining valid insurance coverage for their properties, including public liability insurance. • Honoring confirmed bookings and providing the accommodation as described. • Resolving any complaints, disputes, or issues raised by Guests relating to the property or the stay. • Compliance with anti-discrimination laws — Hosts must not refuse bookings based on race, ethnicity, nationality, religion, gender, sexual orientation, disability, or any other protected characteristic. • Tax collection, reporting, and remittance obligations, including tourism taxes, VAT, or any other applicable levies. • Safeguarding Guest personal information received through the platform in accordance with this Privacy Policy and applicable data protection laws. Hosts who fail to meet these obligations may have their accounts suspended or permanently terminated without prior notice.

Bookly is committed to protecting Guests and ensuring a safe booking experience: • Booking Guarantee: If a Host cancels a confirmed booking or the property is materially different from the listing description, Bookly will assist the Guest in finding alternative accommodation or processing a full refund. • Secure Payments: All payments are processed through licensed, PCI-DSS compliant payment gateways. Bookly holds funds in escrow and releases them to Hosts only after Guest check-in is confirmed. • Identity Verification: Hosts are required to verify their identity and property ownership before listing on the platform. • Review System: Guests may leave honest reviews after their stay. Reviews cannot be removed by Hosts and are moderated only for policy violations. • Support: Guests have access to 24/7 customer support for any issues during their stay. • Dispute Resolution: In the event of a dispute between a Guest and a Host, Bookly may, at its sole discretion, mediate the dispute. Bookly's decision in any mediated dispute is final and binding. • Refund Policy: Refunds are governed by the cancellation policy selected by the Host at the time of listing. Bookly reserves the right to issue refunds at its sole discretion in cases of fraud, safety concerns, or material misrepresentation.

Bookly reserves the absolute and unconditional right to suspend, freeze, restrict, or permanently delete any Host, Guest, or Agent account at any time, for any reason, without prior notice, without liability, and without the requirement of obtaining permission from the account holder. Grounds for account action include, but are not limited to: • Violation of these Terms of Service, Privacy Policy, or any Bookly policy. • Fraudulent activity, misrepresentation, or deceptive practices. • Listing unsafe, illegal, or non-existent properties. • Harassment, abuse, threats, or discrimination against any platform user. • Failure to honor confirmed bookings without legitimate justification. • Manipulation of reviews, ratings, or pricing. • Money laundering, terrorism financing, or any other illegal financial activity. • Unauthorized use of another person's identity, payment method, or account. • Any conduct that Bookly determines, in its sole discretion, is harmful to the platform, its users, or its reputation. Upon account termination: • The user will lose access to all platform features and data associated with their account. • Any pending bookings may be cancelled at Bookly's discretion. • Any funds held in escrow will be handled according to Bookly's refund and payment policies. • Bookly may retain user data as required by law or for legitimate business purposes. • The terminated user may not create a new account without Bookly's written permission. Bookly shall not be liable for any losses, damages, or expenses arising from account suspension or termination.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW: • Bookly, its parent company Ultimate IT Solutions, its officers, directors, employees, agents, and affiliates shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from or related to your use of the platform. • Bookly's total aggregate liability for any claims arising from or related to the Service shall not exceed the total service fees paid by you to Bookly in the twelve (12) months preceding the claim. • Bookly is not liable for any acts, omissions, errors, negligence, misconduct, or breaches by Hosts, Guests, or any third party. • Bookly does not guarantee the availability, accuracy, completeness, reliability, or timeliness of any content on the platform. • Bookly shall not be liable for any loss or damage arising from force majeure events, including but not limited to natural disasters, pandemics, government actions, wars, or infrastructure failures. This limitation of liability applies regardless of the theory of liability (contract, tort, strict liability, or otherwise) and even if Bookly has been advised of the possibility of such damages.

These Terms of Service and Privacy Policy shall be governed by and construed in accordance with the laws of the State of Qatar. Any dispute, claim, or controversy arising out of or relating to these terms or the Service shall be subject to the exclusive jurisdiction of the courts of the State of Qatar, sitting in Doha. Notwithstanding the foregoing, Bookly reserves the right to seek injunctive or other equitable relief in any court of competent jurisdiction to protect its intellectual property rights or to prevent irreparable harm. If any provision of these terms is found to be unenforceable or invalid, the remaining provisions shall continue in full force and effect. These terms constitute the entire agreement between you and Bookly regarding the use of the Service and supersede all prior or contemporaneous communications and proposals.