Privacy Policy

This Privacy Policy governs the collection, use, storage, and protection of personal data by Birdlineapps ("we," "us," or "our") in compliance with Kuwait Data Privacy Protection Regulation (DPPR) 2024 and Communications and Information Technology Regulatory Authority (CITRA) requirements. This policy applies to all users who access our website, use our services, or provide us with personal information through any means.

Birdlineapps is registered in Kuwait and operates under the jurisdiction of Kuwaiti law and CITRA regulations. Data Controller Information: - Company Name: Birdlineapps - Registration: Kuwait - Data Protection Officer: moe@birdlineapps.com - General Contact: moe@birdlineapps.com - Phone: +965 55489882 - Address: Kuwait City, Kuwait Regulatory Authority: Communications and Information Technology Regulatory Authority (CITRA)

This Privacy Policy applies to: - Personal data collected through our website (birdlineapps.com) - Data collected when users subscribe to our services - Information provided through contact forms and communications - Data collected during service delivery and support - Analytics and usage data This policy does not apply to: - Personal and household data processing exempted under DPPR - Government data processing for security purposes - Publicly available information

We collect the following categories of personal data: **Identity Information:** - Full name - Email address - Phone number - Company information (if applicable) **Technical Data:** - IP address - Browser type and version - Device information - Usage patterns and analytics data **Communication Data:** - Messages and inquiries - Service requests - Feedback and support communications **Service-Specific Data:** - Project requirements - Development specifications - Service preferences All data collection is limited to what is necessary for the specific purposes outlined in this policy.

Under Kuwait DPPR 2024, we process personal data based on the following legal bases: **Consent:** - Explicit consent for service provision - Consent for marketing communications - Consent for data processing beyond essential services **Contractual Necessity:** - Data necessary to fulfill service agreements - Information required for project delivery - Essential service operation data **Legal Obligation:** - Compliance with Kuwaiti laws - Regulatory reporting requirements - Legal proceedings and investigations **Legitimate Interests:** - Service improvement and optimization - Security and fraud prevention - Business operations management For minors under 18, we require explicit parental or guardian consent before collecting any personal data.

We use your personal data for the following purposes: **Service Provision:** - Delivering MVP development services - Providing web and mobile application development - Custom solution implementation - Technical support and maintenance **Communication:** - Responding to inquiries and requests - Service updates and notifications - Marketing communications (with consent) - Customer support interactions **Legal and Regulatory Compliance:** - Meeting DPPR requirements - CITRA reporting obligations - Legal compliance documentation - Audit and regulatory reviews **Service Improvement:** - Analytics and usage insights - Service optimization - User experience enhancement - Quality assurance **Security:** - Fraud detection and prevention - System security maintenance - Incident response and investigation

**Data Storage:** - All personal data is stored on secure servers within Kuwait - Data is encrypted according to CITRA standards - Regular security assessments and monitoring - Backup and disaster recovery procedures in place **Retention Periods:** - Service data: Retained for the duration of service provision plus 7 years - Communications: Retained for 3 years from last interaction - Analytics data: Retained for 2 years in anonymized form - Legal documents: Retained as required by Kuwaiti law - Marketing data: Retained until consent withdrawal **Data Deletion:** - Automatic deletion upon retention period expiration - Immediate deletion upon user request (where legally permitted) - Secure deletion methods ensuring data irrecoverability

Under Kuwait DPPR 2024, you have the following rights: **Right to Access:** - Request confirmation of data processing - Obtain copy of your personal data - Information about processing purposes and recipients **Right to Rectification:** - Request correction of inaccurate data - Update incomplete information - Add supplementary statements **Right to Erasure:** - Request deletion of personal data - Remove data from public display - Delete data from backup systems (where feasible) **Right to Withdraw Consent:** - Stop specific data processing activities - Opt-out of marketing communications - Request data deletion upon consent withdrawal **Right to Object:** - Object to processing for direct marketing - Object to processing based on legitimate interests - Request restriction of processing **Right to Data Portability:** - Receive data in structured, machine-readable format - Transfer data to other service providers - Request direct data transmission between controllers **Right to Lodge Complaints:** - File complaints with CITRA - Seek judicial remedies - Report violations to regulatory authorities To exercise these rights, contact: moe@birdlineapps.com

We implement comprehensive security measures including: **Technical Security:** - End-to-end encryption as per CITRA standards - Secure socket layer (SSL) encryption for data transmission - Regular security vulnerability assessments - Intrusion detection and prevention systems - Access controls and authentication mechanisms **Organizational Security:** - Regular staff training on data protection - Confidentiality agreements with employees - Access limitation on need-to-know basis - Security incident response procedures - Regular security audits and reviews **Physical Security:** - Secure data center facilities - Restricted access to servers - Environmental controls and monitoring - Backup power and redundancy systems **Monitoring and Maintenance:** - 24/7 security monitoring - Regular system updates and patching - Security incident logging and analysis - Continuous security improvement

In accordance with DPPR 2024, we have established breach notification procedures: **Notification to CITRA:** - Within 72 hours of breach discovery - Detailed breach information including: - Nature and extent of the breach - Affected data categories - Potential consequences - Mitigation measures taken **Notification to Data Subjects:** - When the breach is likely to result in high risk - Clear and understandable communication - Recommended protective measures - Contact information for follow-up **Breach Response:** - Immediate investigation and containment - Assessment of breach impact - Implementation of remediation measures - Prevention of future occurrences - Documentation and reporting

Personal data transfers outside Kuwait are subject to: **Transfer Conditions:** - Adequate protection level in destination country - Standard contractual clauses with recipients - Binding corporate rules for intra-organizational transfers - Specific consent for international transfers **Safeguards Implemented:** - Encryption during transmission and storage - Data processing agreements with international partners - Regular compliance audits of international recipients - Right to object to international transfers **Prohibited Transfers:** - Transfers to countries without adequate protection - Transfers without appropriate safeguards - Transfers violating Kuwaiti law or DPPR requirements

We engage third-party processors for: **Service Delivery:** - Cloud hosting providers - Development tools and platforms - Communication services - Analytics providers **Processor Requirements:** - Written data processing agreements - Compliance with DPPR 2024 - Equivalent security measures - Audit rights and cooperation - Data breach notification obligations **Current Processors:** - All processors are vetted for DPPR compliance - Regular compliance monitoring - Immediate termination for violations - Data protection impact assessments

**Marketing Consent:** - Explicit consent required for marketing communications - Easy opt-out mechanisms available - Separate consent for different marketing channels - Consent withdrawal honored promptly **Communication Channels:** - Email marketing (with consent) - SMS marketing (with consent) - Social media communications - Website notifications **User Control:** - Preference management center - One-click unsubscribe options - Communication frequency controls - Channel-specific opt-out options

**Cookie Types:** - Essential cookies for website functionality - Analytics cookies for usage insights - Marketing cookies (with consent) - Security cookies for protection **Cookie Management:** - Cookie consent banner on first visit - Detailed cookie policy available - Cookie preference controls - Regular cookie audit and review **Third-Party Cookies:** - Limited use of third-party cookies - Compliance with DPPR requirements - User consent for non-essential cookies - Alternative tracking methods available

**Update Procedures:** - Regular policy reviews and updates - Notification of significant changes - 30-day notice for material changes - Continued use constitutes acceptance **Change Notification:** - Email notifications to registered users - Website announcements - In-app notifications where applicable - Updated "Last Updated" date **Version Control:** - Policy version tracking - Historical versions available - Change documentation - Regulatory approval when required

**CITRA Compliance:** - Regular reporting to CITRA - Compliance audits and assessments - Regulatory requirement monitoring - Immediate implementation of new requirements **Legal Compliance:** - Kuwait Electronic Crimes Law compliance - Commercial Code requirements - Consumer protection regulations - Industry-specific regulations **Oversight Mechanisms:** - Internal compliance monitoring - External audit procedures - Regulatory inspections - Continuous improvement processes

For privacy-related inquiries, please contact: **Data Protection Officer:** - Email: moe@birdlineapps.com - Phone: +965 55489882 - Response Time: Within 30 days **General Inquiries:** - Email: moe@birdlineapps.com - Phone: +965 55489882 - Address: Kuwait City, Kuwait **Regulatory Authority:** - Communications and Information Technology Regulatory Authority (CITRA) - Website: www.citra.gov.kw - Complaint Hotline: [CITRA contact number] **Legal Rights:** - Right to lodge complaints with CITRA - Right to seek judicial remedies - Right to data protection advocacy