Privacy Policy

1. Introduction & Legal Entity

HAK Platform ("we", "us", or "our") is a software product owned and operated by Jawhra Diqat Almustaqbal Company for General Trading and General Contracting L.L (officially translated as Jewel of the Future Precision General Trading and General Contracting Company Limited Liability), a private limited liability company registered with the Iraqi Companies Registrar, Ministry of Trade, Republic of Iraq, under Certificate of Incorporation No. ICR 02-33178 issued on 24 December 2025.

Our registered headquarters are located at: Baghdad — Al-Qadisiyah, Sector 606, Street 8, Building 106, Apt. 8, Republic of Iraq.

We operate the website hakplatform.com and provide a multi-tenant SaaS platform that enables clinics, stores, restaurants, and other businesses to manage customer communications across WhatsApp, Instagram, and Facebook using AI-powered automation.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. Please read this policy carefully. By accessing or using HAK Platform, you agree to the terms described herein.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, phone number, and password when you create an account.
• Business Information: Business name, type (clinic, store, or restaurant), address, operating hours, and public profile details.
• Payment Information: Billing details necessary for subscription management (processed through secure third-party payment providers).
• Content: Messages, images, menu items, product listings, service descriptions, and other content you create or upload to the platform.

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, interaction timestamps, and session duration.
• Device Information: Browser type, operating system, IP address, and device identifiers.
• Cookies and Similar Technologies: We use cookies and local storage to maintain sessions and improve user experience.

2.3 Information from Third-Party Platforms

When you connect your accounts through Meta platforms (Facebook, Instagram, WhatsApp), we may receive:

• Profile Information: Name, profile picture, and email associated with your Meta account.
• Page and Business Data: Page names, page IDs, and business account identifiers.
• Messaging Data: Messages sent and received through connected channels, including sender information, message content, timestamps, and delivery status.
• Access Tokens: OAuth tokens required to interact with Meta APIs on your behalf. These tokens are encrypted at rest using AES-256-GCM encryption.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the HAK Platform and its features.
• Process and route customer messages across connected channels (WhatsApp, Instagram, Facebook).
• Generate AI-powered automated responses to customer inquiries on behalf of your business.
• Display analytics and performance metrics on your dashboard.
• Manage your account, subscriptions, and billing.
• Send service-related communications (e.g., account verification, security alerts, feature updates).
• Improve our platform through aggregated, anonymized usage analysis.
• Comply with legal obligations and enforce our terms of service.

4. How We Share Your Information

We do not sell your personal information. We may share information only in the following circumstances:

• Meta Platforms: To send and receive messages on your behalf through WhatsApp, Instagram, and Facebook APIs, as authorized by you.
• AI Service Providers: Message content may be processed by our AI provider (OpenAI) to generate automated responses. No personally identifiable information is stored by the AI provider beyond the processing session.
• Infrastructure Providers: We use Supabase (database and authentication), Vercel (hosting), and other infrastructure services that process data on our behalf under strict data processing agreements.
• Legal Requirements: When required by law, subpoena, or government request, or to protect the rights, property, or safety of HAK Platform, our users, or the public.

5. Data Security

We implement industry-standard security measures to protect your data:

• All data is transmitted over HTTPS/TLS encrypted connections.
• Meta access tokens are encrypted at rest using AES-256-GCM encryption.
• Webhook payloads are verified using SHA-256 HMAC signature validation with timing-safe comparison.
• Database access is controlled through Row Level Security (RLS) policies ensuring tenant isolation.
• Service-role credentials are never exposed to client-side code.
• Rate limiting is applied to sensitive API endpoints to prevent abuse.

While we strive to use commercially acceptable means to protect your data, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. When you delete your account, we will delete or anonymize your personal data within 90 days, except where retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing agreements).

Messaging data and conversation history are retained for the duration of your active subscription. You may request deletion of specific data at any time.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal obligations.
• Data Portability: Request your data in a structured, machine-readable format.
• Withdraw Consent: Withdraw consent for data processing at any time, where consent is the legal basis.
• Restriction: Request restriction of processing under certain conditions.

To exercise any of these rights, please contact us at info@hakplatform.com.

8. Meta Platform Data Usage

When you connect your Meta accounts (Facebook, Instagram, WhatsApp) to HAK Platform, we access and process data in accordance with Meta Platform Terms and Meta Developer Policies.

8.1 Facebook Page content and engagement

HAK Platform uses the pages_read_engagement permission only for Facebook Pages that you explicitly connect as a Page admin through our onboarding flow. After you connect a Facebook Page, the app may read Page content and engagement-related data—such as Page posts, media metadata, Page profile information, and available Page engagement or insight data—in order to display this information in your dashboard.

This permission supports our product goal of helping Page admins manage a connected Page from one place. We use this data to:

1. Show you your Page content and engagement context in the dashboard.
2. Provide AI-assisted summaries and operational insights for the connected Page.
3. Help you monitor Page activity and make better management decisions.

This permission is only used for Pages you administer and have intentionally connected to HAK Platform. We do not use it to access Pages you have not connected, and we do not sell or share this data for unrelated purposes. Without pages_read_engagement, the app cannot retrieve the Page-level content and engagement context required for the core Page management and insight features you expect after connecting your Facebook Page.

Specifically:

• We only request permissions necessary to provide our services.
• We do not sell, license, or sublicense Meta platform data to any third party.
• We do not use Meta data for advertising, marketing to unrelated third parties, or building user profiles for purposes unrelated to our services.
• We do not transfer or share Meta data with data brokers or information resellers.
• Access tokens received from Meta are encrypted and stored securely, and are used solely to perform authorized API operations on your behalf.
• You may disconnect your Meta accounts at any time from your dashboard settings, which will revoke our access to your Meta data.

9. Data Deletion

You may request deletion of your data at any time by visiting our Data Deletion page or by contacting us at info@hakplatform.com.

For data received through Meta platforms, we will delete all associated data within 90 days of receiving your deletion request, unless retention is required by applicable law.

10. Cookies

We use essential cookies and local storage to maintain your authentication session and store your preferences. We do not use third-party tracking cookies or advertising cookies.

11. Children's Privacy

HAK Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete such information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure that appropriate safeguards are in place to protect your information in compliance with applicable data protection regulations.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of HAK Platform after any changes constitutes acceptance of the updated policy.

14. Contact Us & Data Controller

The data controller responsible for your personal information is the legal entity identified in Section 1 of this policy. If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

• Legal Entity: Jawhra Diqat Almustaqbal Company for General Trading and General Contracting L.L
• Registration No.: ICR 02-33178 (Iraqi Companies Registrar, Ministry of Trade)
• Registered Address: Baghdad — Al-Qadisiyah, Sec. 606, St. 8, Bldg. 106, Apt. 8, Republic of Iraq
• Email: info@hakplatform.com
• Website: hakplatform.com