Privacy Policy

1. Introduction

Taawoon ("Taawoon," "we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy describes how we collect, use, disclose, store, and protect your information when you use the Taawoon platform, including our website, progressive web application (PWA), admin dashboard, APIs, and all related services (collectively, the "Platform").

By accessing or using the Platform, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this Policy, please do not use the Platform.

This Privacy Policy should be read together with our Terms and Conditions.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide when using the Platform, including:

• Account Registration: Name, email address, phone number, password, designation, and company name.
• Profile Information: Bio, profile photo, website URL, country, city, timezone, and social media handles (Instagram, TikTok).
• KYC Application Data: Identity verification information, UAE Media License status, social media handles, and portfolio links.
• Portfolio and Work Samples: Videos, documents, images, links, and other creative work samples you upload.
• Licenses and Credentials: Professional license files and license numbers.
• Campaign and Collaboration Data: Campaign briefs, deliverables, contracts, NDAs, comments, feedback, and related files.
• Communication Data: Messages exchanged through the Platform, AI assistant conversations, and feedback submissions.
• Payment Information: Billing details provided through our third-party payment processor (Stripe). We do not store your full credit card numbers on our servers.
• Organization Data: Organization name, brand information, team member details, and organizational structure.

2.2 Information Collected Automatically

When you access the Platform, we may automatically collect:

• Device Information: Device type, operating system, browser type, and screen resolution.
• Usage Data: Pages visited, features used, Token consumption, search queries, and interaction patterns.
• Session Data: Login timestamps, session duration, and authentication tokens (JWT-based).
• Log Data: IP addresses, access times, error logs, and referring URLs.

2.3 Information from Third-Party Sources

We may collect information about Creators from authorized third-party data providers, including:

• Social Media Analytics: Public profile data, follower counts, engagement metrics, content performance, and audience demographics sourced through authorized analytics providers.
• Audience Insights: Aggregated demographic data including age distribution, gender breakdown, geographic locations, and language preferences of Creator audiences.
• Credibility Metrics: Data regarding account authenticity, fake follower percentages, and credibility scores.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Platform Operations: To provide, maintain, and improve the Platform and its features.
• Account Management: To create and manage your account, authenticate your identity, and process KYC applications.
• Discovery and Matching: To enable Brands to discover and evaluate Creators and Freelancers using search, filters, and AI-powered recommendations.
• AI-Powered Services: To provide AI-assisted discovery, brief analysis, conversational assistance, and creator matching through integration with AI service providers. Your queries and interactions with AI features may be processed by third-party AI services to generate responses.
• Campaign Management: To facilitate campaign creation, outreach, deliverable tracking, and collaboration workflows.
• Communications: To send you transactional emails (OTP codes, password resets, invitation links), notifications, and platform updates.
• Billing and Payments: To process Subscription payments, Token purchases, and manage billing through our payment processor.
• Analytics and Improvements: To analyze usage patterns, monitor Platform performance, and improve our services.
• Security: To detect, prevent, and respond to fraud, abuse, security threats, and technical issues.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
• Embedding and Similarity Matching: To generate vector embeddings from Creator and Freelancer profile data for AI-powered similarity matching and discovery features.

4. How We Share Your Information

We do not sell your personal data. We may share your information in the following circumstances:

4.1 With Other Platform Users

• Creator and Freelancer profile information (name, bio, portfolio, skills, metrics) is visible to Brands using the Platform for discovery and collaboration.
• Campaign and collaboration details are shared between participating parties.
• Shared shortlists may be accessible to recipients via secure, authenticated links.

4.2 With Third-Party Service Providers

We share information with trusted third-party service providers who assist us in operating the Platform:

4.3 For Legal Reasons

We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to: (a) protect the rights, property, or safety of Taawoon, our Users, or the public; (b) enforce our Terms and Conditions; (c) detect, prevent, or address fraud, security, or technical issues; or (d) comply with a court order or legal obligation.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of the transaction. We will notify you of any such transfer and any choices you may have regarding your information.

5. Data Storage and Security

5.1 Data Storage

Your data is stored on secure cloud infrastructure. Database records are stored in PostgreSQL databases hosted on managed cloud services. Files, documents, and media are stored using cloud-based object storage services.

5.2 Security Measures

We implement industry-standard security measures to protect your data, including:

• Passwords are hashed using bcrypt with strong salt rounds and are never stored in plain text.
• Authentication is managed through secure JSON Web Tokens (JWT) with session expiration.
• One-time passwords (OTPs) are hashed using SHA-256 and expire after 10 minutes.
• Payment webhook events are verified using cryptographic signature validation.
• Internal API communications are protected with secret-based authentication.
• Data transmission is encrypted using HTTPS/TLS protocols.

While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your information.

6. Cookies and Session Data

We use cookies and similar technologies for the following purposes:

• Authentication Cookies: Essential cookies that maintain your login session and authenticate your identity (JWT session tokens).
• Preference Cookies: Cookies that remember your settings and preferences for a better user experience.
• Service Worker: Our progressive web application uses a service worker for offline capabilities and performance optimization.

You can control cookie settings through your browser. However, disabling essential cookies may prevent you from using certain Platform features, including login and authentication.

7. Data Retention

We retain your personal data for as long as necessary to:

• Provide you with the Platform services and maintain your account.
• Comply with legal, regulatory, and contractual obligations.
• Resolve disputes and enforce our agreements.
• Maintain business records as required by applicable law.

When your account is terminated or deleted, we will delete or anonymize your personal data within a reasonable timeframe, except where retention is required by law or for legitimate business purposes (such as maintaining audit trails or resolving pending disputes).

Certain data, such as AI conversation logs and aggregated usage analytics, may be retained in anonymized or de-identified form for service improvement purposes.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: You may request a copy of the personal data we hold about you.
• Correction: You may request that we correct inaccurate or incomplete personal data. You can also update most of your information directly through your account settings.
• Deletion: You may request that we delete your personal data, subject to legal retention requirements and legitimate business needs.
• Portability: You may request a copy of your data in a structured, commonly used, and machine-readable format.
• Restriction: You may request that we restrict the processing of your personal data in certain circumstances.
• Objection: You may object to the processing of your personal data for certain purposes, including direct marketing.
• Withdrawal of Consent: Where processing is based on your consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, please contact us at privacy@taawoon.co. We will respond to your request within the timeframe required by applicable law.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws in your jurisdiction. By using the Platform, you consent to the transfer of your information to countries where our servers, third-party service providers, and partners operate.

We take appropriate measures to ensure that your data receives an adequate level of protection in the jurisdictions in which we process it, including through the use of appropriate contractual safeguards and security measures.

10. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18 years of age. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information promptly. If you believe a child under 18 has provided us with personal data, please contact us at privacy@taawoon.co.

11. AI and Automated Data Processing

The Platform uses artificial intelligence and automated processing in the following ways:

• Creator and Freelancer Matching: We use AI algorithms and vector embeddings to match Brands with relevant Creators and Freelancers based on profile data, skills, audience demographics, and campaign requirements.
• Conversational AI: Our AI assistant processes your queries and conversation history to provide relevant responses and recommendations. Conversations may be sent to third-party AI service providers for processing.
• Analytics and Insights: We use automated processing to generate performance metrics, credibility scores, and audience insights for Creator profiles.
• Content Analysis: Campaign briefs and requirements may be analyzed by AI to optimize matching and discovery results.

Automated processing is used to assist and augment human decision-making, not to make decisions that have legal or similarly significant effects on you without human oversight. You may contact us to request human review of any significant decision made through automated processing.

12. Third-Party Links and Services

The Platform may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to third-party services. We are not responsible for the privacy practices or content of third-party services. We encourage you to review the privacy policies of any third-party services you access through the Platform.

13. Data Breach Notification

In the event of a data breach that affects your personal data and poses a risk to your rights and freedoms, we will: (a) notify the relevant supervisory authorities as required by applicable law; and (b) notify affected Users without undue delay, providing details of the breach and the measures taken to address it.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated Privacy Policy on the Platform and update the "Last Updated" date at the top of this page. Material changes will be communicated through email or in-app notifications.

Your continued use of the Platform after any changes to this Privacy Policy constitutes your acceptance of the updated Policy. We encourage you to review this Privacy Policy periodically.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will respond to your inquiries within a reasonable timeframe and in accordance with applicable data protection laws.