Effective date: 2026-03-02
Last updated: 2026-03-02

This Privacy Policy explains how eSuwq (السوق) and AlTojjar Academy (the “Academy”) collect, use, share, and protect personal data when you use our AI-powered B2B SaaS services and education products (collectively, the “Services”). We are built on principles of user data ownership, transparency, and security-by-design.

If you do not agree with this policy, please do not use the Services.

1) Who we are (Data Controller)

eSuwq operates the Services and determines how and why personal data is processed (“Controller”), except where we process data on behalf of a business customer under a separate agreement.

Contact (privacy inquiries): academy@ac.altojjar.com

2) Scope

This policy applies to:

  • eSuwq B2B platform features (accounts, business profiles, product listings, messaging, AI features, verification, analytics, support).
  • AlTojjar Academy education experience (course enrollment, learning progress, certificates, community features, and support).
  • Payments for subscriptions and Academy products processed through Stripe.

This policy does not cover third-party websites or services that you access via links from our Services.

3) Data we collect

We collect data in the following categories:

3.1 Data you provide

  • Account data: name, email, phone number, login/authentication information, and profile preferences.
  • Business data (B2B): company name, role/title, business profile content (Arabic/English), verification documents you submit (where applicable), and evidence for claims/certifications.
  • Academy data: enrollment details, course participation, assignment submissions, learning progress, and certificate details.
  • Support & communications: messages sent to our support channels, feedback, and reported issues.

3.2 Data generated through your use

  • Usage data: pages and features used, session events, device and browser information, approximate location (e.g., derived from IP), timestamps, and performance metrics.
  • Security logs: login activity, suspicious activity indicators, rate-limit events, and audit logs for sensitive actions (e.g., profile edits, verification status changes).
  • Messaging & translation data: messages you send through the platform and associated translation outputs, including confidence indicators where applicable.

3.3 Payment and billing data (via Stripe)

When you pay for a subscription or Academy product, Stripe processes payment information (e.g., card data, billing details, transaction identifiers). We typically receive limited payment-related data (e.g., customer ID, payment status, last 4 digits/brand where available, invoice/receipt data) needed to provide the Services and customer support.

Stripe may also process personal data for compliance, fraud prevention, and enabling payment methods.
(See Stripe’s privacy and DPA materials for details.)

4) How we use personal data (Purposes)

We use personal data to:

  • Provide, maintain, and improve the Services (including Academy delivery and platform features).
  • Authenticate users and secure accounts (e.g., OTP/verification flows, fraud prevention).
  • Operate AI features (e.g., content enhancement, translation, recommendations) in a way that is explainable and user-controlled where applicable.
  • Process subscriptions and Academy purchases, manage billing, and handle refunds/charge disputes.
  • Communicate with you (service notices, transactional messages, and support).
  • Conduct analytics to improve performance, reliability, and user experience.
  • Comply with legal obligations and enforce our terms.

5) AI & translations (important)

5.1 English Pivot Architecture (EPA) for cross-language content

For certain cross-language features, we may store:

  • The original user content, and
  • An English “pivot” translation used as a system record for cross-language communication and dispute clarity, while preserving the original content.

5.2 Model providers and routing

We may use multiple AI providers through an AI Gateway with routing and failover to improve reliability and manage cost. Provider selection may differ by feature type and sensitivity.

5.3 Human control and transparency

Where AI suggestions are provided (e.g., listing improvements, message translation), users remain responsible for reviewing outputs before relying on them for business decisions.

6) Legal bases (where applicable)

Depending on your jurisdiction, we process personal data based on:

  • Contract necessity (to provide the Services you request).
  • Legitimate interests (security, service improvement, fraud prevention, analytics).
  • Consent (where required, e.g., certain marketing communications or optional cookies).
  • Legal obligation (tax, accounting, regulatory compliance).

7) How we share personal data

We do not sell personal data. We may share data with:

7.1 Service providers (processors)

  • Payment processing: Stripe (for payments, invoicing, fraud prevention, payment method support).
  • Infrastructure & hosting: hosting, databases, caching, monitoring, and security tooling used to run the Services.
  • Email/communications: transactional email and messaging providers used for verification and notifications.
  • Analytics/monitoring: tools used to measure performance and detect incidents.
  • AI providers: for AI requests you initiate (e.g., translation, content enhancement), subject to our configuration and safeguards.

These providers are authorized to process data only as needed to deliver their services to us.

7.2 Business-to-business visibility

Some information is visible to other users by design (e.g., business profile details, product listings, verification badges, and marketplace-facing content). You control what you publish, and we recommend not posting sensitive personal data in public fields.

7.3 Legal and safety disclosures

We may disclose data if required by law, regulation, legal process, or to protect rights, safety, and security of the Services and users.

7.4 Corporate events

If we undergo a merger, acquisition, restructuring, or asset sale, personal data may be transferred as part of that transaction, subject to applicable law.

8) Cookies and similar technologies

We use cookies/local storage and similar technologies to:

  • Keep you signed in and maintain sessions.
  • Remember language preferences (Arabic/English) and accessibility settings.
  • Support analytics and performance monitoring.
    You can control cookies through your browser settings. Some features may not function without essential cookies.

9) Data retention

We retain personal data only as long as needed for the purposes described, including:

  • Active account maintenance and service delivery.
  • Security, fraud prevention, and auditability (e.g., immutable audit logs for critical operations).
  • Legal and accounting requirements (e.g., invoices, tax).

When data is no longer required, we delete or anonymize it, unless retention is required by law.

10) Security measures

We use administrative, technical, and organizational measures designed to protect personal data, including:

  • Encryption in transit (TLS) and secure storage practices.
  • Access controls and least-privilege, including database-level isolation mechanisms where applicable.
  • Monitoring, logging, and incident response processes.
    No system is 100% secure; you are responsible for safeguarding your credentials.

11) Your rights and choices

Depending on your location, you may have rights such as:

  • Access: request a copy of your personal data.
  • Correction: request correction of inaccurate data.
  • Deletion: request deletion of personal data (subject to legal retention limits).
  • Portability: request export of certain data in a standard format.
  • Objection/restriction: object to certain processing or request restriction.
  • Consent withdrawal: where processing is based on consent, you may withdraw it.

To exercise rights, contact: academy@ac.altojjar.com

12) International transfers

Our service providers may process data in countries other than yours. Where required, we use appropriate safeguards for cross-border transfers (e.g., contractual protections).

13) Children’s privacy

Our Services are intended for businesses and professionals. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us to request deletion.

14) Changes to this Privacy Policy

We may update this policy from time to time. If changes are material, we will provide notice through the Services or by other appropriate means. The “Last updated” date above indicates when this policy was most recently revised.

15) Contact

For privacy questions, requests, or complaints:
academy@ac.altojjar.com