Privacy Policy

Last updated: May 29, 2026

At Dakki Shop (operated by Urbicode Services LLC) we take privacy seriously. This Policy explains what personal data we collect, why we use it, who we share it with, and the rights you have over your information. By using the Platform you accept the practices described here.

1. Data Controller

The data controller is Urbicode Services LLC, a company organized under the laws of the State of Florida, United States of America. For any privacy inquiry, contact privacy@dakki.shop.

2. Data We Collect

2.1 Data you provide directly

  • Account data: full name, WhatsApp number, preferred language and, optionally, profile picture.
  • Business data (for Shop Owners): legal name, address, business type, description, logo, cover image, social links, opening hours, team, services, and product catalog.
  • Booking data: service or product booked, date and time, chosen business, assigned professional, additional notes.
  • Payment data (subscribed Businesses only): card or payment-method data is processed directly by Stripe; we do not store card numbers on our servers.
  • Communications: messages sent via the contact form, support, or WhatsApp.

2.2 Data collected automatically

  • Geolocation: approximate GPS coordinates (with your express browser consent) or city/neighborhood when entered manually, to display nearby businesses.
  • Technical information: IP address, device type, operating system, browser, language, time zone, pages visited, and session duration.
  • Searches: queries entered in the search bar and results displayed, to improve service quality.
  • Cookies and similar technologies: see our Cookie Policy.

2.3 Data from third parties

We may receive data from:

  • WhatsApp / Meta: phone number and public name when you start a conversation by WhatsApp with the Platform.
  • Stripe: payment confirmations and subscription status.
  • Google Maps: address suggestions when filling out the business form.

3. Purposes of Processing

We use your personal data to:

  • Provide the service: create your account, manage bookings, connect Customers with Businesses, send confirmations and reminders via WhatsApp.
  • Process subscription payments (Businesses): billing, renewals, cancellations.
  • Security: verify your identity with OTP codes, detect and prevent fraud, impersonation, or abuse of the Platform.
  • Service improvement: statistical analysis of searches and usage patterns to improve the Platform and develop new features. These analyses are performed in aggregate and anonymized form where possible.
  • Operational communications: booking notifications, status changes, security alerts. These do not require additional consent as they are necessary for the service.
  • Marketing communications (opt-in): sending newsletters, promotions, or tips, only if you give express consent. You may withdraw it at any time.
  • Legal compliance: respond to authority requests, judicial processes, exercise or defend claims.

4. Legal Bases for Processing

  • Contract performance: processing is necessary to provide the service you request.
  • Consent: for geolocation, marketing communications, and non-essential cookies.
  • Legal obligation: to comply with accounting, tax, or data-protection regulations.
  • Legitimate interest: for security, fraud prevention, and product improvement, always balanced against your rights.

5. Sharing Data with Third Parties

Your data may be shared with:

  • Businesses: name and phone when you make a booking, so they can contact you and serve the appointment. The Business becomes an autonomous controller of the data it receives.
  • Infrastructure providers: Supabase (database), Cloudflare R2 (image storage), Coolify (hosting). These providers act as processors and process data solely under our instructions.
  • Payment providers: Stripe processes Business subscription payments.
  • Messaging providers: Twilio and Evolution API handle WhatsApp message delivery and reception.
  • Artificial intelligence: Google (Gemini API) processes natural-language search queries. Data sent is not used to train models per the API terms.
  • Authorities: when required by law, court order, or valid government investigation.

We do not sell your personal data to third parties for marketing purposes.

6. International Transfers

Some of our providers (Supabase, Cloudflare, Stripe, Google) are located outside your country of residence, primarily in the United States and the European Union. We adopt appropriate safeguards so that such transfers comply with applicable standards, including Standard Contractual Clauses where applicable.

7. Data Retention

  • Account data: while your account is active, plus a reasonable additional period to comply with legal obligations or defend rights (maximum 5 years from last activity).
  • Booking data: up to 5 years from the appointment date, for accounting and support purposes.
  • OTP data (verification codes): 24 hours after use, 7 days if not verified.
  • WhatsApp sessions: 30 days of inactivity before automatic deletion.
  • Search logs: up to 24 months for statistical analysis.
  • Tax data (Businesses): the period legally required by applicable tax regulations.

8. Your Rights

You have the following rights over your personal data:

  • Access: obtain confirmation of whether we process your data and a copy of it.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure (“right to be forgotten”): request deletion of your data when no longer necessary.
  • Restriction: restrict processing in certain circumstances.
  • Portability: receive your data in a structured, commonly used format.
  • Objection: object to processing based on legitimate interest or for marketing.
  • Withdraw consent: where processing is based on your consent, at any time.
  • Lodge a complaint: before the data-protection authority of your country of residence.

To exercise any of these rights, contact us at privacy@dakki.shop. We will respond within 30 days of receiving your verified request.

9. Security

We implement reasonable technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. This includes:

  • Encryption in transit (HTTPS / TLS) and at rest of databases.
  • Access control via roles, secure passwords, and OTP.
  • Per-business data isolation via Row-Level Security.
  • Log auditing and monitoring of suspicious attempts.
  • File-type and size restrictions for uploads to our servers.

However, no system is 100% impenetrable. In the event of a security incident affecting your data, we will notify you without undue delay.

10. Minors

The Platform is not directed at children under 18 years of age. We do not knowingly collect data from minors. If we discover that we have collected data from a minor without legal-guardian consent, we will delete it immediately.

11. Cookies

We use cookies and similar technologies to operate the Platform. See our Cookie Policy for details.

12. Changes to this Policy

We may modify this Policy to reflect legal, technical, or operational changes. The updated version will be published on this page with the new date. If changes are substantial, we will notify you by email or a prominent notice on the Platform.

13. Contact

For privacy inquiries or to exercise your rights: