Privacy Policy

Last updated: March 25, 2026

1. Information We Collect

We collect the following types of personal information when you use Rovea:

  • Full name and display name
  • Email address
  • Phone number
  • KYC verification documents (government-issued ID) for providers
  • Location data (city, region) for matching with nearby providers
  • Payment information (processed and stored securely by Stripe)
  • Usage data (browsing activity, search queries, booking history)

2. How We Use Your Data

We use the information we collect for the following purposes:

  • Creating and managing your account
  • Processing bookings and facilitating communication between travelers and providers
  • Verifying provider identity through KYC review
  • Sending booking confirmations, updates, and important service notifications
  • Improving our platform, services, and user experience

3. KYC Data Handling

Provider identity verification data is handled with the highest level of security:

  • All KYC documents are encrypted at rest and in transit.
  • Documents are reviewed only by authorized Rovea administrators.
  • KYC documents are permanently deleted within 30 days after successful verification.

4. Data Sharing

We do not sell your personal data. We share information only in the following limited circumstances:

  • With your booked provider or traveler — limited to the information needed to fulfill the booking (name, contact details).
  • With Stripe — for secure payment processing. Stripe's privacy policy governs their handling of your payment data.
  • With law enforcement — only when required by applicable Saudi Arabian law or court order.

5. Data Retention

We retain your account data for as long as your account is active. Booking records are retained for 3 years for legal and accounting purposes. KYC documents are deleted within 30 days of successful verification. If you request account deletion, your personal data will be removed within 30 days, except where retention is required by law.

6. Your Rights

Under the Saudi Personal Data Protection Law (PDPL), you have the following rights:

  • Right to access your personal data held by Rovea.
  • Right to correct inaccurate or incomplete personal data.
  • Right to request deletion of your personal data.
  • Right to request a copy of your data in a portable format.

7. Cookies and Tracking

Rovea uses essential cookies to maintain your session and preferences (such as language selection and dark mode). We use analytics to understand platform usage and improve our services. You can manage cookie preferences through your browser settings.

8. Children's Privacy

Rovea is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we discover that a user is under 18, we will promptly delete their account and associated data.

9. PDPL Compliance

Rovea is committed to full compliance with the Saudi Personal Data Protection Law (PDPL). We process personal data lawfully and transparently, collect only what is necessary for our stated purposes, and implement appropriate technical and organizational measures to protect your data.

10. Contact for Data Requests

To exercise any of your data rights or to make inquiries about your personal data, please contact our data protection team at privacy@rovea.sa. We will respond to your request within 30 days.