Privacy Policy

We collect information you provide directly to us and information generated through your use of eHissab.

Account information: When you register, we collect your name, email address, phone number, and business details (company name, commercial registration number, VAT number).

Transaction data: Invoice records, payment information, client details, product and inventory data that you enter into the platform.

Usage data: Log files, IP addresses, browser type, pages visited, features used, and timestamps. This helps us understand how eHissab is being used and improve the product.

Device information: Device type, operating system, unique device identifiers, and mobile network information when you access eHissab from a mobile device.

Payment information: When you subscribe to a paid plan, payment card details are processed by our payment processor (we do not store raw card numbers on our servers).

We use the information we collect to:

• Provide and operate the eHissab platform and its features
• Process transactions including subscription billing and invoice payments
• Send service communications — account alerts, security notifications, invoices, and receipts
• Improve the product through usage analytics and user feedback
• Provide customer support and respond to your enquiries
• Comply with legal obligations under Omani law, including VAT regulations
• Detect and prevent fraud, abuse, and security incidents
• Send marketing communications (you can opt out at any time)

We do not use your data to train third-party AI models or sell it to advertisers.

We do not sell your personal data. We share information only in these circumstances:

Service providers: We share data with trusted vendors who help us operate eHissab — cloud hosting (AWS), payment processing, email delivery, and analytics. These providers are bound by data processing agreements.

Legal requirements: We may disclose information if required by Omani law, a court order, or a governmental authority with lawful jurisdiction.

Business transfers: If eHissab is acquired or merged, your data may transfer to the new entity, subject to the same privacy commitments.

With your consent: We share data with third parties only when you have explicitly authorised it (for example, integrating with a third-party accounting tool).

Aggregated / anonymised data: We may share aggregated, non-identifiable statistics about platform usage publicly or with partners.

We take the security of your data seriously and implement industry-standard measures:

• All data is transmitted over TLS 1.2+ encrypted connections
• Data at rest is encrypted using AES-256
• Access to production databases is restricted to authorised personnel only
• We conduct regular penetration testing and security audits
• All employee access is authenticated with multi-factor authentication
• We maintain an incident response plan and will notify affected users within 72 hours of a confirmed breach

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

We retain your data for as long as your account is active or as needed to provide services.

Account data is retained for the duration of your subscription and for 90 days after account closure (to allow recovery if you change your mind).

Financial records (invoices, payments, accounting entries) are retained for 7 years to comply with Omani accounting and tax laws.

Usage logs are retained for 12 months for security and debugging purposes.

After these periods, data is securely deleted or anonymised. You may request early deletion of personal data (subject to legal retention requirements) by contacting us.

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Ask us to correct inaccurate or incomplete information
• Deletion: Request deletion of your personal data (subject to legal retention obligations)
• Portability: Export your data in a machine-readable format (CSV or JSON)
• Objection: Object to processing of your data for marketing purposes
• Restriction: Request that we restrict processing of your data in certain circumstances

To exercise any of these rights, contact us at privacy@ehissab.com. We will respond within 30 days.

eHissab uses cookies and similar tracking technologies to operate the platform and improve your experience.

Essential cookies: Required for the platform to function (session management, authentication, CSRF protection). Cannot be disabled.

Analytics cookies: Help us understand how users interact with eHissab (e.g., which features are most used). These are anonymised and aggregate.

Preference cookies: Remember your settings such as language preference (Arabic/English) and theme (dark/light mode).

You can control non-essential cookies through your browser settings. Note that disabling cookies may affect some platform functionality.

eHissab integrates with the following third-party services. Each has its own privacy policy:

• Payment processors: For subscription billing and payment link processing
• AWS (Amazon Web Services): Cloud hosting and storage infrastructure
• Email delivery provider: For transactional and notification emails
• Analytics provider: For aggregated, anonymised usage analytics

We carefully vet all third-party providers and require them to meet our data protection standards through contractual agreements.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

When we make material changes, we will: - Update the "Last updated" date at the top of this page - Send an email notification to registered account holders - Display an in-app notification for 30 days

Your continued use of eHissab after the effective date of the changes constitutes acceptance of the updated policy. If you do not agree with the changes, you may close your account.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

Email: privacy@ehissab.com General inquiries: hello@ehissab.com Address: eHissab, Muscat, Sultanate of Oman

We are committed to resolving any privacy concerns promptly and transparently.