Privacy policy

The data controller is Domiraqo LLC, registered with the Qatar Financial Centre Authority under QFC #01418, registered office at Tower 1, 12th floor, Marina District, Lusail, Qatar.

Our Data Protection Officer is reachable at dpo@domiraqo.com.

Phone number, name, language preference, saved addresses, profile photo (optional). Professionals additionally provide their Qatar ID (QID), work-permit details, a selfie, and skill-test data.

Job history, ratings you give, messages with professionals, and in-app call records (audio is not retained beyond 7 days).

Device data necessary to deliver push notifications and detect fraud (device id, OS version, network type, coarse location at the moment of dispatch).

Contract performance: matching, dispatch, payment, and customer support.

Legitimate interest: fraud prevention, dispute audit trail, product analytics on aggregated data.

Legal obligation: tax records under Qatar tax law, AML/KYC checks for payouts above local thresholds, court-ordered disclosure under Qatar law, and Qatar Financial Centre regulatory requests.

Consent: optional marketing communications and non-essential cookies.

Matching you with the right professional, dispatching them, processing payment, handling disputes, and providing customer support.

Improving the product through aggregated, anonymised metrics only. Never re-identifiable.

Mandatory legal reporting: Qatar Tax Department returns, General Tax Authority requests, Qatar Financial Centre Regulatory Authority filings, and valid Qatari court orders.

Professional QID data is the most sensitive thing we hold. It is encrypted at rest with AWS KMS in eu-central-1, accessed only by trained ops staff with full audit logging, and never shared with customers or third parties.

See our /legal/cnic-handling page for the full operational policy on QID handling.

Customer-facing services are hosted in AWS Frankfurt (eu-central-1) with disaster recovery in AWS Bahrain (me-south-1). Both regions are ones in which the Qatar Financial Centre Authority has accepted appropriate cross-border data-handling controls.

No personal data leaves these two regions. We have signed Data Processing Agreements with AWS for both regions, and we do not use third-country sub-processors that would require Standard Contractual Clauses.

Professionals see only the data they need to do the job: your name, address, phone number, and the work description.

Payment processors (Checkout.com for cards, Apple Pay, and Google Pay; NaqdiKi; and Q-Pay) see transaction data necessary for the payment, under their own PCI-DSS controls.

Qatari government bodies only when legally compelled, by means of a court order, General Tax Authority notice, Qatar Financial Centre Regulatory Authority request, or Ministry of Interior request.

We do NOT share data with advertisers, data brokers, or affiliates.

Under Qatar Law No. 13 of 2016, you have the right to access, rectify, restrict processing, object to processing, and erase your personal data. Email dpo@domiraqo.com and we respond within 30 days (most requests are resolved within 5 working days).

You may lodge a complaint with the Qatar Communications Regulatory Authority's Data Protection Department, the QCRA being the supervisory authority designated under Qatar's PDPL.

You can opt out of marketing communications at any time. Service-critical messages (job updates, OTP, dispute notices) cannot be opted out of while your account is active.

Account data: while your account is active, plus 30 days after closure.

Job records & invoices: 7 years (Qatar tax-law retention requirement).

Professional QID data for deactivated professionals: 1 year after deactivation, then permanently deleted.

In-app call audio: 7 days unless needed for dispute resolution or a regulatory request.

Server logs containing IP addresses: 90 days.

TLS 1.3 in transit, AES-256 at rest, KMS-managed keys with annual rotation, mandatory two-factor authentication for every staff account, quarterly penetration tests by an independent CREST-accredited firm, and an ISO/IEC 27001 information-security management system audited annually.

We use a single first-party cookie to remember your language preference. We do not run third-party advertising trackers. Our analytics is a self-hosted Plausible instance that does not use cookies and does not collect any personal data.