Privacy policy
What Servia collects, why, who sees it, and how to delete it. Plain English. UAE PDPL + Google Play Data Safety compliant.
1. What we collect
| Category | Specific items | Why |
|---|---|---|
| Identity | Name, phone, email | Confirm bookings, send WhatsApp updates, link history to your account |
| Address | Building, apartment, area, GPS lat/lng (when you tap SOS or Book) | Dispatch the closest pro |
| Payment | Card brand + last 4, expiry, billing name (full PAN never stored — handled by Stripe, PCI-DSS Level 1) | Charge for completed services |
| Service history | Bookings, quotes, invoices, ratings, conversations | Re-book, dispute resolution, crew assignment |
| Device | App version, OS, language, browser/UA on web | Bug fixes, accessibility |
2. What we do not collect
- Background location. Servia GPS reads happen only when you actively tap an SOS / Book / NFC button — never silently in the background.
- Microphone audio. The Wear OS voice assistant uses Android's on-device speech recognition; the audio leaves your device only as a transcribed text string sent to /api/chat.
- Contacts, photos, calendar. Servia never reads any of these.
- Third-party advertising IDs. We never share data with ad networks.
3. Who we share with
- Service crews — your name, phone, address and service brief are sent to the assigned crew so they can complete the booking.
- Stripe — payment processing. Stripe sees card data; Servia does not.
- Twilio / WhatsApp Business API — to send confirmations and tracking links.
- Google Maps / OpenStreetMap Nominatim — to reverse-geocode GPS to area names. Coordinates only, no identity.
- Government — only when legally compelled (UAE law-enforcement order or court request).
We do not sell, rent or trade your data. Ever.
4. Where we store data
Servia's database is hosted on Railway (US-East region) with daily encrypted backups. Personally identifiable information is encrypted at rest. Backups are retained 30 days then permanently deleted.
5. Retention
| Data | Retention |
|---|---|
| Active account | Until you delete or 24 months of inactivity, whichever first |
| Bookings + invoices (UAE tax compliance) | 5 years from the date of the invoice |
| Conversations / chat history | 12 months |
| Server access logs | 30 days |
6. Your rights (UAE PDPL · GDPR-equivalent)
- Access — see everything we hold on you. Email [email protected] with subject "DSAR — my data"; we respond within 30 days.
- Delete — request full account deletion. We delete all PII within 30 days (except invoice records we are legally required to keep).
- Correct — fix wrong info via /me.html or by emailing us.
- Object / restrict — pause WhatsApp marketing or specific data uses.
- Portability — download your bookings + history as JSON.
7. Children
Servia is not directed at children under 16. We do not knowingly collect data from minors. If you believe a child has registered, contact us and we will delete the account immediately.
8. Cookies
Servia uses only essential cookies (login session, language preference, location preference). No analytics, no tracking pixels, no third-party advertising cookies.
9. Wear OS specific
The Servia Wear OS app collects your phone + email on first run so bookings made from the watch are linked to your /account.html. Voice transcripts are sent to /api/chat (encrypted in transit). The Wear app stores its 30-day session token in private SharedPreferences. You can clear it via "🗑 New chat" → settings, or by uninstalling the app.
10. NFC tags
The Servia NFC sticker is passive — no battery, no GPS, no radio broadcast. It contains only a short URL. When you tap it, your phone's browser opens that URL and (with your permission, only at that moment) shares your phone's GPS for that one dispatch. The sticker itself never knows where it is.
11. Changes
If we materially change this policy, we will email registered customers at least 30 days before the change takes effect. The current version is always at https://servia.ae/privacy.html.
12. Contact
Privacy questions, complaints, or DSAR (data-subject access request): [email protected]. We respond within 30 days as required under UAE PDPL.