Privacy Policy

Nehna Haddak (“we”, “our”, or “the app”) is a Lebanese tuk-tuk ride-booking platform. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our mobile application or website at nehnahaddak.com.

By using Nehna Haddak, you agree to the collection and use of your information in accordance with this policy. If you do not agree, please do not use the app.

We collect the following categories of data:

• Phone number — used to create and verify your account via Firebase Phone Authentication. Your number is not shared publicly.
• Location data — collected during active trips only (passenger: to match with nearby drivers; driver: to broadcast position and receive ride requests). We do not collect location when the app is closed or when you are offline.
• Profile data — for drivers: full name, vehicle details, and a profile photo (stored on Cloudflare R2 infrastructure in EU datacenters).
• Trip data — origin, destination, timestamps, ride status, and ratings associated with completed trips.
• Payment metadata — subscription plan chosen and payment status. We do not store card numbers or full payment credentials. Payments are processed via Whish Money, whose own privacy policy applies to payment processing.
• Device tokens — Firebase Cloud Messaging (FCM) tokens used to send push notifications. These are device-level identifiers, not personally identifying.

• To match passengers with available drivers in real time.
• To display your location to the other party during an active trip.
• To process subscription payments and maintain driver access.
• To send push notifications about ride requests, confirmations, and app updates.
• To enforce our two-way rating and trust system.
• To comply with legal obligations under Lebanese law.

Account data is retained for as long as your account is active. Trip history is retained for 12 months from the date of the trip. You may request deletion of your account and associated data at any time by contacting us (see Section 8).

We use the following third-party services to operate the app:

• Firebase (Google) — Phone authentication and push notifications (FCM). Google’s privacy policy applies: policies.google.com/privacy
• Cloudflare R2 — Storage for driver profile photos. Files are stored in EU datacenters under Cloudflare’s privacy policy.
• Whish Money — Payment processing for driver subscriptions. Whish’s privacy policy applies to payment data.
• Amazon Web Services (AWS) — Backend infrastructure (EC2, RDS, ElastiCache, S3) hosted in the eu-west-3 (Paris) region.

We do not sell your data to advertisers or any third parties for marketing purposes.

All data is transmitted over HTTPS (TLS 1.2+). Our backend database (PostgreSQL 16) is hosted in a private subnet with no public internet access. Authentication is handled via RS256-signed JWTs with short expiry. We apply HTTP rate limiting and input validation on all API endpoints.

While we take reasonable technical measures to protect your data, no system is completely secure. If we become aware of a breach that affects your personal data, we will notify you within 72 hours where legally required.

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Object to processing of your data where we rely on legitimate interests.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at hello@nehnahaddak.com. We will respond within 30 days.

For privacy-related questions or requests, contact us at:

We may update this Privacy Policy from time to time. We will notify users of material changes through the app or by posting the updated policy on this page with a revised “Last updated” date.