Trust & Compliance

    CARE for Spas — Trust & Compliance

    How CARE handles guest data, keeps payment information off-limits, and stays PDPPL-compliant for day spas and wellness centres in the GCC.

    PDPPL · Hosted in the GCC · No access to guest payment data or treatment records · Your spa manager supervises every conversation.

    Back to Spas

    01 — Data handling

    What CARE stores, where, and for how long.

    What CARE stores
    WhatsApp conversations, the documents you upload (treatment menu, packages, therapist bios, booking rules, hours), and operational metadata. Never guest payment data, never treatment records.
    Where data is stored
    All conversation and knowledge-base data hosted on infrastructure inside the GCC. Data never leaves the region.
    Retention
    Active during your account's life. On cancellation: 30-day export window, then permanent deletion within 30 days.
    Access
    Only your Staff Console members plus the on-call Thamra Group engineer. All access logged.

    02 — Regulatory posture

    PDPPL, in-region hosting, and what we never touch.

    PDPPL compliance
    Conversation data, consent, retention, and deletion flows are designed to satisfy Qatar PDPPL. Downloadable one-pager for your DPO or IT contact.
    Payment-data isolation
    CARE has zero access to your spa's payment processor, POS, or guest card details. Bookings are confirmed via payment links you provide; CARE never sees the card number, expiry, or transaction outcome.
    Treatment-record isolation
    CARE never reads, stores, or references guest treatment history. Wellness consultations and medical-adjacent questions are escalated to your spa manager.
    Guest-facing disclosure
    CARE introduces itself as your spa's WhatsApp assistant on the first message. Guests are never misled about who they're talking to and can request a human at any time.

    03 — Operational controls

    What you and your team can do, audit, and revoke.

    Spa manager override
    Every conversation is visible in real time in the Staff Console. Your manager can step in, edit a reply before it sends, or take full control instantly.
    Audit logs
    Every CARE reply, override, escalation, and outbound message is logged with timestamp and operator ID. Downloadable as CSV.
    Conversation export
    One-click export of any conversation as CSV — useful for guest requests under PDPPL, quality reviews, and recurring-guest insights.
    Data deletion on demand
    Delete any guest's conversation history and phone number on demand from the Staff Console. Propagates to backups within 7 days.