Privacy Policy

    Last updated: March 2026

    This Privacy Policy describes how Thamra Group for Technology and Trading LLC ("Thamra Group," "we," "us," or "our"), a company registered in the State of Qatar, collects, uses, stores, and protects your personal data when you use our services, including CARE (Customer AI Response Engine), CORE, and our website at thamragroup.com.

    1. Information We Collect

    We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support. This may include your name, email address, phone number, and company information.

    We also collect billing and account information including your organization name, billing contact details, invoice history, and payment status. Conversation metadata such as conversation counts, timestamps, and channel identifiers is collected for billing and service improvement purposes.

    2. How We Use Your Information

    We use the information we collect to provide, maintain, and improve our services, process transactions, send you technical notices and support messages, and respond to your comments and questions.

    We also use your information to generate monthly invoices, track conversation usage across your account, process refund requests, and maintain accurate billing records.

    3. Legal Basis for Processing

    We process your personal data on the following legal bases:

    • Contractual necessity: Processing required to provide and manage the services you have subscribed to.
    • Legitimate interest: Processing for service improvement, security, fraud prevention, and business analytics, where such interests are not overridden by your rights.
    • Legal obligation: Processing required to comply with applicable laws and regulations in the State of Qatar.
    • Consent: Where required, we obtain your explicit consent before processing your data for marketing communications or optional services.

    4. Conversation Data

    CARE processes customer conversations on behalf of your organization. Conversation content is used solely to provide the AI customer support service and improve response quality. Conversation metadata (counts, timestamps, channels) is used for billing purposes.

    All conversation data is stored with encryption at rest (AES-256) and in transit (TLS 1.2+). We offer GCC data residency, ensuring your data stays in the region. We never sell or share conversation content with third parties.

    5. Billing Data

    We collect and store organization billing details, invoice records, payment status, conversation usage counts, and add-on subscription records. Billing data is retained for the duration of your account plus five (5) years thereafter in compliance with applicable Qatar commercial law.

    6. Cookies and Tracking Technologies

    Our website uses cookies and similar technologies to enhance your browsing experience, analyze website traffic, and understand where our visitors come from. These may include:

    • Essential cookies: Required for the website to function properly (session management, security).
    • Analytics cookies: Help us understand how visitors interact with our website (e.g., page views, traffic sources). We may use third-party analytics services.
    • Preference cookies: Remember your language preference and other settings.

    You can control cookies through your browser settings. Disabling certain cookies may affect website functionality.

    7. Third-Party Service Providers

    We may share your information with trusted third-party service providers who assist us in operating our business, including:

    • Cloud hosting and infrastructure providers
    • Analytics and monitoring services
    • Email and communication service providers
    • Payment processors (as configured by each tenant)

    These providers are contractually obligated to protect your data and may only use it for the purposes we specify.

    8. Third-Party Payment Processors

    Thamra Group does not process payments directly. Payment processing is handled by external services configured by each tenant through API integration. When you make a payment, your payment information is transmitted directly to the third-party payment processor.

    Thamra Group does not store credit card numbers, bank account details, or other sensitive payment credentials. Each tenant is responsible for reviewing the privacy policy of their chosen payment processor.

    9. International Data Transfers

    Your data is primarily stored within the GCC region. In cases where data may be transferred to service providers outside the GCC, we ensure appropriate safeguards are in place, including contractual data protection clauses consistent with the requirements of Qatar's data protection framework.

    10. Data Retention

    We retain your data for the following periods:

    • Account data: For the duration of your active account plus thirty (30) days after account closure.
    • Conversation data: As configured by your organization's data retention settings, or ninety (90) days by default after conversation closure.
    • Billing and invoice records: Five (5) years from the date of the transaction, in compliance with Qatar commercial law.
    • Support correspondence: Two (2) years from the date of the last interaction.

    11. Data Security

    We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include encryption at rest and in transit, access controls, regular security audits, and employee security training.

    12. Your Rights

    Subject to applicable law, you have the following rights regarding your personal data:

    • Right of access: Request a copy of the personal data we hold about you.
    • Right to rectification: Request correction of inaccurate or incomplete data.
    • Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
    • Right to data portability: Request your data in a structured, commonly used, machine-readable format.
    • Right to object: Object to processing of your data for certain purposes, including direct marketing.
    • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

    To exercise any of these rights, please contact us at support@thamragroup.com. We will respond to your request within thirty (30) calendar days.

    13. Children's Privacy

    Our services are designed for businesses and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly.

    14. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a revised "Last updated" date and, where appropriate, by sending an email notification to your registered email address at least fifteen (15) days before changes take effect. Your continued use of our services after such changes constitutes acceptance of the updated policy.

    15. Data Breach Notification

    In the event of a personal data breach that is likely to result in a risk to your rights, we will notify affected users without undue delay and no later than seventy-two (72) hours after becoming aware of the breach. Notification will include the nature of the breach, likely consequences, and measures taken to address it.

    16. Governing Law

    This Privacy Policy is governed by and construed in accordance with the laws of the State of Qatar. Any disputes arising from or related to this policy shall be subject to the exclusive jurisdiction of the competent courts in Doha, Qatar.

    17. Contact Us

    If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at: