JEWEL — PRIVACY POLICY (Gold Market / Jewelry Marketplace Application) Last Updated: February 3, 2026 1. INTRODUCTION Jewel ("we," "our," or "us") operates the Jewel mobile application and related services (the "App"), a digital platform that connects users with trusted gold and jewelry sellers in Qatar. We are committed to protecting your privacy and handling your personal data in an open, transparent, and secure manner. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and what choices and rights you have. Please read this policy carefully. By downloading, installing, or using the App, you agree to the collection and use of your information as described in this policy. If you do not agree, please do not use the App. The App is currently offered and used in the State of Qatar. This policy is written with Qatar users in mind and complies with applicable laws in Qatar. 2. SCOPE AND APPLICABILITY • Geographic scope: The App is currently available and used in Qatar. This Privacy Policy applies to the use of the App within Qatar. If we expand to other countries, we may update this policy or provide region-specific supplements. • Who this policy covers: This policy applies to: - Vendors: Sellers who register and list products on the App (we currently collect and process vendor data). - Visitors and users: People who browse the App or place orders (we do not currently collect or store general user/customer personal data as described in Section 4). • Language: This policy is provided in English. An Arabic version may be made available; in case of conflict, the English version shall prevail unless otherwise required by law. 3. DATA CONTROLLER The data controller responsible for your personal data in connection with the Jewel App is the entity that operates the App. For questions about this policy or your data, please contact us using the details provided in Section 15 (Contact Us). 4. INFORMATION WE COLLECT We currently collect and process vendor data only. We do not collect or store general user or customer personal data (such as user accounts, user profiles, or marketing databases for customers). The sections below describe what we collect from vendors and what applies to visitors and users. 4.1 Vendor Data (Collected) We collect the following information from vendors who register and use the App: • Account and profile: When a vendor registers or signs in, we collect email address and, as provided: full name, phone number, profile photo (avatar), and location or address. • Business and store information: Business name, business description, store location (including map coordinates if location services are enabled), store images, and contact details (phone, email) used for the store listing. • Product information: Product listings (names, descriptions, images, prices, specifications) that vendors add to the App. • Order-related information: When a customer places an order with a vendor, we receive and may process the information provided for that order (e.g. customer name, phone, email, order details) solely to facilitate the transaction and to share with the relevant vendor for fulfillment. We do not use this information to build customer profiles or for marketing. Vendors are responsible for their own handling of order and customer data. • Technical and security data: For vendors (and for the App in general), we may collect limited technical data such as device type, app version, and security-related data (e.g. login attempts, session events) to protect the App and our systems. We do not log or store passwords. 4.2 User / Customer Data (Not Collected) We do not currently collect or store the following from end-users or customers: • User accounts or profiles: We do not maintain user accounts, user profiles, or persistent identifiers for customers. • Cart or favorites: We do not store shopping cart contents or saved favorites linked to identifiable users. • Marketing or analytics about users: We do not collect personal data from users for marketing, profiling, or analytics purposes. • Reviews or feedback: The App does not currently offer reviews, ratings, or feedback features. We do not collect or store such data. 4.3 Communication — WhatsApp Only The only way to communicate with vendors through the App is via WhatsApp. We do not provide in-app messaging, in-app chat, or other communication channels. When you use the "Contact via WhatsApp" (or similar) feature, you are directed to WhatsApp, which is a third-party service. Any messages, calls, or data shared on WhatsApp are governed by WhatsApp’s own privacy policy and terms. We do not have access to the content of your WhatsApp conversations. We may store only the fact that the App was used to open WhatsApp (e.g. for analytics or support), not the content of conversations. 4.4 Information from Third Parties (Vendors) • Authentication: If a vendor signs in through a third-party provider (e.g. Google or Apple), we may receive the information that provider shares with us (typically identifier and basic profile data) in line with the vendor’s permissions there. • Gold price and market data: We may use third-party sources for live gold prices and related market information displayed in the App. This data is not personal data. 5. DATA WE DO NOT COLLECT For clarity, we do not currently collect the following: • User/customer account or profile data (e.g. email, name, phone linked to a persistent user account). • Shopping cart or favorites linked to identifiable users. • In-app messaging or chat content (the App does not offer in-app chat). • Reviews, ratings, or feedback (these features are not offered). • Personal data for marketing or advertising targeting users. • Precise location data from users (vendors may optionally provide store location). • Payment card or bank account details (payment is handled outside the App, e.g. with the vendor directly). If we start collecting any of the above in the future, we will update this policy and, where required by law, obtain consent or another valid legal basis. 6. HOW WE USE YOUR INFORMATION We use the information we collect (currently vendor data and order-related data necessary for transactions) to: • Provide the App: Create and manage vendor accounts, display vendor and product listings, and facilitate orders by passing order details to the relevant vendor. • Operate and improve the App: Ensure security, fix errors, and improve performance (using technical and security data as needed). • Comply with law: Meet legal, regulatory, or governmental requirements applicable in Qatar. • Legal and safety: Enforce our terms, protect our rights and the safety of users and vendors, and respond to lawful requests from authorities. We do not use personal data for automated decision-making that significantly affects individuals without consent or as permitted by law. 7. LEGAL BASIS FOR PROCESSING We process personal data based on: • Contract: Processing necessary to provide the App and perform our contract with vendors (e.g. account, listings, order facilitation). • Legitimate interests: Security, operation, and improvement of the App, where our interests are balanced against your rights. • Consent: Where we rely on consent (e.g. optional features or future marketing), you may withdraw it at any time. • Legal obligation: Where we must process data to comply with applicable law in Qatar or elsewhere. 8. SHARING AND DISCLOSURE OF YOUR INFORMATION We may share information in the following circumstances: • Vendors: Order-related information (e.g. customer name, phone, email, order details) is shared with the vendor(s) fulfilling the order. Vendors are responsible for their own use of that data and should comply with applicable privacy laws. • Service providers: We use trusted third parties to operate the App (e.g. hosting, database, authentication, storage). These providers process data on our instructions and are bound by confidentiality and data protection obligations. Our infrastructure may include services such as Supabase (hosting, database, authentication, storage). • Third-party services: When you use "Contact via WhatsApp," you are using WhatsApp (Meta/third-party). WhatsApp’s privacy policy and terms apply to that service; we do not control or access the content of your WhatsApp communications. • Legal and safety: We may disclose information if required by law, court order, or governmental request in Qatar or elsewhere, or when we believe in good faith that disclosure is necessary to protect rights, safety, or property, or to investigate fraud or violations of our terms. • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy commitments. We do not sell your personal data to third parties for their marketing purposes. 9. THIRD-PARTY SERVICES The App relies on or links to third-party services. Each has its own privacy practices: • Supabase: We use Supabase for hosting, database, authentication, and storage. Data stored there is processed in accordance with our instructions and Supabase’s privacy policy. Processing may occur outside Qatar; we ensure appropriate safeguards where required. • WhatsApp: Communication with vendors is only via WhatsApp. When you leave the App to use WhatsApp, your data is subject to WhatsApp’s privacy policy and terms. We do not receive or store the content of your WhatsApp messages. • Authentication providers: If vendors sign in with Google, Apple, or similar, those providers may collect and process data according to their own policies; we receive only what they share with us for sign-in and account linking. • Gold price / market data: We may use external sources for gold prices displayed in the App; this is generally non-personal, public or licensed data. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies. 10. DATA RETENTION We retain information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law in Qatar or elsewhere. • Vendor account and profile data: Retained while the vendor account is active and for a reasonable period after closure for support, legal, and safety purposes. • Order-related data: Retained for the period required for accounting, tax, dispute resolution, or other legal obligations (typically several years after the transaction, in line with applicable law). • Technical and security data: Retained for a limited period necessary for security and troubleshooting. When retention ends, we securely delete or anonymize data so it can no longer identify you. 11. DATA SECURITY We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including: • Encryption of data in transit and at rest where applicable. • Access controls and authentication (e.g. secure login, session management). • Regular security assessments and updates to our systems and practices. • Secure storage and processing through reputable infrastructure providers that comply with industry standards. No method of transmission or storage is 100% secure. We encourage vendors to use a strong password and keep login details confidential. 12. YOUR RIGHTS AND CHOICES Depending on applicable law (including in Qatar), you may have the right to: • Access: Request a copy of the personal data we hold about you. • Correction: Request correction of inaccurate or incomplete data. • Deletion: Request deletion of your personal data, subject to legal and contractual exceptions (e.g. where we must retain data for legal compliance or disputes). • Restriction: Request restriction of processing in certain circumstances. • Objection: Object to processing based on legitimate interests or, where applicable, for direct marketing. • Withdraw consent: Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. • Complaints: Lodge a complaint with a supervisory authority in your country, if applicable. To exercise these rights, contact us using the details in Section 15. We will respond within the time frame required by applicable law. 13. CHILDREN'S PRIVACY The App is not intended for users under the age of 16 (or the applicable age of digital consent in Qatar). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately and we will take steps to delete such information. 14. COOKIES AND SIMILAR TECHNOLOGIES • App: The Jewel mobile app may use local storage (e.g. on your device) to store preferences, session data, or cache for the App to function. This is not used to track you across other apps or websites. • Website: If we operate a website (e.g. landing page, support site), we may use cookies or similar technologies for essential operation, security, and, if applicable, analytics. Where required by law, we will obtain consent for non-essential cookies. You can usually manage cookies through your browser settings. 15. INTERNATIONAL TRANSFERS AND QATAR • Qatar: The App is offered in Qatar. We process data in accordance with the laws of the State of Qatar and aim to maintain high standards of privacy and security for all users. • Transfers outside Qatar: Some of our service providers (e.g. Supabase, authentication providers) may process data in countries outside Qatar. Where required by law, we ensure appropriate safeguards (e.g. contractual clauses, adequacy decisions) for such transfers. • Other regions: If the App becomes available in other countries, we may apply additional or different provisions as required by local law. 16. CHANGES TO THIS PRIVACY POLICY We may update this Privacy Policy from time to time to reflect changes in our practices, the App, or the law. We will notify you of material changes by posting the updated policy in the App and/or by other appropriate means (e.g. in-app notice or email to vendors). The "Last Updated" date at the top indicates when the policy was last revised. Your continued use of the App after changes constitutes acceptance of the updated policy. We encourage you to review this policy periodically. 17. CONTACT US If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us: • By email: saoodqatar@gmail.com • In-app: Via the support or contact option in the App settings (if available) We will respond to your request in accordance with applicable law. END OF PRIVACY POLICY