Privacy Policy

1. Introduction

Digital Roxy ("Agency," "we," "us," or "our," or me "Faris Khalil") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, store, share, and protect your data when you visit our website at digitalroxy.com, use our Platform, or engage with our Services.

This Privacy Policy is drafted in compliance with the Palestinian E-Commerce Law (Decree-Law No. 21 of 2025), which mandates that businesses safeguard customer data, obtain explicit consent for data collection and use, and report any data breaches to relevant authorities. It also aligns with international data protection best practices.

By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, please do not access or use our Services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Account Registration Data: Full name, email address, phone number, company name, job title, and password.
• Payment Information: Billing address, cardholder name, and card type (Visa/Mastercard). Full card numbers, CVV codes, and PINs are never stored on our servers. All card data is transmitted directly to our PCI-DSS Level 1 compliant payment processor (Bank of Palestine Payment Gateway) using encrypted connections and 3D Secure authentication.
• Client and Project Data: Business names, website URLs, marketing objectives, analytics credentials, and other information you submit for service delivery.
• Communication Data: Messages, emails, support tickets, and feedback you send to us through any communication channel.
• Form Submissions: Data submitted through contact forms, demo request forms, or consultation booking forms.

2.2 Information Collected Automatically

When you access our Platform, we may automatically collect:

• Device Information: Device type, operating system, browser type and version, screen resolution, and language preferences.
• Usage Data: Pages visited, features used, time spent on pages, click patterns, and navigation paths.
• Log Data: IP address, access timestamps, referral URLs, and error logs.
• Cookie Data: Information collected through cookies and similar tracking technologies (see Section 9).

2.3 Information from Third Parties

We may receive information from third-party services you connect to our Platform, including:

• Google Services: Google Search Console data (search queries, impressions, clicks, rankings), Google Analytics data (traffic, user behavior), Google Calendar events, and Google Drive files when you authorize these integrations.
• Communication Platforms: Workspace and channel information from Slack or similar tools when you enable integrations.
• Payment Processor (Bank of Palestine): Transaction confirmation, payment status, transaction reference numbers, and card authorization results. The payment gateway communicates with Visa and Mastercard networks to process your transactions securely.

3. How We Use Your Information

We use the collected information for the following purposes:

Purpose	Description
Service Delivery	To provide, maintain, and improve our Services, including AI agent operations, report generation, and analytics processing.
Account Management	To create and manage your account, authenticate your identity, and process your transactions.
Payment Processing	To process payments, issue invoices, and manage billing as required by Palestinian e-commerce regulations.
Communication	To send you service-related notifications, respond to inquiries, and provide customer support.
Improvement	To analyze usage patterns, diagnose technical issues, and improve the Platform's functionality and user experience.
Security	To detect, prevent, and respond to fraud, abuse, security threats, and technical issues.
Legal Compliance	To comply with applicable laws, regulations, and legal processes, including the Palestinian E-Commerce Law.
Marketing	To send promotional communications (only with your explicit consent; you can opt out at any time).

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: Where you have provided explicit consent for a specific processing activity (e.g., marketing emails, third-party integrations). You may withdraw consent at any time.
• Contractual Necessity: Where processing is necessary for the performance of our contract with you (e.g., delivering subscribed services, processing payments).
• Legal Obligation: Where processing is required to comply with applicable Palestinian law (e.g., maintaining transaction records, issuing invoices).
• Legitimate Interest: Where processing is necessary for our legitimate business interests (e.g., improving services, preventing fraud), provided these interests are not overridden by your rights and freedoms.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information only in the following circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who assist in operating our Platform, including:

• Bank of Palestine (Payment Gateway): Processes card transactions via Visa and Mastercard networks. Receives only the data necessary for payment authorization, settlement, and fraud prevention. Bank of Palestine is regulated by the Palestine Monetary Authority and complies with PCI-DSS security standards.
• Cloud infrastructure providers: For hosting and data storage with enterprise-grade security.
• Email service providers: For transactional and marketing communications.
• Analytics platforms: For usage analysis and performance monitoring.

All service providers are contractually obligated to process your data only for the purposes we specify and to maintain appropriate security measures.

5.2 Legal Requirements

We may disclose your information when required by law, regulation, legal process, or governmental request, including requests from Palestinian authorities acting under the E-Commerce Law.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy.

5.4 With Your Consent

We may share your information with third parties when you provide explicit consent to do so.

6. Data Security

We implement comprehensive security measures to protect your personal data, including:

• Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
• Access Control: Strict role-based access controls limit data access to authorized personnel only.
• Infrastructure Security: Our Platform is hosted on enterprise-grade cloud infrastructure with firewalls, intrusion detection systems, and regular security audits.
• Authentication: Secure password hashing, session management, and optional two-factor authentication.
• Monitoring: Continuous monitoring for unauthorized access attempts and security anomalies.
• Data Isolation: Each user's data is logically isolated, ensuring that no user can access another user's information.
• Regular Audits: Periodic security assessments and vulnerability testing to identify and address potential weaknesses.

While we strive to use commercially acceptable means to protect your data, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account Data: Retained for the duration of your active account and for ninety (90) days after account deletion.
• Transaction Records: Retained for seven (7) years in compliance with Palestinian financial record-keeping requirements.
• Service Outputs: Retained for the duration of your subscription and for thirty (30) days after cancellation, during which you may export your data.
• Communication Records: Retained for two (2) years for quality assurance and dispute resolution purposes.
• Analytics and Log Data: Retained for twelve (12) months in anonymized or aggregated form.

8. Your Rights

Under Palestinian law and applicable data protection principles, you have the following rights regarding your personal data:

• Right of Access: You may request a copy of the personal data we hold about you.
• Right to Rectification: You may request correction of inaccurate or incomplete personal data.
• Right to Deletion: You may request deletion of your personal data, subject to legal retention requirements.
• Right to Restrict Processing: You may request that we limit the processing of your data in certain circumstances.
• Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Right to Lodge a Complaint: You may file a complaint with the Palestinian Ministry of National Economy or other relevant authority.

To exercise any of these rights, contact us at admin@digitalroxy.com. We will respond to all requests within fifteen (15) business days.

9. Cookies and Tracking Technologies

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience, remember your preferences, and analyze how our Platform is used.

9.2 Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential Cookies	Required for the Platform to function (authentication, security, session management).	Session / up to 24 hours
Functional Cookies	Remember your preferences and settings (language, theme, layout).	Up to 12 months
Analytics Cookies	Help us understand how visitors interact with the Platform (page views, traffic sources, user flows).	Up to 24 months
Marketing Cookies	Used to deliver relevant advertising and measure campaign effectiveness. Only activated with your consent.	Up to 12 months

9.3 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, disabling essential cookies may affect the functionality of our Platform. By continuing to use our website without adjusting your cookie settings, you consent to our use of cookies as described above.

10. Third-Party Services and Integrations

Our Platform may integrate with or contain links to third-party services. Each integration processes data as follows:

• Google Search Console / Google Analytics: Data is fetched via authorized OAuth connections. We access only the metrics necessary for service delivery and do not modify your Google account settings.
• Slack: We send notifications and reports to your designated channels. We do not read messages or access data beyond what is necessary for the integration.
• Bank of Palestine Payment Gateway: Card information is transmitted directly to the bank's PCI-DSS Level 1 compliant payment gateway via encrypted TLS connection. We never store, log, or have access to full card numbers, CVV codes, or 3D Secure authentication data. The bank retains transaction records as required by the Palestine Monetary Authority and Palestinian National Payments Law (2022).

We are not responsible for the privacy practices of these third-party services. We encourage you to review their privacy policies.

11. International Data Transfers

Your data may be processed and stored on servers located outside the State of Palestine to ensure optimal performance and reliability. When transferring data internationally, we ensure that appropriate safeguards are in place, including contractual clauses that require the receiving party to protect your data to a standard consistent with Palestinian law and international best practices.

12. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at admin@digitalroxy.com.

13. Data Breach Notification

In the event of a personal data breach, Digital Roxy will:

• Promptly investigate the breach and take steps to mitigate its impact.
• Notify affected users within seventy-two (72) hours of becoming aware of the breach, providing details of the nature of the breach, the data affected, and recommended protective actions.
• Report the breach to the relevant Palestinian authorities as required by the E-Commerce Law.
• Document the breach, including its effects and remedial actions taken.

14. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Provide notice via email or a prominent notification on the Platform.
• Allow at least fifteen (15) days before changes take effect.

Your continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy.

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Agency: Digital Roxy
• Address: Palestine, West Bank, Ramallah, Khirbet Abu Falah, Main Street P655
• Phone: +972 59 346 7831
• Email: admin@digitalroxy.com
• Website: digitalroxy.com
• Contact Page: digitalroxy.com/contact

Business Hours: Sunday through Thursday, 9:00 AM to 5:00 PM (Palestine Standard Time).

We will respond to all privacy-related inquiries within fifteen (15) business days.