Privacy Policy

DesignEase Online (CR No. 173382-1) ("we", "us", "our") is committed to protecting the privacy and personal data of our users in accordance with the Kingdom of Bahrain's Personal Data Protection Law (PDPL), Law No. 30 of 2018. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform.

1. Data Controller

The data controller responsible for your personal data is:

2. Data We Collect

We collect the following categories of personal data:

• 
  Account Information: Name, email address, password (encrypted), and role (designer, supplier, or admin).
• 
  Business Profile: Business name, CR number, contact phone, address, product categories, and tax ID (for suppliers).
• 
  Usage Data: Pages visited, features used, search queries, AI credit consumption, and interaction patterns.
• 
  Device Information: Browser type, IP address, device type, and operating system for security and service optimization.
• 
  Transaction Data: Subscription details, order history, inquiry records, and payment references.

3. Purpose of Processing

• To provide and maintain our material sourcing platform, including the Surface Library, Vision Lab, Designers Portal, and Supplier Portal.
• To communicate with you about your account, orders, inquiries, and platform updates.
• To improve our services, develop new features, and enhance your user experience through analytics.
• To comply with legal obligations under the laws of the Kingdom of Bahrain.
• To send you relevant material recommendations and platform news, with your consent.

4. Legal Basis for Processing

We process your personal data based on: (a) your explicit consent provided at registration; (b) the necessity to perform our contractual obligations to you; (c) our legitimate business interests in operating and improving the platform; and (d) compliance with legal obligations under Bahraini law. You may withdraw your consent at any time by contacting us at privacy@designease.com.

5. Data Sharing

We do not sell your personal data. We may share data with:

• Verified suppliers on our platform, only when you initiate an inquiry or place an order — limited to the information necessary to fulfill your request.
• Payment processors (TAP Payments) to process subscription payments securely. We do not store your full payment card details.
• Cloud infrastructure providers for secure data storage and platform delivery.
• Government authorities or law enforcement when required by Bahraini law or court order.

6. Cross-Border Data Transfers

Your data may be processed on servers located outside the Kingdom of Bahrain. Where such transfers occur, we ensure adequate safeguards are in place in accordance with Article 12 of the PDPL, including contractual protections and transfers only to jurisdictions recognized as providing adequate data protection by the Personal Data Protection Authority.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our services. After account deletion, we retain anonymized usage data for analytics purposes. Transaction records are retained for 5 years to comply with Bahraini commercial law requirements. You may request deletion of your personal data at any time.

8. Your Rights Under the PDPL

Under Bahrain's Personal Data Protection Law, you have the following rights:

• 
  Right of Access: Request a copy of the personal data we hold about you.
• 
  Right to Rectification: Request correction of inaccurate or incomplete personal data.
• 
  Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
• 
  Right to Object: Object to the processing of your personal data for direct marketing purposes.
• 
  Right to Data Portability: Request your data in a structured, commonly used format for transfer to another service.

9. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including: encryption of data in transit and at rest, secure password hashing, role-based access controls, regular security reviews, and session management with JWT tokens. Despite these measures, no method of electronic transmission or storage is 100% secure.

10. Cookies and Tracking

We use essential cookies to maintain your session and authentication state. We use an authentication cookie (designease-session) that is required for the platform to function. We do not use third-party advertising cookies. Analytics cookies, if used, are anonymized and used solely to improve our services.

11. Data Breach Notification

In the event of a personal data breach that may affect your rights, we will notify the Personal Data Protection Authority within 72 hours of discovery, as required by the PDPL. We will also notify affected users without undue delay, providing information about the nature of the breach and recommended protective measures.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email or a prominent notice on our platform. Continued use of DesignEase after changes constitutes acceptance of the updated policy.

13. Contact & Supervisory Authority

For any questions about this Privacy Policy or to exercise your data rights, contact us at privacy@designease.com. If you are unsatisfied with our response, you may file a complaint with: