Privacy Policy

1. Introduction

This Privacy Policy explains how E7GZ ("we", "us", "our") collects, uses, stores, shares, and protects your personal data when you use the e7gz Car services booking platform via the website (car.e7gz.net) and its associated mobile application (the "Platform"). We are committed to protecting your data in accordance with Egypt's Personal Data Protection Law No. 151 of 2018 and consistent with internationally recognized data-protection principles.

By using the Platform, you acknowledge that you have read and understood this Policy. If you do not agree, please do not use the Platform.

2. Definitions

• Personal Data: any information relating to an identified or identifiable natural person.
• Processing: any operation performed on Personal Data, such as collection, storage, use, sharing, or deletion.
• Data Controller: the party determining the purposes and means of Processing — E7GZ, an independent platform operated by the project owner.
• User: any person who registers for or uses the Platform to book services.
• Service Center: a car-services provider listed on the Platform.
• Roles: access levels in the system — User, Owner, Customer Agent, Admin, and Super Admin.

3. Who We Are (Data Controller)

4. Data We Collect

a. Account & Identity Data

Name, email address, phone number, gender, date of birth, profile photo (if provided), preferred language, account number, referral code, password (stored only as a secure one-way hash), and two-factor authentication data if you enable it.

b. Booking & Service Data

Your booking details such as the selected service center, requested services, appointment dates/times, booking history, cancellations, and any notes you add to a booking.

c. Reviews & Ratings

Ratings and reviews you submit about service centers or services.

d. Wallet, Points & Offers Data

Wallet balance and transaction history, loyalty points, and vouchers/offers you use.

e. Payment Data

Records of your transactions, a limited amount of card metadata (card brand and last four digits; for saved payment methods also the cardholder name and expiry date), and any saved payment methods. Payment card details are processed directly by our payment processor (Paymob); we do not store full card numbers or the card security code (CVV) on our servers. See Section 9.

f. Communications

Messages you exchange with service centers or customer support through the Platform (including any image attachments you send in chat), and your support requests.

g. Notification Data

Your notification preferences and the device push tokens needed to deliver push notifications.

h. Technical & Usage Data

Technical information automatically recorded in server logs, such as IP address, browser type, access times, and session data, together with activity and audit logs of actions taken on the Platform. The Platform does not collect user geolocation data.

5. Legal Basis for Processing

We process your data on one or more of the following bases: your consent; performance of a contract with you (providing the booking and service); compliance with a legal obligation; and our legitimate interests in operating and securing the Platform and preventing misuse.

6. How We Use Your Data

• Create and manage your account and verify your identity.
• Process and manage bookings and coordinate them with service centers.
• Process payments and manage wallet, points, offers, and refunds.
• Send operational and security notifications about your account and bookings.
• Provide support and respond to your enquiries.
• Improve the Platform and detect and prevent fraud and abuse.
• Comply with legal and regulatory obligations.

7. Account & Booking Data

Your account and booking data are used to fulfil your requests, display your booking history, and enable service centers to provide the requested service. Certain booking details necessary for the relevant service center are shared with it to complete the service.

8. Wallet, Points & Offers

The Platform may provide an electronic wallet, a points system, and offers/vouchers. We keep records of balances, transactions, points, and offer usage to manage these features and for accounting and abuse-prevention purposes.

9. Payments (Paymob)

Online payments are processed by our payment provider Paymob. When you pay, your card details are entered and processed directly by Paymob under its own security standards. We do not store your full card number, and we never store your card security code (CVV). We retain transaction records (e.g., amount, status, reference) and a limited amount of card metadata for identification and receipts, namely the card brand and the last four digits. If you choose to save a payment method for later use, we may also retain the cardholder name, expiry date, and a Paymob-issued payment token in place of your actual card number. You can manage your saved payment methods from your account.

10. Push Notifications (Firebase)

We use Google Firebase Cloud Messaging (FCM) to send push notifications to your device (e.g., booking confirmations and status updates). This requires storing your device push token. You can disable push notifications in your device settings.

11. Email Notifications

We send transactional and account-related emails (e.g., booking confirmations and security alerts) through our email provider (Hostinger SMTP). Some of these emails may be necessary to provide the service.

12. Marketing Communications

We may send you marketing campaigns or offers via email, in-app notifications, or push notifications. You can opt out of marketing communications at any time via your account settings or an unsubscribe link, while still receiving essential operational and security messages.

13. Roles, Access Control & Audit Logs

Access to data is governed by role-based access control (User, Owner, Customer Agent, Admin, Super Admin). Customer service agents may access your support conversations to assist you. Sensitive financial actions are subject to an internal approval (maker-checker) workflow requiring review by a second administrator. Administrative actions are recorded in audit logs for security and accountability.

14. Data Sharing & Disclosure

We do not sell your personal data. We share it only as necessary with: service centers (to fulfil your booking); service providers (processors) acting on our behalf (see Section 15); competent authorities where required by law or to protect rights and safety; and in connection with a business transfer, subject to this Policy.

15. Third-Party Services

• Google Firebase (FCM): delivery of push notifications and management of device tokens.
• Hostinger (SMTP): delivery of emails.
• Paymob: processing of online payments.

Each provider processes data under its own privacy policy.

16. Cookies & Sessions

The Platform uses cookies and session tokens that are strictly necessary to keep you signed in, maintain security (including CSRF protection), and operate core functionality. Disabling these may prevent the Platform from working correctly.

17. Data Security

• Encrypted transmission of data over HTTPS/TLS.
• Secure password storage using strong one-way hashing (never stored in plain text).
• Role-based access control restricting data access.
• Support for additional verification (two-factor authentication).
• Audit and activity logging to detect unauthorized actions.

No method of transmission or storage is completely secure; while we strive to protect your data, we cannot guarantee absolute security.

18. Data Retention

We retain Personal Data only as long as necessary to fulfil the purposes in this Policy, including providing the service, complying with legal obligations, and resolving disputes. Financial records and audit logs may be retained longer where legally, accounting-wise, or security-wise required. When no longer needed, we delete or anonymize the data.

19. Your Rights

• Access your Personal Data and know how it is processed.
• Correct or update inaccurate data.
• Delete your data and/or request account deletion.
• Withdraw consent where Processing is based on it.
• Object to or restrict certain Processing.
• Request a copy/export of your data, where applicable.
• Lodge a complaint with the competent authority (the Personal Data Protection Center).

To exercise these rights, contact us at support@e7gz.net. We may need to verify your identity, and some rights may be limited where retention is legally required.

20. Children's Privacy

The Platform is not directed to children under the age of 18, and we do not knowingly collect their data. If you believe a child has provided us data, please contact us so we can take appropriate action.

21. International Data Transfers

Some service providers (e.g., Firebase, Hostinger, Paymob) may process or store data on servers located outside Egypt. Where data is transferred internationally, we take reasonable steps to keep it protected consistent with this Policy and applicable law.

22. Changes to This Policy

We may update this Policy from time to time. The "Last updated" date reflects the latest revision. Material changes will be communicated through the Platform. Continued use after changes take effect constitutes acceptance of the updated Policy.

23. Contact Us