Privacy Policy

Effective date: April 5, 2026

This Privacy Policy explains how inTaraf collects, uses, shares, stores, and deletes information when you use our website, related app experiences, and connected backend services.

1. Scope and contact

This policy applies to inTaraf. It covers personal data and related operational data handled through the inTaraf website, APIs, support workflows, payment-connected services, and notification systems.

For privacy questions, data-access requests, or deletion support, contact support@intaraf.com.

2. Data we collect

Depending on how you use the service, we may collect and process:

Account and identity data: email address, phone number, name, username, profile fields, language, visibility settings, OTP verification records, session metadata, and account status.
User content: listings, descriptions, prices, reviews, chat messages, uploaded photos, uploaded videos, business profile information, reports, claims, and support or refund submissions.
Location and local-context data: country, city, manual address, latitude/longitude when you provide or confirm them, and approximate geo context used to tailor the local experience.
Wallet and billing data: wallet balance, ledger entries, refund requests, payment identifiers, checkout metadata, and purchase or failure events received from payment providers.
Device, delivery, and diagnostics data: IP address, user agent, locale, app version, push token, notification delivery state, abuse-prevention logs, and security-related operational records.

3. How we use data

We use data to operate and improve the service, including to:

create and secure accounts, verify identity, and maintain sessions;
publish listings, power chat, reviews, wallet, refund, and support workflows;
deliver OTP messages, receipts, product notifications, and safety or admin messages;
localize and translate content, infer listing metadata, and support AI-assisted features;
prevent spam, abuse, fraud, unauthorized access, and payment misuse;
comply with legal obligations, defend claims, and maintain records required for security or accounting.

4. Legal bases where applicable

Where privacy law requires a legal basis, we generally process data because it is necessary to provide the service you ask us to provide, because you have given consent for specific features or storage choices, because we have legitimate interests in operating and securing the platform, or because we must comply with legal obligations.

5. Cookies, local storage, and similar technologies

inTaraf uses cookies, local storage, session storage, and similar browser-side storage to keep the service working and to remember user choices.

Essential storage: required for login, security, and core service integrity.
Functional storage: used for settings such as UI preferences, language, and local experience controls.
Third-party related storage: used when optional external services are enabled or needed, such as translation and push-capable integrations.

Some browser-side storage is necessary for the service to function. You can manage certain preference categories through the consent flow provided by the site.

6. Data sharing and service providers

We do not sell personal data. We share data only as needed to operate the service, process user-requested actions, comply with law, or protect the platform.

Cloudflare: hosting, content delivery, edge compute, storage, queues, and video services.
Stripe: browser checkout, payment events, and wallet top-up processing.
RevenueCat: mobile billing event handling and store-purchase reconciliation.
Firebase Cloud Messaging: push notification delivery.
Twilio: SMS OTP delivery.
ZeptoMail / Zoho: email OTP and transactional email delivery.
Google Cloud Translation: translation and related language features when those features are used.
Map and geocoding services: MapLibre/OpenStreetMap tile services and Nominatim-style geocoding flows.
Cloudflare Stream: video upload, storage, playback, and usage tracking when video is used.
sim2link: optional integration data if you choose to connect or verify that service.

7. Notifications and communications

We send service-related emails and, where enabled, push notifications. Some notices are essential and cannot be disabled, such as OTP login emails, wallet top-up receipts, and certain admin or security messages.

Chat push notifications may be sent for each new message.
Chat email reminders are rate-limited to reduce inbox volume.
Payment failures, refund or chargeback events, listing lifecycle changes, and low-balance events may trigger alerts.
You can manage many notification preferences in Settings.

8. Retention

We retain data for as long as reasonably necessary to operate the service, provide support, prevent abuse, comply with law, resolve disputes, or protect users and the platform.

Active account and listing data are generally retained while the account remains in use.
Security, support, refund, accounting, dispute, and abuse-prevention records may be retained longer when necessary.
Local browser storage remains on your device until you clear it or it expires.

9. Account deletion and what happens to data

This section is our public account-deletion resource. If you want to delete your inTaraf account, sign in and go to Settings > Delete account. If you cannot access the account, contact support@intaraf.com from your registered email address and mention account deletion.

When account deletion is completed, the system currently does the following:

removes or anonymizes profile data, contact details, business profile data, sessions, OTP records, and integrations;
archives owned listings and removes them from active discovery and related search surfaces;
deletes wallet records in active account context, review media, and related feature-session data;
preserves some conversation and review history as anonymous or deleted-user history where needed for platform integrity;
retains certain support, audit, refund, dispute, fraud-prevention, and legally required records where necessary.

Admin accounts may require manual handling rather than the self-service deletion flow.

Open deletion settings Email support

10. Security and international processing

We use technical and organizational safeguards intended to protect data, including HTTPS, credential checks, controlled access to backend systems, and provider-level security features. No service can guarantee absolute security.

Because we use cloud and communication providers, data may be processed in different countries depending on the provider, the route used, and your location. Where required, we rely on contractual and technical safeguards to support those transfers.

11. Your choices and rights

You can usually do the following directly through the product or by contacting us:

access and update profile information;
change language, accessibility, cookie, and notification preferences;
request account deletion;
ask questions about how your data is handled.

Depending on where you live, you may also have additional legal rights relating to access, correction, deletion, restriction, objection, portability, or complaint to a regulator.

12. Children and sensitive situations

The service is not intended for unlawful use or for users who are not legally able to use the service in their jurisdiction. If you believe personal data has been provided to us improperly, contact support@intaraf.com.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date and post the updated version on this page. Material operational changes may also be reflected in product notices or store disclosures where appropriate.