Legal

Privacy Policy

How we handle personal data for the website, APIs, mobile app, and related services.

Effective date: 14 July 2026

1. Controller

The data controller is WAFRA IT Solutions, Doha, Qatar.

2. Scope

This Policy covers wafra.net, our APIs, mobile app, and related services.

3. Data we collect

  • Identity/account: name, email, password hash, OTP
  • Billing: Tap identifiers, tokenized card references, last4, brand, expiry, invoices, and payment history (no full PAN stored by WAFRA)
  • Domain contacts (registrant/admin/tech/billing); for .com.qa / .net.qa: CR documents, trade license file, trading license number
  • Hosting: plan, region/provider, IPs, hostnames, panel credentials for delivery, backup metadata, provisioning/agent status
  • Technical: IP address, device/app info, logs, captcha/Turnstile outcomes

4. Purposes

We process data to provide services; register and renew domains; provision and bill servers; support auto-renewal; maintain security; provide support; comply with law; and improve the service.

5. Legal bases

Contract performance; legitimate interests (security); consent where required; and legal obligation (registry/CRA/PDPPL as applicable).

6. Sharing / subprocessors

RecipientPurpose
Tap PaymentsPayment processing
HetznerCloud/dedicated infrastructure
Google CloudCloud infrastructure (customer-selected regions)
CentralNic / RRPproxyNon-.qa domain operations
Qatar Domains Registry (via CRA registrar stack).qa domains
Database host (Supabase)Application data storage
Backblaze B2Backup storage
Email delivery providerTransactional email
Captcha provider (e.g. Turnstile)Bot protection

7. International transfers

Data may be processed outside Qatar (EU or other regions depending on Hetzner, GCP, B2, and other subprocessors). We disclose this transparently under PDPPL principles.

8. Retention

Account data while active; billing records as required by law/accounting; hosting order records removed on cancel or permanent delete as implemented; registry WHOIS data retained per registry rules even if a local account is deleted.

9. Security

We apply appropriate technical and organizational measures. No method of transmission or storage is absolutely secure.

10. Your rights

You may request access, correction, and other PDPPL rights via support@wafra.net. Some registry data cannot be deleted on request.

11. Children

Our services are not directed to under-18s.

12. Cookies

See our Cookie Policy.

13. Changes & contact

We may update this Policy. For complaints you may also escalate to the competent authority or CRA consumer path where applicable.

WAFRA IT Solutions

Email: support@wafra.net

Phone: +974 7020 2010

Address: Doha, Qatar

© 2026 WAFRA IT Solutions. All rights reserved.