Privacy Policy

Interpretation and Definitions

Interpretation

Words with an initial capital letter have meanings defined below. These definitions apply whether the terms appear in singular or plural form.

Definitions

For the purposes of this Privacy Policy:

Account - Account means a unique account created for You to access our Service or parts of our Service.
Company - SteelCorr (referred to as "the Company", "We", "Us" or "Our") refers to SteelCorr, DMCC, PO Box 38461, United Arab Emirates.
Cookies - Cookies are small files placed on Your computer, mobile device or any other device by a website, containing details of Your browsing history on that website among its many uses.
Country - United Arab Emirates
Device - Any device that can access the Service such as a computer, mobile phone, or digital tablet.
Personal Data - Any information that relates to an identified or identifiable individual.
Service - The web application accessible at https://dpr.steelcorr.com/ and the mobile applications available on iOS and Android.
Service Provider - Any natural or legal person who processes data on behalf of the Company, including third-party companies or individuals employed to facilitate, provide, or analyze the Service.
Usage Data - Data collected automatically from use of the Service or its infrastructure, such as page visit duration, device information, and IP address.
You - The individual accessing or using the Service, or the company or legal entity on behalf of which such individual is accessing or using the Service.

Collecting and Using Your Personal Data

Types of Data Collected

While using Our Service, We may ask You to provide personally identifiable information including, but not limited to:

Email address
First name and last name
Usage Data

Usage Data

Usage Data is collected automatically when using the Service. It may include Your device's IP address, browser type and version, pages or screens visited, time and date of visit, time spent on pages, and unique device identifiers.

When You access the Service through a mobile device, We may additionally collect:

Mobile device type, unique device ID, and mobile operating system
iOS Identifier for Advertisers (IDFA) - collected only with Your explicit consent via Apple's App Tracking Transparency prompt
Android Advertising ID (GAID) - collected only with Your explicit consent via Android permissions
Push notification tokens - if You enable push notifications in the mobile app
App performance and crash telemetry via the Azure Application Insights SDK

Tracking Technologies and Cookies

We use cookies and similar tracking technologies to track activity on Our Service and store certain information. Technologies used include:

Browser Cookies - small files placed on Your device. You can instruct Your browser to refuse all cookies or notify You when a cookie is sent. Refusing cookies may limit some features of the Service.
Web Beacons - small electronic files in certain pages or emails that allow Us to count users who have visited those pages or opened an email, and for related website statistics.
SDK Identifiers - on mobile applications, We use the Azure Application Insights SDK to collect usage and performance data in place of browser cookies.

We use both Session Cookies (deleted when You close Your browser) and Persistent Cookies (remain on Your device for a set period). Categories of cookies used:

Necessary / Essential Cookies - Session Cookies administered by Us. Essential to authenticate users, prevent fraud, and provide the core Service. Cannot be disabled.
Cookie Acceptance Cookies - Persistent Cookies administered by Us. Identify whether users have accepted the use of cookies.
Functionality Cookies - Persistent Cookies administered by Us. Remember choices such as login details or language preference to provide a more personalized experience.
Analytics Cookies - Persistent Cookies administered by Microsoft (Azure App Insights). Collect anonymized usage and performance data to help Us improve the Service. Activated only with Your consent.

For full details of all cookies and tracking identifiers used across the web and mobile platforms, please refer to our Cookie & Tracking Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

To provide and maintain our Service, including monitoring usage and performance.
To manage Your Account and provide access to Service functionalities available to registered users.
For the performance of a contract - development, compliance, and undertaking of any contract with Us through the Service.
To contact You by email, telephone, SMS, or push notifications regarding updates, or information related to contracted services.
To provide news, special offers, and general information about similar goods or services, unless You have opted out.
To manage Your requests submitted to Us.
For business transfers - to evaluate or conduct a merger, acquisition, restructuring, or similar transaction involving Our assets.
For analytics and improvement - data analysis, usage trends, effectiveness of features, and improving the Service.

Sharing Your Personal Data

We may share Your personal information in the following situations:

With Service Providers - Microsoft Azure (hosting, App Insights analytics) and Microsoft Entra ID (authentication). These providers process data only as directed by Us under Data Processing Agreements.
For business transfers - in connection with any merger, sale, financing, or acquisition of all or part of Our business.
With Affiliates - parent company, subsidiaries, or joint venture partners, who are required to honor this Privacy Policy.
With business partners - to offer certain products, services, or promotions.
With Your consent - for any other purpose with Your explicit consent.

Third-Party Service Providers

The following third-party service providers process personal data on Our behalf. Each is bound by a Data Processing Agreement with the Company:

Service Provider	Purpose	Data Processed	Privacy Reference
Microsoft Azure(App Insights)	Performance monitoring & usage analytics on web and mobile	Session data, page views, device info, crash logs	privacy.microsoft.com
Microsoft Entra ID(Azure AD)	User authentication on web app and mobile app	Login credentials, authentication tokens, session state	learn.microsoft.com/azure/ad
Microsoft Azure(Web App Service)	Hosting of web and mobile backend infrastructure	All data transiting or stored on the platform	privacy.microsoft.com

We do not permit these providers to use Your data for their own marketing or advertising purposes.

Retention of Your Personal Data

The Company retains Your Personal Data only for as long as necessary for the purposes set out in this Privacy Policy or as required by applicable UAE law. Specific retention periods are as follows:

Data Type	Retention Period
Account and profile data	Duration of account plus 90 days after deletion request
Authentication logs (Entra ID)	30 days
Azure App Insights telemetry	90 days
Server-side access and security logs	90 days
Usage data (non-identifiable)	Up to 12 months for service improvement
Legal / contractual records	As required by UAE law or regulatory obligation

After the applicable retention period, data is securely deleted or anonymized.

Transfer of Your Personal Data

Your Personal Data is processed on Microsoft Azure infrastructure. Depending on the Azure region configuration, Your data may be transferred to and stored on servers located outside the United Arab Emirates, including within the European Union.

Where such transfers occur, the Company ensures appropriate safeguards are in place, including Data Processing Agreements with Microsoft Corporation that require equivalent standards of data protection.

Your use of the Service and submission of information constitutes Your agreement to such transfer under the safeguards described above.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required by law or in response to valid requests by UAE public authorities such as a court or government agency.

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of users of the Service or the public
Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us. We implement commercially reasonable technical and organizational measures to protect Your data, including HTTPS encryption, Microsoft Azure security controls, role-based access control via Microsoft Entra ID, and secure token storage (iOS Keychain / Android Keystore on mobile). However, no method of transmission over the Internet or method of electronic storage is 100% secure, and We cannot guarantee absolute security.

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Your Rights

You have the following rights regarding Your personal data:

Your Right	What It Covers
Access	Request a copy of the personal data We hold about You
Correction	Request correction of inaccurate or incomplete personal data
Deletion	Request deletion of Your personal data where no longer required
Withdraw Consent	Withdraw previously given consent for non-essential data processing at any time
Portability	Request transfer of Your data to another data controller
Objection	Object to processing based on legitimate interests
Lodge a Complaint	File a complaint with the UAE data protection authority

To exercise any of these rights, please contact Our Data Protection Officer at info@steelcorr.com. We will respond within 30 days. Identity verification may be required before processing Your request.

Links to Other Websites

Our Service may contain links to third-party websites not operated by Us. If You click a third-party link, You will be directed to that site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify You of material changes by posting the updated Privacy Policy on this page, sending a notification via email, displaying a prominent notice on the web application, and sending an in-app notification on the mobile application. The "Last Updated" date at the top of this policy will be revised accordingly.

You are advised to review this Privacy Policy periodically. Changes become effective when posted.