Scarvat
Draft — pending legal review. This text is non-binding until reviewed by counsel.

Privacy Policy

Last updated: 2026-05-12

1. Who we are

"Scarvat" is a brand operated by Openly Technology Co. L.L.C, registered in the United Arab Emirates (F1-126, Dubai Investment Park First, Dubai). We operate the storefront at offer.scarvat.com.

2. Data we collect

  • Order data: name, shipping address, phone number, email address.
  • Payment data: your card is processed directly by Stripe. Card numbers never touch our servers.
  • Technical data: IP address, browser and operating system, referring page, visit time.
  • Approximate location: we derive your country from your IP address to route locale (English vs. Arabic landing) and to determine product availability in your market. This mapping is computed on each request and the IP-to-country table itself is not retained.
  • Session & verification cookies: strictly necessary cookies used to keep you signed in and your cart together.
  • Marketing & analytics cookies (optional): set only after you accept them in our cookie banner.

3. How we use your data

  • To fulfil orders, deliver products, and answer customer questions.
  • To prevent fraud and resolve disputes — including sharing fraud-signals with Stripe.
  • To measure advertising performance, if you consent to marketing cookies.
  • To meet our legal, accounting, and tax obligations.

4. Sharing with third parties (sub-processors)

We share the minimum data needed with the following sub-processors:

  • Stripe Inc. — payment processing and fraud prevention. We transmit to Stripe as part of the PaymentIntent payload: the customer's IP address, SHA-256-hashed email and phone number, device and browser fingerprint metadata, and page-context fields (which landing page, which campaign). Stripe uses this data for risk scoring and to resolve chargebacks. See Stripe's own privacy notice.
  • Cloudflare, Inc. — network protection and Turnstile (bot verification).
  • Shipping carriers, depending on destination.
  • Advertising platforms (Meta, Google, TikTok, Snap, LinkedIn) — only when you have opted-in to marketing cookies and a specific tracker has been activated.

5. Data retention

  • Order and invoice records: as required by UAE law (currently 7 years).
  • Stripe payment records: per Stripe's own retention policy.
  • Marketing & analytics cookies: expire automatically per the schedule on the Cookies page.

6. Your rights

You can request access to, correction of, deletion of, or portability of your personal data, and you can withdraw your cookie consent at any time. To exercise any of these rights, or to reach our data-protection contact, write to terms@openly.ae.

7. Security

We use TLS in transit, Argon2 password hashing, and network isolation between services. No system is 100% secure, but we apply reasonable industry controls.

8. Updates

We will update this policy as our practices change. Please check the "Last updated" date at the top of the page.

Operator: Openly Technology Co. L.L.C — F1-126, Dubai Investment Park First, Dubai, United Arab Emirates. Contact: terms@openly.ae.