Privacy Policy for Extraa

Extraa processes customer, merchant, support, and transaction data so the marketplace, booking flows, business tools, and payment operations can function securely and efficiently.

Effective date: June 2, 2026

We collect only the categories of information reasonably needed to operate accounts, bookings, merchant dashboards, customer support, fraud controls, and business reporting.

We may combine information from direct user submissions, merchant-provided details, booking behavior, support interactions, analytics tools, payment providers, and device/session signals.

We retain records for operational, legal, dispute-resolution, accounting, fraud-prevention, and compliance reasons for as long as reasonably necessary.

Scope and role of the platform

Extraa provides a UAE-focused marketplace and operating platform for businesses, clinics, salons, wellness venues, service providers, and customers. This policy applies to personal data processed through extraa.ae, our applications, business dashboards, support channels, and related service interactions.

Depending on the workflow, we may act as an independent controller of platform data, or a service provider processing business-related operational data on behalf of a merchant account. The context of the interaction determines the role that applies.

Information we collect

Identity and account details such as name, email, phone number, login credentials, profile preferences, and account role.
Booking and operational details such as selected service, merchant, branch, professional, date, time, notes, appointment history, cancellations, disputes, and support communications.
Commercial and merchant data such as legal name, public listing data, owner contact details, trade licence details, registration details, payout account data, and usage of business tools.
Technical and analytics data such as device type, browser data, IP-derived location signals, pages viewed, session events, referral sources, and fraud or abuse indicators.
Payment and settlement metadata supplied by payment processors or banking workflows, including status, masked identifiers, provider references, payout status, and reserve or reversal events.

How we use information

To create and manage accounts, authenticate users, and protect the integrity of our systems.
To facilitate bookings, communicate transaction updates, operate merchant workflows, and maintain customer histories.
To process or coordinate deposits, confirmations, settlements, refunds, chargebacks, and payout controls.
To provide support, investigate complaints, enforce our rules, detect abuse, and maintain audit trails.
To improve marketplace ranking, search quality, product reliability, onboarding quality, merchant performance review, and business reporting.
To meet legal, regulatory, accounting, tax, fraud-prevention, and dispute-resolution obligations.

Legal basis, disclosures, and sharing

We process information where reasonably necessary to deliver the requested service, administer legitimate platform operations, protect users and the platform, comply with law, or pursue other lawful grounds available under applicable data protection frameworks.

We may share data with merchants involved in a booking, service providers that support hosting, analytics, authentication, communications, payment operations, customer support, security, fraud prevention, professional advisers, auditors, acquirers, or competent authorities where disclosure is reasonably necessary.

We do not sell personal data as an independent commercial data broker. We may, however, use service providers and operational partners that process data under our instructions or within the transaction requested by the user.

Retention, security, and user rights

We retain data for as long as needed to run the platform, maintain historical booking and payout records, resolve disputes, enforce our agreements, comply with legal and financial obligations, and defend our rights. Different categories of records may have different retention periods.

Users may request access, correction, or deletion of eligible personal data, subject to identity verification, technical feasibility, legal retention duties, fraud-prevention needs, platform security, and evidentiary preservation requirements. Some data may be retained in backups, logs, archives, or transaction records where deletion is not immediately practicable or legally permitted.

Cross-border handling and updates

Some service providers or infrastructure layers may store or process data in locations outside the UAE. Where this occurs, we take reasonable steps to use providers and operational measures that are consistent with appropriate security and contractual controls.

We may update this policy from time to time. Material updates may be published on extraa.ae, referenced in product flows, or otherwise communicated through reasonable channels. Continued use after the effective date of an updated version indicates acceptance of the revised policy to the extent permitted by law.