Privacy Policy

1. Introduction

This Privacy Policy describes how Golder (also known as ZahabSaaS) collects, uses, stores, and protects information when you register for, access, or use our platform, whether through the web or the mobile application.

By creating a Golder account, you acknowledge that you have read and understood this policy. If you do not agree with any part of it, please do not use the service.

2. Definitions

For clarity, the following terms carry specific meanings throughout this policy:

• “Personal data” means any information that identifies or can identify a natural person.
• “Processing” means any operation performed on data, such as collecting, storing, using, transmitting, or deleting it.
• “Controller” means Golder, the entity that decides why and how personal data is processed.
• “Processor” means a third party that processes data on our behalf under our instructions.
• “You” means the account owner, an authorized user, or any natural person whose data we process.

3. Information we collect

We collect only what we need to deliver and improve the service. We do not ask for, and never knowingly collect, sensitive information such as national ID numbers, banking credentials, biometrics, or health data.

Account information

• Full name and phone number of the account owner.
• Shop (business) name and physical address.
• Authorized users you invite and the role you assign to each.

Shop and usage data

• Inventory records, sales, purchases, and cash register movements you enter.
• Branches, karat categories, pricing rules, and configuration settings.
• Reports, exports, and activity history generated while you use the service.

Technical and device data

• Device type, operating system, and application version.
• IP address, approximate region, and language preference.
• Diagnostic logs needed to investigate errors and protect the service.

4. Legal basis for processing

Depending on the activity, we rely on one of the following legal bases to process your data:

• Performance of a contract — to provide the service you subscribed to.
• Legitimate interests — to keep the platform secure, prevent abuse, and improve features.
• Consent — where you have explicitly opted in, such as for optional communications.
• Legal obligations — where processing is required by applicable law.

5. How we use your information

We use the data we collect strictly to run Golder and support you. In particular, we use it to:

• Provide the core features: inventory, sales, cash, branches, reports, and pricing.
• Issue invoices, track subscriptions, and confirm payments.
• Provide technical support and respond to your questions.
• Detect fraud, unauthorized access, and misuse of the platform.
• Measure aggregate usage patterns to prioritize improvements. Analytics are always anonymized at the account level.

We never sell your data and never share it with advertisers or marketing networks.

6. Cookies and similar technologies

We use a minimal set of cookies and local storage entries. We do not use advertising trackers and do not embed third-party analytics that profile you across other sites.

Strictly necessary

• Authentication cookies that keep you signed in to your account.
• CSRF tokens that protect forms from cross-site request forgery.
• Session identifiers used only for the duration of your visit.

Preferences

• Language preference (Arabic or English).
• Theme (light or dark) and layout preferences.

You can clear cookies at any time through your browser, but doing so will sign you out and reset your preferences.

7. Sharing and sub-processors

We share data only with a small set of trusted providers that help us deliver the service. Every provider is bound by a written agreement and processes data only on our instructions.

• Hosting and database — cloud infrastructure providers that host the platform and your encrypted data.
• Messaging — WhatsApp (Meta) for support and service-related communications.
• Market data — official Telegram channels used as input for gold price parsing.
• Payments — Sham Cash for subscription billing and payment confirmation.

We do not share data with any other party except when strictly required by law and only to the minimum extent necessary.

8. International data transfers

Golder operates between Syria and Turkey. Your data may be stored or processed in either country, as well as in data centers operated by our hosting provider.

Wherever your data is located, we apply the same technical and organizational safeguards — encryption, access control, and contractual confidentiality — to ensure it stays protected.

9. Data retention

We keep your data only as long as there is a clear purpose for doing so:

• Active accounts — for the full duration of your subscription.
• Cancelled accounts — for 90 days after cancellation so you can return and recover your data.
• Invoices and payment records — as long as required by applicable tax and accounting laws.
• Diagnostic logs — typically 30 days, and longer only when needed to investigate an incident.

At the end of each retention period, data is permanently deleted from active systems, with encrypted backups expiring on a rolling cycle.

10. Your rights

You have strong rights over your data, and we make it easy to exercise them. You can:

• Access a copy of the personal data we hold about you.
• Correct inaccurate or outdated information in your account.
• Request deletion of your data, subject to legal retention requirements.
• Object to, or restrict, certain kinds of processing.
• Request export of your data in a portable, machine-readable format.
• Withdraw any consent you previously gave, at any time.
• File a complaint with the competent data protection authority in your country.

To exercise any of these rights, contact us using the details at the end of this policy. We respond within seven business days.

11. Data security and breach notification

We apply layered security controls to protect your data:

• Encryption in transit (TLS) and at rest for databases and backups.
• Role-based access control with least-privilege permissions for our team.
• Regular patching, dependency monitoring, and vulnerability review.
• Audit logs for sensitive operations and administrative actions.

If a breach affects your personal data and is likely to create a risk for you, we will notify you without undue delay and, where possible, within 72 hours of becoming aware of it, together with guidance on the steps we and you can take in response.

12. Children’s privacy

Golder is a business platform intended for adults who operate or work in a gold shop. The service is not directed at children under 18 and we do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy to reflect changes in the service, our practices, or applicable law. When we make material changes, we will revise the “Last updated” date at the top of this page and, where appropriate, notify you by in-app message or WhatsApp.

Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

14. Contact us

For any question related to your privacy, your data, or this policy, reach us through any of the channels listed in the Contact section below. We take every request seriously and reply in order of arrival.

Privacy contact

• Email: legal@golder.app
• WhatsApp: +90 553 732 3153 · +963 992 367 582
• Address: Golder — Istanbul, Turkey