Privacy Policy

Last updated: 17 May 2026

1. Introduction

DUCTly ("we," "us," or "our") is a duct cleaning and HVAC maintenance service operating in the United Arab Emirates. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with UAE Federal Decree-Law No. 45/2021 on the Protection of Personal Data (PDPL).

2. Data We Collect

We collect the following personal data when you book a service:

  • Contact information: Full name, email address, phone number
  • Service address: Property address where the service will be performed
  • Property details: Property type (villa, apartment, office), number of bedrooms, number of thermostats
  • Payment data: Processed securely by Stripe — we never store your card details
  • Booking data: Selected date, time, and service plan

3. How We Use Your Data

  • To schedule and deliver our duct cleaning services
  • To process payments via our payment provider (Stripe)
  • To send booking confirmations and service reminders
  • To assign the optimal service team based on location and availability
  • To improve our scheduling and route optimization
  • To respond to your inquiries and support requests

4. Data Storage and Security

Your data is stored securely using Supabase (hosted on AWS infrastructure). We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) for all communications
  • Row-level security policies on all database tables
  • Service-role separation between public and admin access
  • HTTPS-only connections with HSTS enforcement

5. Third-Party Services

We share your data with the following third parties, solely for service delivery:

  • Stripe (Ireland): Payment processing — receives name, email, phone, billing address (PCI DSS compliant)
  • Supabase (AWS, EU): Database and authentication hosting — stores all booking and customer records
  • Google (Maps Platform): Address geocoding, autocomplete, and travel-time calculation — receives the service address you enter
  • Twilio (USA): WhatsApp Business API provider that delivers booking confirmations and reminders — receives your phone number and the message contents.
  • n8n (self-hosted by Ductly): Internal workflow automation that dispatches teams and triggers notifications — processes booking data on our infrastructure
  • OpenRouter (USA): LLM provider used for two distinct purposes. (1) Team-assignment optimisation: receives anonymised booking metadata only — no name, email, or phone. (2) Customer support chatbot on our landing page: receives the free-form messages you type into the chat widget along with the conversation history of that session. Do not paste sensitive personal information into the chatbot.

We do not sell your data to any third party.

6. Your Rights

Under the UAE PDPL, you have the right to:

  • Access your personal data we hold
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal obligations)
  • Withdraw consent for data processing
  • Object to automated decision-making

Self-service: Every booking confirmation email includes a personal management link (e.g. ductly.ae/manage/<your-token>). Using that token you can:

  • Download your data: GET /api/me/export?token=<your-token> returns a JSON file with every record we hold about you.
  • Delete your account: POST /api/me/delete with { "token": "<your-token>" } anonymises your personal data. Booking and payment records are retained for the period required by UAE commercial law (see section 7), but your name, email, and phone number are removed.

If you can't find your management link or need help, contact us at info@ductly.ae.

7. Data Retention

We retain your personal data for 24 months after your last booking. Payment, invoice, and tax records are retained for 5 years as required by UAE commercial and tax law (Federal Decree-Law No. 28 of 2022 on Tax Procedures). When you request deletion via Section 6, we anonymise your customer record immediately but retain the anonymised booking records until the 5-year period elapses.

8. Contact

For privacy-related inquiries:
Email: info@ductly.ae
DUCTly, Dubai, United Arab Emirates