Privacy Policy

Last updated: April 2026

1. Introduction

DUCTly ("we," "us," or "our") is a duct cleaning and HVAC maintenance service operating in the United Arab Emirates. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with UAE Federal Decree-Law No. 45/2021 on the Protection of Personal Data (PDPL).

2. Data We Collect

We collect the following personal data when you book a service:

  • Contact information: Full name, email address, phone number
  • Service address: Property address where the service will be performed
  • Property details: Property type (villa, apartment, office), number of bedrooms, number of thermostats
  • Payment data: Processed securely by Stripe — we never store your card details
  • Booking data: Selected date, time, and service plan

3. How We Use Your Data

  • To schedule and deliver our duct cleaning services
  • To process payments via our payment provider (Stripe)
  • To send booking confirmations and service reminders
  • To assign the optimal service team based on location and availability
  • To improve our scheduling and route optimization
  • To respond to your inquiries and support requests

4. Data Storage and Security

Your data is stored securely using Supabase (hosted on AWS infrastructure). We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+) for all communications
  • Row-level security policies on all database tables
  • Service-role separation between public and admin access
  • HTTPS-only connections with HSTS enforcement

5. Third-Party Services

We share your data with the following third parties, solely for service delivery:

  • Stripe: Payment processing (PCI DSS compliant)
  • Google Maps: Address geocoding and travel time calculation
  • Supabase: Database hosting and authentication

We do not sell your data to any third party.

6. Your Rights

Under the UAE PDPL, you have the right to:

  • Access your personal data we hold
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal obligations)
  • Withdraw consent for data processing
  • Object to automated decision-making

To exercise these rights, contact us at privacy@ductly.ae.

7. Data Retention

We retain your personal data for 24 months after your last booking. Payment records are retained for 5 years as required by UAE commercial law. You may request early deletion by contacting us.

8. Contact

For privacy-related inquiries:
Email: privacy@ductly.ae
DUCTly, Dubai, United Arab Emirates