Trust & Compliance

Privacy Policy

Effective Date: May 29, 2026

This Privacy Policy describes how SharkBand collects, uses, stores, shares, and protects your personal data when you use the SharkBand mobile application, website (hosted at sharkband.biz), and related loyalty platform services. SharkBand is operated by the SharkBand Team ("we", "us", "our").

1. Introduction

At SharkBand, we respect your privacy and are committed to protecting the sensitive user and device data you entrust to us. This policy comprehensive details how we process personal data to deliver a seamless, secure, and universal coalition loyalty service. We aim to ensure full transparency and compliance with relevant legal standards, including Qatar’s Personal Data Privacy Protection Law (Law No. 13 of 2016), as well as Google Play Store and Apple App Store privacy policies and developer requirements.

2. Information We Collect

The exact categories of personal and device data we collect depend on how you interact with our platform and the permissions you grant us. We may collect and process the following information:

  • User Name & Contact Details: Name and email address provided during account creation to verify and personalize your profile.
  • Account Details: Unique account IDs, credentials, and loyalty profile identifiers.
  • Device Identifiers: IP addresses, operating system version, unique device identifiers, device models, and app version details to ensure security and prevent platform abuse.
  • Loyalty Transaction History: Records of points earned, rewards redeemed, timestamps of scans, and point balances across different participating merchants.
  • Merchant Interaction History: Scans, activity logs, and visits registered at participating shops, cafés, gyms, salons, or restaurants when you scan or use SharkBand with a merchant.
  • Security Token Data: Temporary security hashes, cryptographic payloads, and timestamps generated by our rotating HMAC-SHA256 QR system.
  • Technical Logs: App diagnostics, performance metrics, and error logs collected for system stability and fraud-prevention purposes.

3. How We Use Information

We process your information using reasonable safeguards to achieve specific, legitimate business purposes related to operating the coalition loyalty system. We use collected data to:

  • Create, maintain, and secure your universal loyalty wallet and account.
  • Provide and operate the primary features of SharkBand, including points issuance, QR scanning, and reward redemptions.
  • Process, log, and sync your loyalty transactions and scans at participating merchants in real-time.
  • Verify and validate your transactions to prevent unauthorized usage or replay attacks.
  • Maintain robust platform security, enforce our terms, and mitigate fraud and abuse.
  • Monitor, analyze, and optimize app performance, stability, and website responsiveness.
  • Provide responsive user assistance and resolve loyalty balance questions.
  • Comply with applicable legal requirements, regulatory processes, and requests from public authorities.

4. Rotating QR Tokens and Transaction Security

To deliver a secure, hardware-free loyalty scanning platform, SharkBand implements a secure QR code generation system based on time-rotating HMAC-SHA256 security tokens. This security framework functions under the following guidelines:

  • Verification & Security: The time-rotating tokens are designed to verify legitimate, real-time scans and block malicious attempts to duplicate or replay QR codes.
  • Rotation/Expiration: The QR code dynamically expires and rotates at regular short intervals, meaning old codes cannot be scanned or faked.
  • Data Minimization: Cryptographic token data is processed solely for secure checkouts and validation. These security tokens are strictly temporary and are never sold or rented.
  • Transaction Processing: Scanning at a participating merchant triggers token processing on our secure servers to match the transaction to your profile.

5. How We Share Information

Important: SharkBand does not sell, rent, or trade your personal data to third parties for marketing or other commercial purposes.

We share user data only in the following limited and necessary circumstances:

  • With Merchants: When you actively scan or use your SharkBand QR at a participating merchant, we share only the necessary transaction-related information (such as your name, account identifier, and loyalty transaction context) needed for that merchant to issue points, redeem your rewards, and update your balance. Merchants receive only the information reasonably necessary to process the loyalty interaction.
  • With Service Providers: We may share data with trusted infrastructure and service partners that host our servers, analyze app performance, or assist in platform security, under strict confidentiality and security agreements.
  • For Legal & Security Compliance: We may disclose information if required to do so by applicable law, in response to legal processes, to protect safety and security, or to defend the rights and property of SharkBand, our merchants, and our users.

6. Data Storage and Security

We host our systems and database schemas in secure cloud environments (such as Microsoft Azure regions) with modern security safeguards. We implement reasonable technical and organizational measures to protect your personal data from loss, theft, misuse, unauthorized access, disclosure, alteration, or destruction. These measures include encryption in transit and at rest, identity and access management controls, secure API protocols, and transaction logs. While we apply standard industry controls to safeguard your data, no method of electronic transmission or cloud storage is completely secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your personal information, loyalty history, and account activity only as long as your account is active or as reasonably necessary to fulfill the purposes for which it was collected. We also retain and use data to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our platform agreements.

8. User Rights

We believe in giving you control over your personal data. Depending on your location and subject to applicable local regulations, you have the following rights regarding your data:

  • Right to Access: You can review your loyalty balances, profile details, and transaction history directly in the SharkBand app.
  • Right to Correction: You may request updates to correct inaccurate or outdated profile information.
  • Right to Deletion: You may request the deletion of your account and associated personal data at any time.
  • Right to Restrict Processing: You can request that we restrict or object to how your data is processed in certain situations.

To exercise any of these rights, or to submit any questions regarding our data practices, please contact our privacy team. We handle all privacy requests promptly and in compliance with regulatory standards:

Sharkband Privacy Team Email us at: support@sharkband.dev

9. Children’s Privacy

Our platform is not intended to knowingly collect personal information from children under the age of 13. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately at support@sharkband.dev. Upon verification, we will take immediate steps to delete the information from our servers.

10. Qatar PDPL Compliance

SharkBand is designed to align with the privacy principles outlined in Qatar's Personal Data Privacy Protection Law, Law No. 13 of 2016 (PDPL), where applicable. In accordance with the PDPL, we process personal data honestly, fairly, and securely for the specific, disclosed loyalty tracking purposes for which you have provided consent. We respect users' rights to control their personal data, and we maintain an audit trail of loyalty interactions to ensure transparency and accountability.

11. International Users

If you access SharkBand from outside the State of Qatar, please note that your personal information and transaction logs may be transferred to and processed in locations where our cloud hosts, service providers, and database systems operate. We implement appropriate safeguards to protect your data regardless of where it is stored or processed.

12. Third-Party Services

We may integrate trusted third-party infrastructure components (including cloud hosting platforms, crash reporting suites, secure authentication tools, and push notification systems) to ensure app performance and platform security. These third-party services process data in accordance with their respective privacy policies and security agreements, and are legally bound to protect your information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our app features, platform functionality, legal obligations, or regulatory expectations. We will post any updated policy versions on this page and revise the "Effective Date" at the top. We encourage you to review this Privacy Policy regularly to stay informed about how we safeguard your information.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact our privacy team at:

Sharkband Privacy Team
Doha, Qatar
Email: support@sharkband.dev