Privacy Policy
This Policy explains what data Waei collects, why we collect it, where we store it, and what rights you have over it. We've written it in plain English. If anything is unclear, email hello@waei.ae.
The short version: Your fleet data is yours. We store it securely on professional cloud infrastructure. We don't sell it, share it with advertisers, or use it to train AI models. Each fleet's data is isolated from every other fleet at the database level. You can export or delete your data at any time.
1.Who we are
Waei is a fleet maintenance platform serving UAE-based small and medium fleet operators. Waei is currently operated as an independent service while we work with our first wave of customers, with formal incorporation planned.
Throughout this Policy, "Waei", "we", "us" refer to the team operating the service. "You" refers to anyone whose data we hold — usually a user of our platform or someone whose data has been entered by a Waei customer.
2.What data we collect
We collect three kinds of data:
2.1 Account data (about you, the user)
| What | Why |
|---|---|
| Email address | Logging you in and identifying who took which action |
| Name (optional) | Display in the app and on activity logs |
| Role (manager, supervisor, mechanic) | Determining what you can see and do |
| Fleet ID | Connecting you to the right fleet's data |
| Login timestamps | Security audit and troubleshooting |
2.2 Fleet operational data (entered by you)
| What | Why |
|---|---|
| Vehicle details (plate, make, model, dates) | Tracking your fleet |
| Repair records, parts, labour, vendors, costs | Maintenance history and cost tracking |
| Defect reports and photos | Workflow from reporting to repair |
| Driver records (name, license, phone, assignments) | Knowing who drives what |
| Compliance dates (registration, insurance, MOT) | Alerting you before expiry |
| Invoice images and extracted data | AI invoice scanning and audit trail |
| Settings (fleet name, owner, timezone, currency) | Configuring the app for your fleet |
2.3 Technical data (collected automatically)
| What | Why |
|---|---|
| IP address (during requests) | Routing and basic security |
| Browser type and device | Compatibility and bug fixes |
| Error logs (when the app encounters an error) | Diagnosing and fixing problems |
| Analytics events (page views, basic usage) | Understanding what features are useful |
We do not collect: payment card numbers (we don't process payments yet), social security or similar national ID numbers, biometric data, location tracking, or anything we don't need to provide the service.
3.How we use your data
We use your data for the following purposes only:
- Operating the service — displaying your data back to you, running features you've activated, sending OTP codes for login, alerting on compliance deadlines
- Customer support — diagnosing problems you report
- Security — preventing unauthorized access and detecting suspicious activity
- Service improvement — understanding which features are used (in aggregate, anonymized form)
- Legal compliance — responding to lawful requests, fulfilling tax or audit obligations once applicable
We do NOT use your data to:
- Sell or rent it to third parties
- Show advertisements
- Train AI models without explicit consent
- Build profiles of you for marketing
4.Where your data is stored
Your data is stored on professional cloud infrastructure operated by reputable third-party providers. Specifically:
| Category | What & Where |
|---|---|
| Database & storage | Your fleet's structured data, photos, and uploaded files are stored on managed cloud database and object storage services. Data is hosted in a region selected for business and customer convenience. Encrypted at rest and in transit. |
| Authentication | Email addresses and login session data are handled by a managed authentication service operating in the same region as the database. |
| Web hosting & CDN | The web app and website are served via a global content-delivery network. Requests pass through edge locations near you. |
| AI processing | Invoice images you upload are processed by an AI provider to extract structured data (vendor, amounts, line items). The provider operates under contractual terms that prohibit storing the data after processing. |
| Transactional email | Delivery of OTP codes and notifications is handled by a managed email-sending service. |
The hosting region is selected to balance regulatory compatibility, performance for UAE customers, and operational practicality. If your organization has specific data residency requirements or needs to know the identity of specific sub-processors, contact us at hello@waei.ae — we can share details under appropriate confidentiality.
5.How your data is protected
We take security seriously. Specific safeguards include:
- Encryption in transit: All connections to Waei use HTTPS/TLS
- Encryption at rest: Database and storage are encrypted by the underlying cloud provider
- Multi-tenant isolation: Each fleet's data is segregated at the database level using PostgreSQL Row-Level Security. Users from one fleet cannot read or modify data from another fleet.
- Role-based access: Within a fleet, managers, supervisors, and mechanics see different data based on their role
- Email-based authentication: No shared passwords. Each user logs in with their own email and a one-time code
- Append-only audit logs: Error logs cannot be modified or deleted by users, preserving the audit trail
- Bot protection: Edge-network bot protection is enabled to deter automated attacks
No system is 100% secure, but we work hard to make Waei significantly safer than the spreadsheets and WhatsApp groups it replaces. If you discover a security issue, please email hello@waei.ae — we appreciate responsible disclosure.
6.Sharing your data
We share your data only in these limited circumstances:
- With our infrastructure providers (listed in section 4) — they process data on our behalf to deliver the service
- With your authorized team members — those you've added to your fleet via the Admin → Team page
- If legally required — for example, in response to a valid court order or regulatory request. We will notify you where legally permitted.
- To protect our service or other users — for example, to investigate fraud or security incidents
We do not sell your data. We do not share your data for advertising or marketing.
7.How long we keep your data
While your account is active, we keep your fleet data so the service works. Specifically:
- Vehicles, repairs, defects, drivers, costs: kept indefinitely while you're a customer (this is the value of the service — historical records)
- Photos and invoice images: same
- Login records and error logs: retained for at least 90 days for security audit; aggregated longer
- Account closure: after you close your account, we hold your data for up to 90 days to allow data export and account reversal, then permanently delete it unless legally required to retain
Backup snapshots may persist for up to an additional 30 days after permanent deletion, after which they are also purged.
8.Your rights
You have meaningful rights over your data:
- Access: Most of your data is visible in the app. For data not visible (e.g. system-level logs), email us
- Export: You can export your fleet data at any time, in CSV format, via the app
- Correction: You can edit your fleet's data directly in the app. For corrections to system fields, contact us.
- Deletion: You can ask us to delete your account and all associated data. Some records may be retained briefly for legal or backup purposes (see section 7)
- Restriction or objection: You can ask us to stop processing your data in certain ways. We'll do our best to honor reasonable requests.
- Complaint: If you believe we've mishandled your data, please tell us first so we can fix it. You also have the right to contact a UAE data protection authority.
To exercise any of these rights, email hello@waei.ae. We respond within one working day.
9.Cookies and similar technologies
The Waei app uses your browser's local storage to remember your login session, your fleet ID, and a few user preferences. It does not use tracking cookies for advertising. The www.waei.ae website may use basic analytics cookies to count visitors — we don't profile or retarget individuals.
10.Children
Waei is built for businesses managing commercial fleets. It is not intended for use by children. We don't knowingly collect data from anyone under 18. If you believe we've inadvertently received such data, contact us and we'll delete it.
11.Changes to this Policy
We may update this Privacy Policy as our practices evolve — for instance, when we incorporate, add new features, or change providers.
For material changes, we'll notify active customers by email at least 30 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent change.
12.How to contact us
For any privacy-related question, request, or concern:
- Email: hello@waei.ae
- Subject line: "Privacy" helps us route it correctly
We aim to respond within one working day, often the same day.