Awriri
Log inGet Started

Legal

Awriri Privacy Policy

Effective date
May 2026
Entity
Aafyah Innovations FZ-LLC (RAKEZ)

Aafyah Innovations FZ-LLC (“Aafyah”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, process, and protect your personal data when you visit the Awriri platform, use our services, connect your Facebook or Instagram accounts, or when we aggregate public information about your professional practice.

This policy is designed to comply with the Saudi Arabia Personal Data Protection Law (KSA PDPL), the United Arab Emirates Personal Data Protection Law (UAE PDPL), and the data handling requirements of the Meta Platform Terms (Facebook, Instagram, and Messenger).

1. Data Controller Identity

Aafyah Innovations FZ-LLC, a Free Zone Limited Liability Company registered in the Ras Al Khaimah Economic Zone (RAKEZ), United Arab Emirates, acts as the Data Controller for the personal data processed on the Awriri platform.

For Enterprise accounts where a hospital or clinic manages profiles on behalf of its doctors, the Enterprise acts as the Data Controller, and Aafyah acts as the Data Processor.

2. What Data We Collect

2.1 Data Collected from Public Sources (Pre-Registration)

Before you register, we may collect and aggregate professional information about you from publicly available sources (such as hospital directories, health portals, booking platforms, and public social media profiles). This data includes:

  • Name and professional title
  • Medical specialty and qualifications
  • Place of practice (clinic/hospital name and address)
  • Publicly available patient reviews and ratings
  • Publicly listed professional contact information

2.2 Data You Provide Directly (Post-Registration)

When you claim your profile or register for an account, we collect:

  • Identity verification documents (e.g., government ID, professional license) processed securely via our verification partners
  • Direct contact information (email address, mobile number)
  • Billing and payment information
  • Any additional professional details you choose to add to your profile
  • Patient contact details (only if you utilize our review generation features, in which case you warrant you have obtained necessary patient consents)

2.3 Data Collected from Meta Platforms (Facebook, Instagram, and Messenger)

When you choose to connect your Facebook Page or Instagram Business account to Awriri, we collect data from the Meta Graph API under the permissions you grant during the official Meta OAuth login flow. The specific permissions Awriri requests, the data each permission gives us access to, and the purpose for which that data is used are listed below.

2.3.1 Instagram permissions

  • instagram_basic — gives Awriri access to your Instagram Business account identifier, username, profile picture, biography, follower count, and the list of your published media. We use this to generate AI recommendations so that profile can be improved.
  • instagram_content_publish — allows Awriri to publish photos, videos, and captions to your Instagram Business account on your behalf. We use this only when you create a post inside Awriri and explicitly schedule or publish it.
  • instagram_manage_comments — allows Awriri to read comments on your Instagram posts and reply to them on your behalf. We use this so you can moderate and respond to patient comments from inside Awriri without switching to the Instagram app.
  • instagram_manage_insights — allows Awriri to read post-level and account-level analytics for your Instagram Business account, including impressions, reach, profile views, follower demographics, and engagement metrics. We use this to power the analytics dashboard and to compute the social media component of your digital presence score.
  • instagram_manage_messages — allows Awriri to read and send direct messages from your Instagram Business inbox. We use this so you can review and respond to patient enquiries from inside Awriri.

2.3.2 Facebook Page permissions

  • pages_show_list — gives Awriri access to the list of Facebook Pages you manage. We use this to let you choose which Page to connect to Awriri.
  • pages_read_engagement — allows Awriri to read content posted on your Page, including posts and engagement metrics. We use this to display your Page activity in your Awriri dashboard.
  • pages_read_user_content — allows Awriri to read user-generated content on your Page, such as comments and posts left by patients. We use this so you can review patient feedback inside Awriri.
  • pages_manage_posts — allows Awriri to create, edit, and delete posts on your Page on your behalf. We use this only when you create or schedule a post inside Awriri.
  • pages_manage_engagement — allows Awriri to publish comments and replies on your Page on your behalf. We use this so you can respond to patient comments from inside Awriri.
  • read_insights — allows Awriri to read Page insight metrics including impressions, reach, and follower growth. We use this to power your analytics dashboard and to compute the social media component of your digital presence score.

2.3.3 Messenger permission

  • pages_messaging — allows Awriri to send and receive Messenger messages on behalf of your connected Facebook Page. We use this so you can review and reply to patient enquiries received via Messenger from inside Awriri.

2.3.4 Additional feature

  • Business Asset User Profile Access — allows Awriri to read basic profile fields (name, profile picture, identifier) for users who engage with your Page or Instagram account, so we can use them to generate AI Recommendations in order to improve the page.

We only request and collect the permissions listed above. We do not request any permission that grants access to data unrelated to your professional Page or Instagram Business account. You can revoke any of these permissions at any time through your Facebook or Instagram account settings, or by disconnecting your account from inside Awriri.

3. Lawful Basis for Processing

We process your personal data under the following lawful bases:

3.1 Legitimate Interest (KSA) and Public Data Exemption (UAE)

For the initial collection of your professional data from public sources, we rely on our legitimate commercial interest in creating a comprehensive directory of healthcare professionals (under KSA PDPL) and the exemption for processing data made publicly available by the data subject (under UAE PDPL). We have conducted a Legitimate Interest Assessment to ensure this does not override your fundamental rights.

3.2 Consent

When you claim your profile, register an account, connect your Facebook or Instagram account, or opt-in to marketing communications, we process your data based on your explicit, unambiguous consent. For Meta platform data specifically, your consent is captured through the official OAuth permission screen presented to you by Meta when you connect your account.

3.3 Contractual Necessity

We process your billing and account data to fulfill our contractual obligations to you under our Terms and Conditions.

4. How We Use Your Data

We use your data to:

  • Create and display your professional Awriri profile
  • Compute and display your digital presence score across web, social, and directory channels
  • Provide analytics regarding your digital discoverability and patient reviews
  • Verify your identity as a licensed healthcare professional
  • Process subscription payments
  • Communicate with you regarding platform updates, security alerts, and (with your consent) marketing offers

We use the data collected from your Facebook Page and Instagram Business account exclusively for the purposes set out in Section 2.3 above — namely: showing your connected accounts in your dashboard, displaying your posts and engagement metrics, allowing you to publish and schedule new content, allowing you to read and reply to comments and direct messages from inside Awriri, and computing the social media component of your digital presence score.

We do not sell your Meta platform data, use it for advertising or audience targeting, share it with data brokers, or use it to build profiles of any individual other than the doctor who owns the connected account.

4.1 Sub-Processors

To deliver our services, we share data with vetted third-party processors who act on our behalf under written data processing agreements:

  • Amazon Web Services (AWS) — hosting, storage, and content delivery for images and videos you upload for publishing
  • Payment processors — for subscription billing
  • Identity verification partners — for professional license validation

These processors are contractually bound to process data only as instructed by Awriri and to maintain confidentiality and security safeguards equivalent to our own. Awriri integrates directly with the Meta Graph API and does not share your Meta platform data with any party other than the processors listed above.

5. Data Storage and Cross-Border Transfers

5.1 Global Cloud Infrastructure

Aafyah is based in the UAE. To provide our services reliably and securely, we utilize global cloud infrastructure, primarily Amazon Web Services (AWS). Your data may be transferred to, stored, and processed on servers located in the UAE, the European Union, or other AWS regions globally.

5.2 Transfer Safeguards

When transferring data outside of the Kingdom of Saudi Arabia or the UAE, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs), to ensure your data receives an adequate level of protection. We utilize industry-standard security measures, including AES-256 encryption at rest and TLS 1.3 encryption in transit. Meta access tokens are stored encrypted at rest and are accessible only to the Awriri backend services that need them to fulfil your requests.

5.3 Data Retention

We retain your personal data for as long as your Awriri account is active.

For data collected from your connected Facebook Page or Instagram Business account, our retention works as follows:

  • Profile information (name, avatar, follower counts) is refreshed from Meta on demand and is not retained long-term.
  • Engagement and insights metrics (impressions, reach, likes, comments, follower growth) are stored as snapshots so we can display historical trends inside your analytics dashboard.
  • Posts you publish through Awriri are stored together with their published content and engagement metrics for the lifetime of your account.
  • Comments and messages you read or send through Awriri are retained only for as long as needed to display them in your inbox view; we do not build a long-term archive of patient conversations.

When you disconnect a Facebook or Instagram account from Awriri, we delete all locally cached metrics, comments, and messages for that account within thirty (30) days. When you close your Awriri account, all Meta-derived data is deleted within thirty (30) days, except where retention is required to comply with legal obligations.

6. Your Data Subject Rights

Under the KSA PDPL and UAE PDPL, you possess the following rights regarding your personal data:

  • Right to be Informed: To know how we collect and use your data (as explained in this policy).
  • Right of Access: To request a copy of the personal data we hold about you, including data collected from your Facebook and Instagram accounts.
  • Right to Rectification: To request correction of inaccurate or incomplete data.
  • Right to Destruction/Erasure: To request the permanent deletion of your profile and associated data from our active servers.
  • Right to Withdraw Consent: To withdraw your consent for processing or marketing at any time, including disconnecting your Facebook or Instagram account at any moment.

7. How to Exercise Your Rights (Including Profile Deletion)

You may exercise your rights, including the right to delete your profile, by:

  • Logging into your Awriri dashboard and navigating to the “Privacy Settings” or “Delete Account” section.
  • Emailing our Data Protection Officer at privacy@awriri.com.

Upon receiving a verified deletion request, we will securely destroy your records within thirty (30) days, retaining only a minimal cryptographic hash to prevent the automated re-creation of your profile from public sources.

7.1 Deleting Your Meta Platform Data

You can delete the Facebook and Instagram data Awriri has collected in any of the following ways:

Option A — Disconnect within Awriri (recommended):

Log in to Awriri → Settings → Connected Accounts → click “Disconnect” next to Facebook or Instagram. This action:

  • Revokes Awriri’s stored access token for that account
  • Deletes all locally cached metrics, comments, and messages for that account within thirty (30) days
  • Stops any further data collection from that account

Option B — Revoke access through Meta:

Visit your Facebook or Instagram account settings → Settings & Privacy → Apps and Websites → find “Awriri” → click “Remove”. Meta will notify Awriri of the revocation, and we will delete the associated locally cached data within thirty (30) days.

Option C — Email request:

If you cannot access your Awriri or Meta account, email privacy@awriri.com with the subject line “Meta Data Deletion Request” and the Facebook or Instagram username connected to your Awriri account. We will confirm deletion within thirty (30) days.

8. Changes to this Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements or our operational practices. We will notify registered users of significant changes via email or prominent notice on the Platform.

9. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact our Data Protection Officer at:

Aafyah Innovations FZ-LLC

Compass Building - Al Hulaila, Industrial Zone-FZ

Ras Al Khaimah, United Arab Emirates

Email: privacy@awriri.com