Legal
Effective date: 29 June 2026 (draft)
This Privacy Policy explains how [LEGAL ENTITY NAME] (the data controller) processes personal data on the PearlEx platform, in accordance with the Personal Data Protection Law of the Kingdom of Bahrain (Law No. 30 of 2018) (the “PDPL”).
Draft — pending legal review
This document is a working draft prepared for product purposes. It has not yet been reviewed or approved by the owner's legal counsel and does not constitute legal advice. Items shown in square brackets are placeholders the operator must complete before publication.
Account data (name, email, phone, password hash); trip and order data (the demand you post, pools you join, offers, orders, and milestones); communications and support messages; and technical data (session identifiers, device and log data) needed to operate and secure the platform. We collect only what is necessary for the purposes below.
We process personal data to operate the exchange, create and manage your account, run the demand and escrow workflow, prevent fraud and abuse, comply with legal obligations, and improve the service. Our lawful bases under the PDPL are: performance of a contract with you, compliance with a legal obligation, our legitimate interests in operating and securing the platform, and your consent where required (for example optional communications).
Under the PDPL you may request access to your personal data, correction of inaccurate data, a portable export of your data, and erasure of your data where the law allows. These rights are built into the platform: you can export or request erasure of your account data from your account settings. You may also withdraw consent for optional processing at any time.
Where we rely on your consent (for example to receive trip updates), we record each consent and withdrawal — what you agreed to, the policy version, and when — in a consent ledger, so that the basis for processing is auditable and you can review or change it.
A traveller's identity is not exposed to competing agencies before an order is funded. We disclose identifying details to the winning agency only to the extent necessary to deliver the booked travel.
We share personal data only as needed to deliver the service: with the winning agency to fulfil your trip; with the independent CBB-licensed escrow provider to hold and release funds; and with service providers acting on our instructions under appropriate safeguards. We may disclose data where required by law. We do not sell personal data.
Personal data is hosted within the GCC region. Data is encrypted in transit and at rest, and sensitive fields are protected with additional field-level encryption. We keep personal data only for as long as necessary for the purposes above or as required by law, after which it is deleted or anonymised in line with our retention schedule.
Where any transfer outside the Kingdom of Bahrain is necessary, we carry it out in accordance with the PDPL and apply appropriate safeguards to protect your data.
The data controller is [LEGAL ENTITY NAME] (CR [CR NO.]), [REGISTERED ADDRESS]. For any privacy request or question, or to exercise your PDPL rights, contact [legal@…].
These terms are governed by the laws of the Kingdom of Bahrain, and the courts of the Kingdom of Bahrain have exclusive jurisdiction over any dispute arising from them.
For legal or privacy enquiries, contact [LEGAL ENTITY NAME] (CR [CR NO.]), [REGISTERED ADDRESS], at [legal@…].
Before publication, the following must be supplied and verified:
[LEGAL ENTITY NAME][CR NO.][REGISTERED ADDRESS][legal@…]