Privacy Policy | BESTIMATE

BESTIMATE PRIVACY POLICY Last Updated: October 30, 2025 1. INTRODUCTION Bestimate ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect personal data through our websites and mobile applications (collectively, the "Platform"). We aim to comply with UAE Federal Decree-Law No. 45/2021 on Personal Data Protection (PDPL) and its implementing regulations. By using the Platform, you acknowledge and accept the terms of this Policy. 2. DATA CONTROLLER Bestimate Solutions L.L.C-FZ Meydan Free Zone, Dubai, United Arab Emirates Privacy Contact: privacy@bestimate.ae Data Protection Officer (DPO): If appointed, contact details will be provided upon request and updated here. 3. DATA WE COLLECT For Customers: • Name and mobile number (used for login and authentication) • Email address and physical address (optional) • General location information (e.g., community or area) • Service request history • In-app messages and attachments For Professionals (Pros): • Business license and professional certifications • Portfolio content (text, photos, and videos) • Customer reviews and ratings • Credit purchase and payment metadata • Verification documents (e.g., Emirates ID, trade license, professional certificates) and related metadata, including: o Name matching results o Document type and expiry information o Review timestamps and outcomes Technical Data: • Device information (type, operating system, app version, browser) • IP address and general geolocation • System logs and diagnostics • Analytics events and usage patterns • Cookies and similar tracking technologies (see Section 10) 4. PURPOSES AND LEGAL BASES We process personal data only where we have a lawful basis under the PDPL: Contract or Pre-Contract Performance: • Account creation and management • Matching service requests with professionals • Facilitating in-app chat and notifications • Processing credit purchases • Providing customer support Legitimate Interests: • Safety and fraud prevention, including detection of forged or altered documents • Service improvement and analytics • Security monitoring and incident response • Legal defense and protection of rights • Platform integrity and trust-building Note: You may object to processing based on legitimate interests (see Section 7). Legal Obligations: • Tax and accounting compliance • Responding to lawful requests from authorities • Compliance with consumer protection and safety regulations Consent: • Marketing communications (email, SMS, WhatsApp, push notifications) • Non-essential cookies and tracking technologies • Certain international data transfers where no other legal basis applies Note: You may withdraw consent at any time (see Sections 7 and 10). Verification Badges: We conduct basic consistency reviews of submitted documents. Limited metadata is retained to support verification badges and maintain platform integrity. 5. DATA SHARING Service Matching: When customers and professionals are matched, we share limited necessary information, including: • Names • Service request details • Community or area location • In-app messages and file attachments Service Providers: We engage vetted third-party processors under contract to support our operations: • Payment gateways and app store platforms • Identity and license verification tools • Cloud hosting, storage, and content delivery networks (CDN) • Customer support systems • Analytics and diagnostic services • Legal, compliance, and audit services Legal and Business Requirements: We may share data when necessary to: • Comply with legal obligations • Protect the rights, property, or safety of Bestimate, our users, or the public • Support a merger, acquisition, or asset transfer (with continued data protections) 6. SECURITY AND BREACH NOTIFICATION We implement appropriate technical and organizational security measures, including: • Encryption of data in transit • Access controls and multi-factor authentication (MFA) • Secure hosting infrastructure • Regular staff training on confidentiality and data protection Data Breach Response: If a breach occurs that is likely to result in a risk to individuals' privacy or security, we will: • Notify the UAE Data Office without undue delay • Inform affected users promptly • Describe what happened, the potential impacts, our response measures, and recommended steps for affected individuals 7. YOUR RIGHTS Subject to applicable law, you have the right to: • Access your personal data • Rectify inaccurate or incomplete information • Erase your data (right to be forgotten) • Restrict processing in certain circumstances • Data portability (receive your data in a structured format) • Object to processing, including direct marketing • Request human review of automated decisions (where applicable) How to Exercise Your Rights: Email us at privacy@bestimate.ae. We may need to verify your identity before processing your request. We aim to respond within one month. This period may be extended where permitted by law, and we will notify you of any extension. Right to Complain: You may also lodge a complaint with the UAE Data Office if you believe your rights have been violated. 8. DATA RETENTION We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy or to comply with legal obligations. After this period, data is securely deleted or irreversibly anonymized. Typical Retention Periods: • Account records: Active period plus 7 years • Transactions and billing records: 5 years • In-app communications: 3 years • Marketing preferences and logs: Until consent is withdrawn or account is closed Verification Documents (Professionals): • Used solely for verification and safety purposes • Access is strictly minimized to authorized personnel • Original images are deleted within 90 days after review completion • Limited metadata is retained for up to 5 years for platform integrity, fraud prevention, and regulatory compliance 9. INTERNATIONAL DATA TRANSFERS When personal data is processed outside the UAE (e.g., for analytics, messaging services, or specialist support), we ensure appropriate safeguards are in place through one or more of the following mechanisms: • Adequacy decisions by UAE authorities • Standard contractual clauses or equivalent safeguards • Your explicit consent All recipients are required to: • Maintain confidentiality and security standards equivalent to those in the UAE • Restrict onward transfers to parties with equivalent protections 10. COOKIES AND TRACKING TECHNOLOGIES We use cookies and similar technologies to enhance your experience on the Platform. Types of Cookies: Essential Cookies: Required for core functionality and security. These do not require consent. Analytics Cookies: Help us understand how users interact with the Platform (requires consent). Personalization Cookies: Remember your preferences and settings (requires consent). Marketing Cookies: Used to deliver relevant advertisements (requires consent). Managing Your Preferences: You can manage cookie preferences through: • Your browser settings • Our cookie banner and preference center (where available) You may withdraw consent at any time. Please note that some third-party cookies may involve international data transfers (see Section 9). 11. CHILDREN'S PRIVACY The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided personal data to us, please contact us immediately at privacy@bestimate.ae so we can remove the information. 12. COMMUNICATIONS Operational Messages: Certain communications are essential to the operation and security of your account, including: • One-time password (OTP) codes • Security alerts • Account and service notifications These messages are sent without requiring marketing consent and cannot be opted out of while you maintain an active account. Marketing Communications: Marketing messages are sent only with your prior consent. You can unsubscribe at any time through: • In-app notification settings • Email to privacy@bestimate.ae • Unsubscribe links in marketing emails 13. PAYMENT PROCESSING Payment transactions are processed by third-party payment gateways and app store platforms. Security Measures: • We do not store full credit card numbers (PAN) or card verification values (CVV) • We may retain tokenized or masked identifiers for reconciliation purposes • Transaction metadata is kept for fraud prevention and legal compliance • All payment processors maintain PCI-DSS (Payment Card Industry Data Security Standard) compliance and other required security standards 14. CHANGES TO THIS POLICY We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Notification of Changes: For material changes, we will: • Provide reasonable advance notice via the Platform • Update the "Last Updated" date at the top of this Policy • In some cases, request your renewed consent where required by law Continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Policy. 15. CONTACT US If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Email: privacy@bestimate.ae Postal Address: Bestimate Solutions L.L.C-FZ Meydan Free Zone Dubai, United Arab Emirates This Privacy Policy is designed to be transparent and compliant with UAE data protection laws. We are committed to protecting your privacy and handling your personal data responsibly.