Legal

Privacy Policy

Mahprotocol

Draft notice. This Privacy Policy is a working draft for review. It must be reviewed by a qualified Pakistani lawyer before launch — particularly the handling of CNIC and verification documents and any future payment processing. It is not legal advice and makes no guarantee of compliance with any specific law or certification.

This policy explains what information Mahprotocol collects, why we collect it, how we use and protect it, and the choices you have. By using Mahprotocol you agree to the practices described here.

1. Information we collect

Depending on how you use Mahprotocol, we may collect:

Account information — your name, email address, phone number, role (client, architect, builder, or vendor), and password credentials.
Verification documents — for professionals and vendors, identity and licence documents such as CNIC, PEC or PCATP registration, and supporting credentials. These are sensitive and handled with extra care (see section 4).
Profile & portfolio content — bios, cities, skills, experience, education, and portfolio images you choose to add.
Project details — project category, description, budget, timeline, location (map pin and address), and any photos, videos, or documents you upload.
Messages & activity — messages you send to other members, bids and proposals, reviews, and in-app notifications.
Payment information (future phases) — if and when secure payments launch, we will collect the information needed to process them. This is not active today, and any such feature will be introduced only after the required legal and regulatory review.
Technical data — basic information your browser sends (such as device and log data) needed to operate and secure the service.

2. How we use your information

To create and manage your account and verify professionals and vendors.
To match clients with relevant professionals and enable bidding, messaging, and reviews.
To display verified badges, profiles, and portfolios across the platform.
To operate project posting, milestone tracking, and notifications.
To keep the platform secure, prevent fraud, and resolve disputes.
To improve our service and communicate important updates to you.

3. How verification documents are stored and who can access them

Verification documents (such as CNIC and licence files) are treated as sensitive. They are stored in private storage that is not publicly accessible. Access is restricted to Mahprotocol verification administrators for the purpose of reviewing and approving an application. We do not display your CNIC number or ID documents on your public profile, and we do not sell them. After review, what other members see is only your verification status (for example, a verified badge) — not the underlying documents.

4. How we share information

We do not sell your personal information. We share it only:

With other members as needed for the service to work (for example, your public profile, or your contact details revealed to a client after you are hired).
With service providers who help us operate the platform (such as hosting and database providers), under appropriate confidentiality.
Where required by law, or to protect the rights, safety, and security of our members and the platform.

5. Your rights and choices

You can access and update most of your account and profile information at any time.
You can request that we correct or delete your information, subject to legal and operational limits (for example, records we must retain).
You can stop using the service and request account closure by contacting us.

To exercise any of these, contact us using the details below.

6. Cookies

We use essential cookies and similar technologies to keep you signed in, remember your preferences, and keep the platform secure. Disabling essential cookies may stop parts of the service from working. We will update this section if we introduce non-essential or analytics cookies.

7. Data retention

We keep your information for as long as your account is active or as needed to provide the service, resolve disputes, and meet legal obligations. When information is no longer needed, we take reasonable steps to remove or anonymise it.

8. Children

Mahprotocol is intended for adults. It is not directed at children, and we do not knowingly collect their information.

9. Changes to this policy

We may update this policy as the platform evolves — for example, when the vendor marketplace or secure payments launch. We will post the updated version here with a new effective date.

10. Contact us

Questions about this policy or your information? Email us at muhammadtajammal.tm@gmail.com.

Registered address: [ Placeholder — registered business address to be added ]