Privacy Policy for A Ween Rayeh

Last Updated: December 2025

Introduction

A Ween Rayeh is a community-driven mobility application that helps users navigate road conditions and checkpoint status in Palestine. This Privacy Policy explains how we collect, use, store, and protect your information when you use our mobile application.

By using A Ween Rayeh, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Personal Information

There is no need to create an account to use our Service, but if you do, then we may collect:

Email address (optional, for account creation)
Display name (optional, chosen by you)
Phone number (optional, for account verification)

1.2 Location Data

Our app requires location permissions to provide core functionality:

Foreground Location:

Used when the app is active to:

Display nearby checkpoints on the map
Filter relevant checkpoint information based on your area
Show accurate route planning between cities

Background Location (Optional):

If you enable proximity notifications, we collect location data in the background to:

Send notifications when you approach checkpoints with outdated information
Alert you about nearby traffic conditions

You can disable background location at any time in your device settings

Location Analytics (Optional - See Section 1.2.1):

If you have not opted out, we collect anonymized location coordinates for traffic analysis purposes. This is separate from proximity notifications and can be disabled independently.

Important:

Core location features (showing nearby checkpoints) process location locally on your device
Proximity notifications only log checkpoint approach events, not continuous tracking
Location analytics (PostGIS) sends batched coordinates to our servers for traffic analysis (opt-out available)
We do not sell or share your precise location with third parties

1.2.1 Location Analytics (PostGIS) - Optional

We offer an optional location analytics feature that helps us analyze traffic patterns and improve route planning:

What we collect: When enabled, we collect anonymized location coordinates (latitude, longitude) along with context information (e.g., when you sort by distance, submit reports, or open the app)
How it works: Location data is batched and sent to our servers every 5 locations or every 30 seconds (whichever comes first)
Purpose: Traffic pattern analysis, route optimization, and service improvement
Privacy controls: This feature is opt-out by default, but you can disable it at any time in Settings → Notifications → Privacy & Data → "المساهمة في تحليل حركة المرور" (Contribute to Traffic Analysis)
Data storage: Location coordinates are stored in our PostGIS database (Supabase) with spatial indexing for traffic analysis
Data retention: Location analytics data is retained for 90 days, then automatically deleted
Anonymization: Location data is linked only to an anonymous device identifier, not to your account or personal information

1.3 Usage Data

We automatically collect:

Device information: Device type, operating system version, unique device identifier (for push notifications)
App usage: Features used, screens visited, time spent in app
Interaction data: Checkpoint reports submitted, favorite checkpoints saved
Error logs: Crash reports and error diagnostics (via Sentry)

1.4 User-Generated Content

When you submit checkpoint reports or community contributions:

Checkpoint status updates
Alternative route suggestions
Working hours information
General feedback and important updates

All user-generated content is moderated by AI and human reviewers before publication to ensure accuracy and prevent abuse.

2. How We Use Your Information

2.1 Service Provision

Provide real-time checkpoint status updates
Send personalized proximity notifications
Display nearby checkpoints based on your location
Enable route planning between cities
Store your favorite checkpoints for quick access

2.2 Content Moderation

We use a dual-layer moderation system:

AI Moderation: Automated analysis of user submissions for inappropriate content, spam, or fraudulent information
Human Review: Manual verification by our moderation team for flagged content

This ensures the quality and reliability of community-contributed information while protecting users from harmful or misleading data.

2.3 Analytics and Improvement

We use PostHog for product analytics to:

Understand which features are most useful
Identify and fix usability issues
Measure app performance and stability

You can opt out of analytics in Settings → Data & Privacy

2.4 Error Tracking

We use Sentry to monitor app stability:

Automatic crash reporting
Error diagnostics
Session replays (screenshots and interaction logs during crashes)

No personally identifiable information is included in error reports

2.5 Push Notifications

We use Firebase Cloud Messaging (FCM) to deliver:

Proximity alerts when near checkpoints
Daily summaries of checkpoint status (if enabled)
Urgent traffic alerts
Important app updates

3. Data Storage and Backend Infrastructure

3.1 Dual Backend Architecture

We use two backend systems to ensure reliability and prevent fraud:

1. Supabase (Primary Database):

Stores checkpoint data, user accounts, favorites, and notifications
Hosted in secure cloud infrastructure with encryption
Provides real-time data synchronization

2. MongoDB (Fraud Detection & Vote Validation):

Validates user votes and reports for authenticity
Detects suspicious patterns and fraudulent behavior
Prevents manipulation of checkpoint status

Why two backends? This architecture protects against bad actors attempting to manipulate checkpoint information while maintaining fast, reliable service.

3.2 Data Retention

Checkpoint data: Retained for 90 days, then automatically deleted
User accounts: Retained until you request deletion
Notification logs: Retained for 30 days for troubleshooting
Analytics data: Aggregated and anonymized, retained indefinitely for trend analysis
Error logs: Retained for 90 days
Location analytics (PostGIS): Retained for 90 days, then automatically deleted

4. Third-Party Services

We integrate the following third-party services:

Service	Purpose	Data Shared	Privacy Policy
Supabase	Database, authentication, real-time updates	Email, device ID, checkpoint interactions	Supabase Privacy
MongoDB	Fraud detection, vote validation	Anonymized device fingerprints, voting patterns	MongoDB Privacy
PostHog	Product analytics	Device type, app usage patterns, feature interactions	PostHog Privacy
Sentry	Error tracking, crash reporting	Device info, error logs, session replays	Sentry Privacy
Firebase (FCM)	Push notifications	Device push token, notification preferences	Google Privacy
Expo	App framework, push notification delivery	Device info, app version	Expo Privacy
PostGIS (via Supabase)	Location analytics, traffic pattern analysis	Anonymized location coordinates, device ID	Supabase Privacy

5. User-Generated Content and Moderation

5.1 Content Submission

When you submit checkpoint reports or feedback:

Your submission is marked as "pending" until reviewed
AI systems check for spam, profanity, and suspicious patterns
Human moderators verify accuracy and appropriateness
Approved content is published anonymously (no attribution to your account)

5.2 Reporting Inappropriate Content

Every checkpoint card includes a "Report Error" button. Use this to:

Report incorrect checkpoint status
Flag inappropriate user submissions
Suggest corrections to checkpoint information

All reports are reviewed by our moderation team within 24-48 hours.

5.3 Enforcement

Repeated violations of community guidelines may result in:

Content removal
Temporary submission restrictions
Account suspension (in severe cases)

6. Data Security

We implement industry-standard security measures:

Encryption in transit: All data transmitted between your device and our servers uses HTTPS/TLS
Encryption at rest: Database encryption for stored personal information
Access controls: Role-based access limits who can view sensitive data
Regular audits: Security assessments and vulnerability testing
Anonymous submissions: User-generated content is not linked to your account publicly

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Privacy Rights

7.1 Access and Control

You have the right to:

Access your data: Request a copy of personal information we store
Update your data: Modify your profile information in the app
Delete your data: Request complete account deletion (Settings → Account → Delete Account)
Opt out of analytics: Disable PostHog tracking in Settings → Data & Privacy
Opt out of location analytics: Disable PostGIS location tracking in Settings → Notifications → Privacy & Data → "المساهمة في تحليل حركة المرور"
Control notifications: Manage notification preferences in Settings → Notifications
Disable location: Turn off location services in your device settings

7.2 How to Exercise Your Rights

To access, modify, or delete your data:

In-app: Go to Settings → Account → Data & Privacy
Email us: musabnuirat@gmail.com
Visit: https://www.aweenrayeh.com/privacy

We will respond to requests within 30 days.

8. Children's Privacy

A Ween Rayeh is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will delete such information from our servers.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

Changes in our data practices
New features or services
Legal or regulatory requirements

We will notify you of significant changes via:

Email (if you have an account)
Prominent notice on our website

The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the app after changes constitutes acceptance of the updated policy.

10. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your data based on:

Consent: Location data, analytics, push notifications (you can withdraw consent at any time)
Contractual necessity: Providing core app functionality (checkpoint status, routing)
Legitimate interests: Fraud prevention, service improvement, content moderation

11. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including:

United States (Supabase, MongoDB, Sentry, Firebase)
European Union (Supabase regions)

We ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses) to protect your data during international transfers.

12. Contact Us

If you have questions about this Privacy Policy or our data practices:

Email: musabnuirat@gmail.com

Website: https://www.aweenrayeh.com

Privacy Page: https://www.aweenrayeh.com/privacy

13. Compliance and Transparency

We are committed to:

Google Play Developer Policies: Full compliance with UGC moderation requirements (Section 4.6)
GDPR: Respecting data subject rights for EEA users
CCPA: Honoring California consumer privacy rights (do-not-sell requests)
Transparency: Clear disclosure of all data collection, storage, and third-party services

This privacy policy is written in plain language to ensure you understand how your data is used. If anything is unclear, please contact us.

Thank you for using A Ween Rayeh!

Together, we're making travel safer and more informed for everyone in Palestine. 🇵🇸