Privacy Policy

Last updated: April 2026

Important: TijarahOnline is a platform that enables merchants to create and operate their own online stores. Each merchant (tenant) is an independent business. TijarahOnline does not control, endorse, or take responsibility for any merchant's products, services, pricing, or conduct. Any transaction you make is directly with the merchant, not with TijarahOnline.

1. What Data We Collect

For Customers (shoppers):

Name, email, phone number, and shipping address (provided at checkout)
Order history and payment method selected (COD, JazzCash, EasyPaisa, Bank Transfer)
Payment receipt images (for bank transfer orders)
Account credentials if you create an account

For Merchants (store owners):

Business name, email, phone number
Store branding assets (logo, banner images)
Product catalog data, order records, customer lists
Payment gateway credentials (encrypted with AES-256, never stored in plain text)
Bank account details (for bank transfer payment method)

We do NOT collect: Credit/debit card numbers, CNIC numbers, or biometric data. Payment card processing is handled entirely by JazzCash/EasyPaisa — we never see or store card details.

2. Why We Collect It

To process and deliver orders
To send order confirmations, shipping updates, and receipt notifications
To enable merchants to manage their stores, customers, and analytics
To provide customer support and resolve disputes
To improve the platform and fix bugs

We do not sell, rent, or share your personal data with advertisers or third parties for marketing purposes.

3. Who Can See Your Data

The merchant whose store you ordered from can see your name, email, phone, address, and order history for that store only
TijarahOnline (platform team) can access data for technical support, debugging, and security — but we do not browse merchant data without reason
No third parties receive your data unless required by law

Each merchant's data is isolated in its own database schema. Merchant A cannot see Merchant B's customers or orders.

4. Cookies

We use essential cookies for authentication (keeping you logged in) and session management. We do not use third-party tracking cookies, advertising cookies, or analytics cookies from Google/Facebook.

5. Data Security

All data encrypted in transit (TLS/SSL on every connection)
Sensitive credentials (payment keys, passwords) encrypted at rest with AES-256
Passwords hashed with BCrypt (work factor 12) — we cannot read your password
Tenant database isolation — each store's data lives in a separate PostgreSQL schema
JWT authentication with RS256 asymmetric signing

6. Your Rights

Access: You can request a copy of your data by emailing support@tijarahonline.com
Deletion: You can request that your account and personal data be deleted
Unsubscribe: Every marketing email includes a one-click unsubscribe link
Export: Merchants can export their customer lists, products, and orders as CSV at any time

7. Data Retention

We retain order data for as long as the merchant's store is active. If a merchant cancels their account, their data is retained for 30 days (in case they change their mind), then permanently deleted.

8. Contact

For any privacy-related questions or data requests, contact us at support@tijarahonline.com.

This policy may be updated from time to time. Significant changes will be communicated via email to registered merchants and customers.