Privacy Policy
Alzayani Guard · Last updated: 4 June 2026
Controller: Alzayani Security W.L.L, P.O. Box 23933, Manama, Kingdom of Bahrain. Contact / Data Protection Officer: privacy@marqab.app.
1. Scope
2. What we collect
Identity & employment (guards): full name, CPR number (national ID), phone number, staff number, role, employment type/start date, and employment-contract documents.
Location: GPS coordinates captured at shift check-in to confirm presence at the assigned site, and periodic location “beacons” while on an active shift (for live supervision and SOS response).
Photos & images: check-in photos (anti-fraud presence, uniform, and identity verification), enrolled reference photos, ID documents, profile photos, and photos attached to incident/hazard reports.
Audio: short voice notes sent to other guards on duty at your site.
Health-related data: sick-leave / medical certificates you upload and pre-shift fitness attestations.
Device & usage data: device push token, network state, and — only with your consent (see §6) — app-usage statistics during a shift.
3. Device permissions
- Camera — take the check-in photo and capture incident/hazard photos.
- Location — verify presence at the site at check-in; live supervision and SOS while on shift.
- Microphone — record voice notes to teammates on site.
- Photo library — attach existing photos to incident reports / HR uploads.
- App-usage access — activity/liveness signal during a shift; see §6.
- Phone — place emergency/SOS calls.
4. How we use your data
5. Automated analysis (AI)
Some features use AI (Anthropic Claude) to assist staff: check-in photo verification analyses your check-in photo for person-present, in-uniform, and identity vs your reference photo; text features summarise incidents, generate the daily operations brief and compliance narratives, assess coverage risk, and power an internal staff assistant.
Identity matching is a review aid, not a sole automated decision — a human operator reviews flagged results. We do not make decisions producing legal or similarly significant effects about you based solely on automated processing without human review.
6. Monitoring & personal devices
7. Who we share it with
- Alzayani operations staff — on a role-restricted basis.
- Client organisations — limited, per-site read access to coverage at their own sites only, via the Client Portal.
- Service providers (data processors): Supabase (database, file storage, authentication), Vercel (hosting), Anthropic (AI analysis of photos and text), Resend (email delivery of compliance reports), Google Firebase (push notifications). We do not sell your personal data.
8. International transfers
9. How long we keep it
- Check-in photo images: 7 days, then automatically deleted (the verification result is kept as an audit record).
- Voice notes: about 1 hour, then automatically deleted.
- Location beacons / live activity events: short-lived (rolling purge).
- Check-in records & attendance: 24 months.
- Incident & hazard records: 7 years.
- Identity/employment records, ID & contract documents: duration of employment + 24 months.
- Health / sick-leave certificates: duration of employment + 12 months.