Legal

Privacy policy

This page explains, in plain language, what personal information we collect through the Asaish Erbil portal, why we collect it, and the rights you have over it.

Last updated: 15 June 2026

1. What information we collect

We collect only what is necessary to deliver a service:

  • Account data — name, phone number, email, preferred language.
  • Report data — the content of any report, tip, complaint, or application you submit, plus optional attachments.
  • Device data — IP address, browser, operating system, and approximate location (city level) for security and abuse prevention.
  • Precise location — only when you opt in (e.g. to tag the scene of an incident or share your live location with a dispatcher).

2. Why we collect it

  • To dispatch officers to the right place at the right time.
  • To investigate reports and follow up with you on cases.
  • To publish anonymous, aggregated safety statistics.
  • To protect the portal from abuse and fraud.
  • To meet legal record-keeping obligations.

3. Who we share it with

We do not sell or rent personal data. We share it only with:

  • Operational partners — fire service, ambulance, emergency shelters — where needed to deliver help.
  • Judicial authorities — when required by a lawful order.
  • Service providers — hosting, SMS gateway, push notification provider — bound by confidentiality agreements.

4. How long we keep it

  • Anonymous tips: 12 months after closure.
  • Reports and complaints: 7 years (legal retention).
  • Account profile: until you delete the account.
  • Device logs: 90 days.
  • Precise location: deleted as soon as the related case is closed.

5. Your rights

You have the right to:

  • Ask what data we hold about you.
  • Correct inaccurate or out-of-date information.
  • Delete your account and personal profile (case records may be retained where the law requires it).
  • Withdraw consent for optional features (e.g. push, location).
  • Lodge a complaint with our oversight panel.

6. How we protect your data

Data is encrypted in transit (TLS 1.3) and at rest. Sensitive attachments are stored with per-record encryption keys. Access to case data is logged and reviewed; staff must complete annual data protection training and use multi-factor authentication.

7. Cookies

We use a small number of strictly necessary cookies (session, CSRF protection, language preference) and aggregated analytics. We do not use advertising cookies. You can clear cookies at any time through your browser settings.

8. Children

The portal is intended for users aged 13 and over. Reports about or on behalf of children are accepted from any adult. We do not knowingly create accounts for children under 13 without parental involvement.

9. Changes to this policy

We will post material changes on this page at least 14 days before they take effect, and notify account holders by in-app message.

10. Contact our Data Protection Officer

Email dpo@asaish.krd or use the contact form. We aim to respond within 20 working days.