Privacy Policy
Your data, your rights.

TharaTech LLC ("TharaTech", "we", "our", or "us") is a human-centered technology company incorporated in Ras Al Khaimah, United Arab Emirates (RAKEZ). We operate software products including MoneyDiary and ReefDiary and this website located at tharatech.io.

This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and what rights you have. It applies to all visitors, users, and prospective clients who interact with our website or services, regardless of where you are located.

We may collect the following categories of personal data when you visit our website or express interest in our products:

• Identity data: First name, last name, and business title if you contact us.
• Contact data: Email address, phone number, and mailing address if voluntarily provided.
• Usage data: IP address, browser type and version, pages visited, referral source, and timestamps collected automatically via server logs.
• Communication data: The content of messages you send us through our contact form or by email.
• Preference data: Theme (light / dark / logo mode) stored locally in your browser not transmitted to our servers.

We do notcollect sensitive personal data (health, financial, biometric, or religious data) through this website. Sensitive data processed within our products (e.g., MoneyDiary) is governed by the respective product's privacy notice.

We use personal data only for the purposes for which it was collected:

• Responding to enquiries to communicate with you when you reach out via our contact form or email.
• Operating our website to ensure the tharatech.io site is served correctly and securely.
• Analytics to understand how visitors use our website so we can improve it (privacy-preserving, no cross-site tracking).
• Compliance to meet our legal obligations under applicable privacy laws.
• Security to detect, investigate, and prevent fraudulent or malicious activity.

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on the following legal bases under the General Data Protection Regulation (GDPR / UK GDPR):

• Legitimate interests (Art. 6(1)(f) GDPR): to operate and improve our website, respond to enquiries, and prevent fraud balanced against your rights.
• Consent (Art. 6(1)(a) GDPR): where you have actively provided information via a form or opted into communications.
• Legal obligation (Art. 6(1)(c) GDPR): where processing is required by law (e.g., record-keeping obligations).

You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. Contact us at the address below.

We never sell your personal data. We may share data in the following limited circumstances:

• Service providers: Third-party vendors who assist us in operating our website or services (hosting, email, analytics) under contractual data processing agreements.
• Legal requirements: Disclosure required by UAE law, EU law, or the law of any jurisdiction in which we operate or to protect the vital interests of a person.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred with appropriate safeguards and notification.

Any third party we share data with is required to handle it securely and only for the specific purpose agreed.

We retain personal data only for as long as necessary to fulfil the purposes outlined in this policy:

• Contact enquiries: Up to 24 months from our last correspondence, then securely deleted.
• Server logs (IP/usage): Up to 90 days for security and operational purposes.
• Legal obligations: Where required by law, data may be retained for up to 7 years (UAE Commercial Companies Law requirement).

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.

Depending on your jurisdiction, you have some or all of the following rights regarding your personal data:

To exercise any right, email us at privacy@tharatech.io. We will respond within 30 days (GDPR) or 45 days (CCPA). We will not discriminate against you for exercising your rights.

TharaTech LLC is incorporated in Ras Al Khaimah, UAE (RAKEZ). Our processing of personal data is governed by Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL) and its Executive Regulations.

• We process personal data only with a lawful basis: consent, contract performance, legitimate interest, legal obligation, or vital interests.
• We do not transfer personal data outside the UAE without adequate safeguards (e.g., adequacy decision, standard contractual clauses, or explicit consent).
• Individuals in the UAE have rights of access, correction, deletion, and objection to processing.
• Data breaches that pose a risk to data subjects are reported to the UAE Data Office within 72 hours of discovery.

If you are a resident of California, Colorado, Virginia, Texas, or another US state with a comprehensive privacy law, you have additional rights:

• California (CCPA / CPRA): Right to know, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information. California residents may also designate an authorised agent. To exercise rights, submit a verifiable request to privacy@tharatech.io.
• Colorado (CPA), Virginia (VCDPA), Connecticut (CTDPA), Texas (TDPSA): Right to access, correct, delete, portability, and opt out of targeted advertising. We do not engage in targeted advertising or processing for profiling purposes that produce legal effects.
• All US residents: We will not discriminate against you for exercising any privacy right. Requests will be fulfilled within 45 days, with a possible 45-day extension.

This website uses only essential cookies required for its operation (e.g., theme preference stored in localStorage). We do not set third-party advertising cookies or cross-site tracking cookies.

• Strictly necessary: Theme preference stored locally in your browser, never transmitted to us.
• Analytics (if applicable): Privacy-preserving, aggregated analytics that do not identify individual users. No cross-site tracking is performed.

You can control cookies through your browser settings. Disabling cookies will not impair your ability to use this website. Cookie preferences are also managed via the consent banner shown on your first visit.

Our website and services are not directed to children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@tharatech.io and we will delete it promptly.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

• TLS/HTTPS encryption for all data in transit.
• Access controls limiting data to authorised personnel only.
• Regular security reviews and vulnerability assessments.

No method of internet transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you and the relevant supervisory authority as required by law.

TharaTech is based in Ras Al Khaimah, UAE. When we transfer personal data across borders for example, to cloud infrastructure providers we ensure that adequate protections are in place:

• EU/EEA transfers: We rely on adequacy decisions, Standard Contractual Clauses (SCCs), or other lawful mechanisms approved under GDPR.
• UAE outbound transfers: We comply with UAE PDPL cross-border transfer requirements, including obtaining consent or relying on contractual safeguards.
• US transfers: Where applicable, we adhere to frameworks providing comparable data protection to US residents.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the Effective Date at the top of this page.

We encourage you to review this policy annually. Continued use of our website after a policy update constitutes acceptance of the revised terms.

If you have any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us: