Privacy Policy

Moqa (“we,” “us,” or “our”) operates a curated restaurant, bar and cafe discovery platform accessible via our website at moqa.ae and our mobile application (collectively, the “Platform”). We are committed to protecting the privacy and personal data of our users (“you” or “your”) in accordance with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021, “PDPL”) and its executive regulations.

This Privacy Policy explains how we collect, use, store, share and protect your personal data when you access or use the Platform. By using Moqa, you acknowledge that you have read and understood this Privacy Policy.

We collect and process the following categories of personal data, limited to what is necessary for providing and improving our services.

We process your personal data only for specified, legitimate purposes. These include:

• To create and manage your account (legal basis: contractual necessity).
• To provide personalised venue discovery and recommendations (legal basis: contractual necessity; your consent where applicable).
• To display nearby venues, events and activations based on your location (legal basis: your explicit consent).
• To communicate service updates, new features, and relevant notifications (legal basis: legitimate interest; your consent for marketing).
• To analyse Platform usage trends and improve our services (legal basis: legitimate interest in product improvement).
• To detect, prevent and address fraud, security threats, or technical issues (legal basis: legitimate interest; legal obligation).
• To comply with applicable laws, regulations and legal processes (legal basis: legal obligation).
• To send marketing communications about Moqa, venue partners, or curated events (legal basis: your consent, opt-in only).

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on you without your explicit consent.

We do not sell your personal data. We may share your data with the following categories of recipients, solely for the purposes described in this Privacy Policy.

Your data is primarily stored and processed within the UAE. Where we transfer personal data outside the UAE (for example, to cloud infrastructure providers located in other jurisdictions), we ensure that appropriate safeguards are in place in accordance with the PDPL, including:

• Transfers to jurisdictions deemed by the UAE Data Office to provide an adequate level of data protection.
• Standard contractual clauses or binding corporate rules that impose UAE-equivalent protections on the receiving party.
• Your explicit consent, where applicable, after being informed of the potential risks of the transfer.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our general retention practices are as follows:

• Account data is retained for the duration of your active account. If you delete your account, we will erase or anonymise your personal data within 30 days, unless retention is required by law.
• Usage and analytics data is retained in aggregated or anonymised form and may be kept indefinitely for product improvement purposes.
• Marketing consent records are retained for as long as the consent is active, plus a reasonable period thereafter to demonstrate compliance.
• Legal and regulatory records are retained for the period required by applicable UAE law.

When personal data is no longer required, it is securely deleted or irreversibly anonymised.

Under the UAE Personal Data Protection Law, you have the following rights in respect of your personal data:

• Right of access: you may request confirmation of whether we hold personal data about you and obtain a copy of that data.
• Right to rectification: you may request correction of any inaccurate or incomplete personal data we hold about you.
• Right to erasure: you may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, or where you withdraw your consent.
• Right to restrict processing: you may request that we limit how we process your personal data in certain circumstances.
• Right to data portability: you may request to receive your personal data in a structured, commonly used and machine-readable format.
• Right to object: you may object to the processing of your personal data where we rely on legitimate interest as the legal basis.
• Right to withdraw consent: where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

We use cookies and similar technologies to enhance your experience on the Platform. These include strictly necessary cookies required for basic Platform functionality such as authentication and navigation; functional cookies that remember your preferences and settings; analytics cookies that help us understand how users interact with the Platform so we can improve the experience; and marketing cookies used to deliver relevant promotional content and measure campaign effectiveness, which are only placed with your consent.

You can manage your cookie preferences through your browser settings or through the cookie consent banner presented when you first visit the Platform. Disabling certain cookies may affect the functionality of the Platform.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest.
• Access controls limiting data access to authorised personnel on a need-to-know basis.
• Regular security assessments and vulnerability testing.
• Secure cloud infrastructure with industry-standard certifications.
• Incident response procedures to detect, investigate, and report data breaches in accordance with the PDPL.

While we take reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We encourage you to use strong, unique passwords and to keep your account credentials confidential.

Moqa is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take prompt steps to delete that data. If you believe a child has provided us with personal data, please contact us at privacy@moqa.ae.

The Platform may contain links to third-party websites, applications, or services, including venue websites, reservation platforms, and social media pages. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal data.

We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform, or applicable law. When we make material changes, we will notify you by updating the “Last Updated” date at the top of this Policy and, where appropriate, by providing a prominent notice on the Platform or sending you a direct notification. Your continued use of the Platform after any changes constitutes your acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us: