Privacy Policy

Effective Date: 2 May 2026 Last Updated: 2 May 2026

This Privacy Policy explains how DAMMA ("we", "us", "our") collects, uses, shares, and protects the personal information of customers and visitors of damma.me (the "Site") and any related services we provide. By using the Site, you agree to the practices described in this Policy.

DAMMA is operated from Lebanon. If you do not agree with any part of this Policy, please do not use the Site.

1. Information We Collect

We collect only the information we need to operate our store, fulfil your orders, and communicate with you.

1.1 Information you provide directly

• Account details: when you create an account, we collect your name, email address, and a password (which we never store in plain text — passwords are hashed using bcrypt).
• Order details: when you place an order, we collect your shipping address, contact phone number, and the contents of your order.
• Customer communications: when you contact us by email or through the Site, we collect the contents of your message and any contact details you share with us.

1.2 Information collected automatically

When you visit the Site, we automatically collect limited technical data, including:

• IP address (used for fraud prevention, rate-limiting, and security logs)
• Browser type, language, and device information
• Pages visited, time of visit, and referring URL
• Cookies and similar technologies (see Section 4)

1.3 Information we do not collect

• We do not collect or store payment card details. All orders on the Site are currently fulfilled on a Cash-on-Delivery (COD) basis. Payment is handled in person between you and the courier at the time of delivery.
• We do not knowingly collect any information from children under the age of 16.

2. How We Use Your Information

We use your information to:

• Process and deliver your orders
• Provide customer support and respond to your inquiries
• Send transactional emails (order confirmations, shipping updates)
• Maintain the security of your account and our Site
• Detect and prevent fraud or abuse
• Improve our products, content, and the Site itself
• Comply with legal obligations under Lebanese law

We do not sell or rent your personal information to third parties for marketing purposes.

3. Legal Basis for Processing

We process your personal information on the following legal bases:

• Performance of a contract: when processing is necessary to fulfil an order you have placed.
• Legitimate interest: when processing is necessary to operate our business, secure our Site, and prevent abuse, in a way that does not override your rights.
• Consent: when you have given us specific permission, for example to receive marketing emails. You can withdraw consent at any time.
• Legal obligation: when we are required to retain or share information by law.

4. Cookies and Similar Technologies

We use a small number of cookies to make the Site work and to improve your experience:

• Strictly necessary cookies: required for core features such as logging in, keeping your cart, and maintaining language preference. The Site cannot function without these.
• Functional cookies: remember your locale and basic preferences.
• Analytics cookies (if enabled): help us understand how visitors use the Site so we can improve it. We use only privacy-respecting analytics that do not track you across other sites.

You can control cookies through your browser settings. Disabling strictly necessary cookies may break parts of the Site.

5. How We Share Your Information

We share your information only with the following categories of trusted partners, and only to the extent strictly needed:

• Hosting and infrastructure providers (e.g. Railway, Cloudflare): to operate our database, store images, and serve the Site.
• Email service providers (e.g. Resend): to send transactional emails such as order confirmations.
• Delivery couriers operating in Lebanon: to deliver your order to your shipping address. They receive your name, address, phone number, and order contents.
• Legal and regulatory authorities: if required by Lebanese law, court order, or to protect our legal rights.

We require all service providers to handle your information securely and only for the purposes we specify. We do not authorise them to use your data for their own marketing.

6. International Data Transfers

Some of our service providers operate servers outside Lebanon (for example, in Europe or the United States). When your information is transferred outside Lebanon, we take reasonable steps to ensure it is handled with the same level of care described in this Policy.

7. Data Retention

We keep your information for as long as your account is active and for as long as is reasonably necessary to:

• Fulfil the purposes described in this Policy
• Comply with our legal, accounting, or reporting obligations
• Resolve disputes and enforce our agreements

When we no longer need your information, we delete it or anonymise it. You may request the deletion of your account at any time (see Section 9).

8. Data Security

We use reasonable technical and organisational measures to protect your information, including:

• Encryption in transit (HTTPS/TLS for all traffic)
• Hashed passwords (bcrypt) — we never see or store your password
• Access controls limiting who within DAMMA can access customer data
• Regular review of our infrastructure and dependencies

No system is perfectly secure. If we ever experience a data breach that materially affects your information, we will notify you in line with our legal obligations.

9. Your Rights

You have the following rights with respect to the personal information we hold about you:

• Access: request a copy of the information we hold about you.
• Correction: ask us to correct information that is inaccurate or incomplete.
• Deletion: ask us to delete your account and associated personal information, subject to any legal obligations to retain certain records.
• Objection: object to specific uses of your information.
• Withdrawal of consent: where we rely on your consent, you may withdraw it at any time.

To exercise any of these rights, email us at support@damma.me. We will respond within a reasonable time and may need to verify your identity before acting on your request.

10. Children's Privacy

The Site is intended for adults. We do not knowingly collect information from children under 16. If you believe we have inadvertently collected information about a child, please contact us and we will delete it.

11. Third-Party Links

The Site may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before sharing information with them.

12. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, our services, or applicable law. When we make a material change, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or by a notice on the Site. Continued use of the Site after a change means you accept the updated Policy.

13. Governing Law

This Policy is governed by the laws of the Republic of Lebanon. Any disputes relating to this Policy will be subject to the exclusive jurisdiction of the competent courts of Beirut, Lebanon.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us at:

Email: support@damma.me Site: damma.me