Last updated: March 2026
At Ala-Hasba, we are committed to protecting your privacy and securing your data. This policy explains how we collect, use, and protect your information when you use our platform.
When you create an account, we collect your full name, email address, and password (encrypted). This information is necessary to create and secure your account.
While using the platform, we store the business data you enter, including transactions, invoices, products, and financial reports. This data belongs to you and remains under your full control.
We also collect usage analytics such as pages visited, session duration, device type, and browser, in order to improve user experience and platform performance.
We use your personal data to provide and operate the platform's services, including accounting, invoicing, inventory management, payroll, and financial reporting.
We use usage data to improve platform features, performance, and user experience. We never sell your personal data to any third party.
We may send you service-related emails such as account verification, password resets, team invitations, and important platform updates.
All your data is stored in a Supabase PostgreSQL database hosted in the European Union (Frankfurt, Germany). Data is encrypted at rest and in transit.
We use HTTPS for all communications. Passwords are hashed using bcrypt and cannot be accessed by anyone - including our team - in their original form.
We implement CSRF protection, rate limiting, and Content Security Policy (CSP) headers to protect your account from common attack vectors.
Auth.js - used for authentication and session management. Supports email/password and Google sign-in.
Resend - used to send service-related emails such as email verification and team invitations.
Vercel - hosts the platform and provides a content delivery network (CDN). Servers are located in the Frankfurt (EU) region.
Google Analytics (GA4) - used to understand how visitors use the website. You can disable analytics cookies in your browser settings.
You can access and export all your data at any time via Settings > Danger Zone > Export Data. A JSON file containing all your records will be downloaded.
You can delete your account and all associated data via Settings > Danger Zone > Delete Account. This action is permanent and cannot be undone.
If you wish to correct any personal information, you can edit it directly from the Settings > Account page, or contact us via email.
Session cookies - essential for the platform to function. Used to keep you signed in and secure your session. These cannot be disabled.
Analytics cookies - used by Google Analytics (GA4) to collect anonymous usage data. You can disable these in your browser settings without affecting platform functionality.
If you have any questions about this Privacy Policy or how we handle your data, please contact us: