TariqTARIQ

Privacy Policy

Last updated: 24 May 2026

1. Who we are

Tariq is a road-safety messaging app operated by Antifragile Technologies L.L.C-FZ ("Tariq", "we", "us"), a UAE free-zone company. We make the mobile app, run the infrastructure behind it, and are the data controller for everything described in this Policy.

Contact for privacy matters: privacy@mytariq.com. We answer within 30 days, usually a lot sooner.

2. What this Policy covers

This Policy covers the data Tariq collects when you install and use the Tariq mobile app, when you visit mytariq.com, and when you write to us. It explains in plain language what we collect, what we don't, what we do with it, where it lives, who we share it with, and how to delete it.

3. How Tariq works in practice

Tariq exists so a driver who saw something useful — your headlights are off, your trunk is open, you blocked someone in — can tell the owner of the car they noticed, without exchanging phone numbers or publishing anything in public. The flow:

  1. You download the app. There is nothing to subscribe to, nothing to pay for, and no phone-number entry is required to start using Tariq.
  2. You take two photos of your own car — one of the front (with the driver door open, as proof you have the car in front of you), one of the rear. Tariq reads the plate, the make, the model, and the colour from those photos.
  3. That car now has a private inbox in Tariq, which only you can see.
  4. Out on the road, anyone with Tariq can record a short voice note about something they noticed on a car. The note is transcribed and converted into a polite text message; it is routed only to the inbox of the car they messaged.
  5. If that car is yours, you see the message and may reply with one of four emoji (👍 ❤️ ✅ 🙏). No back-and-forth chat is possible.
  6. If you think the message is wrong about your car, one tap opens a dispute form. A human reviews it.

You can add an email address in Settings if you want a fast way to recover your cars on a new phone (we verify it once with a 4-digit code we email to you). You can also add a phone number in Settings, but we do not verify it and we never send it any SMS — it exists purely as a contact reference for support, and possibly for a future opt-in WhatsApp channel. Both are optional, never required, and we never display either to any other user.

4. What we collect

  • Photos of your car — the front and rear shots you take when adding a car. We use them to read your plate and confirm the make/model/colour, and we store them so the car's profile has a thumbnail.
  • Voice notes you record — the raw audio of a message you send. We use it to transcribe what you said, identify the plate you referenced, and produce the polite text version that gets delivered. The raw audio is deleted from our servers after the pipeline completes (typically within minutes).
  • Transcript & structured fields — the cleaned text of your message, the plate it's addressed to, the rough location where you recorded it, and the timestamp. This is the message that actually gets delivered and stored.
  • Approximate location — the GPS coordinate captured when you record a message, with standard mobile-OS accuracy (typically a 5–50 metre radius). We attach it to the message so the receiving driver has context ("ah, that was on Sheikh Zayed Road near Mall of the Emirates"). We do not record continuous location.
  • Email, if you add one — an optional Settings field you may add for account recovery. We verify it once with a 4-digit code we email to you (the code also appears in the email subject line so you don't have to open the email). The verified email then lets you re-bind your cars to a new phone if you ever lose this one. If you skip the email entirely, Tariq still works — you would simply recover by re-photographing your car on the new phone (see section 3).
  • Phone, if you add one — also an optional Settings field. We do not verify it, we do not send it any SMS, and we do not allow sign-in through it. It exists purely so our support team can reach you in an unusual case, or — at some point in the future — so we can offer WhatsApp message delivery as an additional channel. If we ever introduce that, your phone is opted out by default and we will ask you again before sending anything to it.
  • Device identifiers — an install-id we generate on first launch (stored in your phone's secure keystore), your push-notification token, and standard diagnostic fields (OS version, app version, crash logs). These let us send you notifications and fix bugs.

5. What we do not collect

  • Payment information. Tariq is free and will never charge users.
  • Your contacts list, your photo library, or any files outside what you give Tariq directly.
  • Continuous or background location. We only read GPS at the moment you tap record.
  • Browsing history, advertising identifiers (IDFA / GAID), or any third-party analytics signals — we don't embed Google Analytics, Meta SDK, Mixpanel, Segment, or anything like them.
  • Microphone access outside of an explicit recording action.

6. What we do with it

  • Turn your voice note into a delivered text message, attached to the right car.
  • Send the receiving driver a push notification so they see it.
  • Hold messages addressed to unregistered cars, and deliver them later if the owner signs up.
  • Detect obvious abuse — bot patterns, prompt-injection attempts in transcripts, fabricated reports — and route suspicious activity to human review.
  • Improve the service. When we do, we use aggregate or de-identified data, not your individual messages.
  • Respond to your privacy requests (access, correction, deletion).

7. The geolocation question, answered specifically

Yes — we record the GPS coordinate at the moment you press record, and we attach it to the message so the receiving driver can place it. We do not record your location at any other time. We do not run a public map of who reported whom. We do not share coordinates with any party other than the single recipient car's owner, and only the rough area appears in the receiving message ("Sheikh Zayed Rd, near MoE"), not the precise coordinate.

8. Where your data lives

Tariq runs entirely on Amazon Web Services in the European Union (Italy, eu-south-1, Milan). Your photos, your message history, and your account data live there. Backups also stay in the EU. We do not transfer personal data to any country outside the European Union or the United Arab Emirates.

Cross-border transfer from the UAE to the EU is permitted under UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), Articles 22 and 23. The European Union provides protection equivalent to the UAE PDPL under the EU General Data Protection Regulation (GDPR). By creating a Tariq account, you also provide explicit consent to this transfer.

9. Who we share with

We do not sell, rent, or trade your data. We share data only with the following processors, each under a Data Processing Agreement:

  • Amazon Web Services — compute, storage, database, file storage, secrets management. All in eu-south-1.
  • Anthropic (Claude) — voice transcription cleanup and plate / hazard extraction. Audio is processed and not retained beyond the active request.
  • OpenAI (Whisper) — used as a fallback transcription engine when our primary engine cannot handle the audio. Same retention terms as above.
  • Apple (APNs) and Google (FCM) — push notification gateways. They receive device tokens only; the body of a notification is just "you have a new message", never the message content.
  • SendGrid — email delivery, including the 4-digit recovery OTP if you choose to add an email address in Settings, and replies to anything you write to us. Tariq does not use SMS for authentication, and does not rely on Firebase Phone Auth, Twilio, or any other SMS provider.
  • Cloudflare (DNS only) — manages the DNS records for mytariq.com. Cloudflare does not proxy user traffic, does not run Workers, and does not see the content of any request you make to Tariq.
  • Law enforcement — only when compelled by a valid legal request. See our Legal Requests page for the procedure and the categories of data we hold.

10. How long we keep it

  • Raw voice recordings: deleted after the transcription pipeline completes, usually within minutes of you sending the message.
  • Structured messages (transcript, plate, location, timestamp): kept for the lifetime of the involved accounts, then deleted within 30 days of either party closing their account.
  • Car photos: kept as long as the car exists in your account. Deleted within 30 days of you removing the car or closing your account.
  • Account data (install-id, optional phone/email, push token): kept while your account exists, deleted within 30 days of account closure.
  • Diagnostic logs: kept for up to 90 days, then automatically purged.
  • Moderation audit trail (records of admin actions and dispute outcomes): retained even after the originating account is closed, for the period required by applicable law. This is a minimal record and does not include message content.

11. Your rights

You have the right to:

  • Access the data we hold about you.
  • Correct anything inaccurate.
  • Delete your account and the associated data (Settings → Delete account, or by email).
  • Withdraw consent for cross-border processing (note: because our infrastructure is EU-based, this requires account closure).
  • Object to specific processing, or ask us to restrict it.
  • Receive a portable copy of your data in a machine-readable format.
  • Lodge a complaint with the UAE Data Office (PDPL) or the relevant EU supervisory authority (GDPR).

To exercise any of these rights, email privacy@mytariq.com. We respond within 30 days.

12. Security

We encrypt data in transit (TLS 1.2 or better) and at rest (AWS-managed AES-256). Production access is limited to a small number of engineers and audited. We log every administrative action against user data. We do not allow developer access to your messages in plain text outside of incident response, and any such access is recorded.

13. Children

Tariq is not directed at children under 18 and we do not knowingly collect data from them. If you believe a minor has created a Tariq account, write to privacy@mytariq.com and we will close it.

14. Changes to this Policy

We will post material changes here and notify active users via push or in-app notice at least 30 days before they take effect. The date at the top of this page always reflects the last update.

15. Contact

Tariq · Antifragile Technologies L.L.C-FZ · United Arab Emirates · privacy@mytariq.com

This document is currently a draft pending review by UAE counsel. If you spot an inaccuracy, write to legal@mytariq.com.