Last updated: 20-05-2026
This Privacy Policy explains how MoonTech FZE, TL#23701 ("Kiwi", "we", "us", or "our") collects, uses, shares, stores, and protects personal data when you use Kiwi, including our mobile applications, websites, APIs, dashboards, and related services (collectively, the "Platform"). This website is managed and operated by MoonTech FZE, TL#23701.
This document is a practical template and should be reviewed by legal counsel before publication. Privacy rights and obligations depend on where your company, users, providers, and payment operations are located.
Kiwi operates a marketplace and booking platform for customers, providers, business owners, workers, stores, branches, services, products, orders, reservations, subscriptions, payments, reviews, complaints, support, notifications, and analytics.
This website and the Kiwi Platform are managed and operated by MoonTech FZE, TL#23701.
Controller/business name: MoonTech FZE
Address: Saif office Q801 121/C, Saif zone , Sharjah , UAE
Privacy contact: Info@moontech.cloud
Support contact: Info@moontech.cloud
We may collect the following categories of personal data:
Account and identity data: name, first name, last name, phone number, country code, email address, birthdate, gender, account type, profile image, language preference, status, and terms acceptance.
Authentication and security data: OTP metadata, hashed verification codes, login timestamps, failed login data, lock status, suspicious activity records, IP address, user agent, device identifiers, device tokens, API tokens, and session data.
Customer activity data: reservations, services booked, orders, cart items, products viewed, latest viewed items, search queries, coupons, notes, addresses, contact details, reviews, ratings, complaints, reports, support requests, and attachments.
Provider and business data: store information, branch information, business category, worker information, schedules, working hours, services, products, equipment, media, photos, subscription plan, permissions, analytics, bank account details, payout information, wallet activity, withdrawal requests, and business verification data.
Payment and transaction data: payment method, payment status, payment references, gateway payment UUIDs, transaction records, invoices or receipts, refund data, chargeback data, wallet entries, saved-card tokens, masked card data, and payment provider responses.
Uploaded content: profile photos, store logos, cover images, product images, documents, support files, complaint attachments, review report photos, community media, and file metadata.
Communications data: notifications, support messages, complaints, complaint timelines, internal notes where applicable, email or SMS delivery metadata, and responses to surveys or support interactions.
Location and branch data: branch address, latitude, longitude, country code, user address for orders, and approximate location information derived from IP address or external mapping/geocoding services where applicable.
Public or third-party business data: publicly available business information, imported store information, third-party source data, and claim verification records.
Technical data: logs, crash data, browser/device type, operating system, app version, API request metadata, correlation IDs, cache/session data, and security headers.
We do not intentionally collect more personal data than we need for the Platform purposes described below.
We collect personal data when:
You create or update an account.
You verify your phone number, email, OTP, or social login.
You create a store, branch, worker profile, product, service, subscription, order, reservation, review, complaint, report, or support request.
You upload media or files.
You use search, home, latest viewed, notifications, payments, saved cards, wallets, withdrawals, or analytics features.
Providers, workers, customers, admins, payment processors, notification providers, mapping providers, fraud prevention tools, or public sources provide data to us.
Our systems automatically collect logs, security data, cookies, sessions, device data, and usage data.
We use personal data to:
Create, verify, secure, and manage accounts.
Provide customer booking, ordering, cart, coupon, review, complaint, notification, support, and profile features.
Provide provider store management, branch management, products, services, equipment, workers, schedules, permissions, subscriptions, analytics, wallets, payouts, and support features.
Process payments, saved-card tokens, refunds, wallet entries, withdrawal requests, chargebacks, and transaction records.
Send OTPs, authentication messages, service notifications, booking updates, order updates, support responses, payment notices, and marketing communications where permitted.
Display public business listings, reviews, ratings, media, products, services, availability, and search results.
Personalize the Platform, including search, language, currency, notifications, and recommendations.
Detect, prevent, and investigate fraud, abuse, spam, suspicious activity, unauthorized access, payment risk, security incidents, and policy violations.
Improve, debug, monitor, analyze, and maintain the Platform.
Enforce our Terms, protect rights and safety, comply with legal obligations, and respond to lawful requests.
Where laws such as the GDPR require a legal basis, we may rely on:
Contract: to provide the Platform, bookings, orders, payments, subscriptions, support, and account services.
Legitimate interests: to secure the Platform, prevent fraud, improve services, manage business operations, moderate content, and communicate about service matters.
Consent: for optional marketing, certain cookies, device permissions, or other activities where consent is legally required.
Legal obligation: to keep transaction records, respond to lawful requests, comply with tax/accounting requirements, and meet regulatory obligations.
Vital or public interest: only where applicable and legally permitted.
We may share personal data with:
Customers, providers, stores, branches, workers, and business owners as needed to complete bookings, orders, reviews, complaints, support requests, and business operations.
Payment processors, banks, card networks, payment gateways, refund providers, wallet providers, and fraud prevention partners.
Cloud hosting, database, storage, logging, monitoring, analytics, email, SMS, push notification, Firebase, mapping, geocoding, search, and support service providers.
Professional advisers, auditors, insurers, accountants, legal counsel, and compliance providers.
Government authorities, regulators, courts, law enforcement, or third parties when required by law or to protect rights, safety, and security.
Buyers, investors, successors, or affiliates in connection with a merger, acquisition, financing, restructuring, or sale of assets.
We do not sell personal data in the ordinary meaning of selling a customer list for money. If applicable privacy laws define "sale" or "sharing" more broadly, you may have opt-out rights as described below.
We may process and store personal data in countries other than where you live. Those countries may have different data protection laws. Where required, we use appropriate safeguards such as contractual protections, transfer impact assessments, or other lawful transfer mechanisms.
We keep personal data only as long as reasonably necessary for the purposes described in this Policy, including to provide the Platform, maintain accounts, complete transactions, comply with tax/accounting/legal obligations, resolve disputes, prevent fraud, enforce agreements, and maintain backups.
Typical retention periods may include:
Account data: while the account is active and for a reasonable period after closure.
Booking, order, payment, wallet, payout, and transaction data: as required for accounting, tax, dispute, chargeback, fraud, and legal purposes.
OTP, session, log, and security data: for shorter periods unless needed for security or investigations.
Reviews, public listings, media, and community content: while published or until removed, subject to backup and legal retention.
Support, complaint, and report data: as needed to resolve the matter and keep business records.
We use technical and organizational measures designed to protect personal data, including authentication controls, access restrictions, encryption where appropriate, logging, monitoring, API security controls, and operational security practices.
No system is completely secure. You are responsible for protecting your account credentials, OTPs, devices, and access tokens.
Depending on your location and applicable law, you may have rights to:
Access the personal data we hold about you.
Correct inaccurate or incomplete data.
Delete your data.
Restrict or object to certain processing.
Port your data to another service.
Withdraw consent where processing is based on consent.
Opt out of certain marketing communications.
Opt out of certain sale, sharing, targeted advertising, or profiling activities where applicable.
Lodge a complaint with a privacy regulator.
To exercise your rights, contact us at [privacy email]. We may need to verify your identity before responding.
We may send service messages, OTPs, booking updates, order updates, payment updates, support messages, and security alerts because they are necessary for Platform operation.
Where permitted, we may send promotional messages, newsletters, offers, or product updates. You may opt out of marketing messages, but you may still receive non-marketing service messages.
We may use cookies, local storage, sessions, device identifiers, SDKs, and similar technologies to keep you signed in, secure the Platform, remember preferences, analyze usage, support APIs, prevent fraud, and improve performance.
If legally required, we will request consent for non-essential cookies or similar technologies.
The Platform is not intended for children under [insert minimum age, for example 13, 16, or 18 depending on jurisdiction and product policy]. We do not knowingly collect personal data from children below the applicable age without required consent. If you believe a child has provided personal data, contact us at [privacy email].
We may use automated systems to support fraud detection, suspicious activity detection, security checks, search ranking, recommendations, moderation, analytics, and operational decisions. Where required by law, you may have the right to request human review of decisions that significantly affect you.
The Platform may integrate with payment gateways, Firebase, Google services, mapping/geocoding providers, cloud hosting, SMS/email providers, analytics tools, and third-party websites or apps. Their privacy practices are governed by their own policies.
We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date. If changes are material, we may notify you through the Platform, email, SMS, or other reasonable means.
Last updated: 20-05-2026
This Privacy Policy explains how MoonTech FZE, TL#23701 ("Kiwi", "we", "us", or "our") collects, uses, shares, stores, and protects personal data when you use Kiwi, including our mobile applications, websites, APIs, dashboards, and related services (collectively, the "Platform"). This website is managed and operated by MoonTech FZE, TL#23701.
This document is a practical template and should be reviewed by legal counsel before publication. Privacy rights and obligations depend on where your company, users, providers, and payment operations are located.
Kiwi operates a marketplace and booking platform for customers, providers, business owners, workers, stores, branches, services, products, orders, reservations, subscriptions, payments, reviews, complaints, support, notifications, and analytics.
This website and the Kiwi Platform are managed and operated by MoonTech FZE, TL#23701.
Controller/business name: MoonTech FZE
Address: Saif office Q801 121/C, Saif zone , Sharjah , UAE
Privacy contact: Info@moontech.cloud
Support contact: Info@moontech.cloud
We may collect the following categories of personal data:
Account and identity data: name, first name, last name, phone number, country code, email address, birthdate, gender, account type, profile image, language preference, status, and terms acceptance.
Authentication and security data: OTP metadata, hashed verification codes, login timestamps, failed login data, lock status, suspicious activity records, IP address, user agent, device identifiers, device tokens, API tokens, and session data.
Customer activity data: reservations, services booked, orders, cart items, products viewed, latest viewed items, search queries, coupons, notes, addresses, contact details, reviews, ratings, complaints, reports, support requests, and attachments.
Provider and business data: store information, branch information, business category, worker information, schedules, working hours, services, products, equipment, media, photos, subscription plan, permissions, analytics, bank account details, payout information, wallet activity, withdrawal requests, and business verification data.
Payment and transaction data: payment method, payment status, payment references, gateway payment UUIDs, transaction records, invoices or receipts, refund data, chargeback data, wallet entries, saved-card tokens, masked card data, and payment provider responses.
Uploaded content: profile photos, store logos, cover images, product images, documents, support files, complaint attachments, review report photos, community media, and file metadata.
Communications data: notifications, support messages, complaints, complaint timelines, internal notes where applicable, email or SMS delivery metadata, and responses to surveys or support interactions.
Location and branch data: branch address, latitude, longitude, country code, user address for orders, and approximate location information derived from IP address or external mapping/geocoding services where applicable.
Public or third-party business data: publicly available business information, imported store information, third-party source data, and claim verification records.
Technical data: logs, crash data, browser/device type, operating system, app version, API request metadata, correlation IDs, cache/session data, and security headers.
We do not intentionally collect more personal data than we need for the Platform purposes described below.
We collect personal data when:
You create or update an account.
You verify your phone number, email, OTP, or social login.
You create a store, branch, worker profile, product, service, subscription, order, reservation, review, complaint, report, or support request.
You upload media or files.
You use search, home, latest viewed, notifications, payments, saved cards, wallets, withdrawals, or analytics features.
Providers, workers, customers, admins, payment processors, notification providers, mapping providers, fraud prevention tools, or public sources provide data to us.
Our systems automatically collect logs, security data, cookies, sessions, device data, and usage data.
We use personal data to:
Create, verify, secure, and manage accounts.
Provide customer booking, ordering, cart, coupon, review, complaint, notification, support, and profile features.
Provide provider store management, branch management, products, services, equipment, workers, schedules, permissions, subscriptions, analytics, wallets, payouts, and support features.
Process payments, saved-card tokens, refunds, wallet entries, withdrawal requests, chargebacks, and transaction records.
Send OTPs, authentication messages, service notifications, booking updates, order updates, support responses, payment notices, and marketing communications where permitted.
Display public business listings, reviews, ratings, media, products, services, availability, and search results.
Personalize the Platform, including search, language, currency, notifications, and recommendations.
Detect, prevent, and investigate fraud, abuse, spam, suspicious activity, unauthorized access, payment risk, security incidents, and policy violations.
Improve, debug, monitor, analyze, and maintain the Platform.
Enforce our Terms, protect rights and safety, comply with legal obligations, and respond to lawful requests.
Where laws such as the GDPR require a legal basis, we may rely on:
Contract: to provide the Platform, bookings, orders, payments, subscriptions, support, and account services.
Legitimate interests: to secure the Platform, prevent fraud, improve services, manage business operations, moderate content, and communicate about service matters.
Consent: for optional marketing, certain cookies, device permissions, or other activities where consent is legally required.
Legal obligation: to keep transaction records, respond to lawful requests, comply with tax/accounting requirements, and meet regulatory obligations.
Vital or public interest: only where applicable and legally permitted.
We may share personal data with:
Customers, providers, stores, branches, workers, and business owners as needed to complete bookings, orders, reviews, complaints, support requests, and business operations.
Payment processors, banks, card networks, payment gateways, refund providers, wallet providers, and fraud prevention partners.
Cloud hosting, database, storage, logging, monitoring, analytics, email, SMS, push notification, Firebase, mapping, geocoding, search, and support service providers.
Professional advisers, auditors, insurers, accountants, legal counsel, and compliance providers.
Government authorities, regulators, courts, law enforcement, or third parties when required by law or to protect rights, safety, and security.
Buyers, investors, successors, or affiliates in connection with a merger, acquisition, financing, restructuring, or sale of assets.
We do not sell personal data in the ordinary meaning of selling a customer list for money. If applicable privacy laws define "sale" or "sharing" more broadly, you may have opt-out rights as described below.
We may process and store personal data in countries other than where you live. Those countries may have different data protection laws. Where required, we use appropriate safeguards such as contractual protections, transfer impact assessments, or other lawful transfer mechanisms.
We keep personal data only as long as reasonably necessary for the purposes described in this Policy, including to provide the Platform, maintain accounts, complete transactions, comply with tax/accounting/legal obligations, resolve disputes, prevent fraud, enforce agreements, and maintain backups.
Typical retention periods may include:
Account data: while the account is active and for a reasonable period after closure.
Booking, order, payment, wallet, payout, and transaction data: as required for accounting, tax, dispute, chargeback, fraud, and legal purposes.
OTP, session, log, and security data: for shorter periods unless needed for security or investigations.
Reviews, public listings, media, and community content: while published or until removed, subject to backup and legal retention.
Support, complaint, and report data: as needed to resolve the matter and keep business records.
We use technical and organizational measures designed to protect personal data, including authentication controls, access restrictions, encryption where appropriate, logging, monitoring, API security controls, and operational security practices.
No system is completely secure. You are responsible for protecting your account credentials, OTPs, devices, and access tokens.
Depending on your location and applicable law, you may have rights to:
Access the personal data we hold about you.
Correct inaccurate or incomplete data.
Delete your data.
Restrict or object to certain processing.
Port your data to another service.
Withdraw consent where processing is based on consent.
Opt out of certain marketing communications.
Opt out of certain sale, sharing, targeted advertising, or profiling activities where applicable.
Lodge a complaint with a privacy regulator.
To exercise your rights, contact us at [privacy email]. We may need to verify your identity before responding.
We may send service messages, OTPs, booking updates, order updates, payment updates, support messages, and security alerts because they are necessary for Platform operation.
Where permitted, we may send promotional messages, newsletters, offers, or product updates. You may opt out of marketing messages, but you may still receive non-marketing service messages.
We may use cookies, local storage, sessions, device identifiers, SDKs, and similar technologies to keep you signed in, secure the Platform, remember preferences, analyze usage, support APIs, prevent fraud, and improve performance.
If legally required, we will request consent for non-essential cookies or similar technologies.
The Platform is not intended for children under [insert minimum age, for example 13, 16, or 18 depending on jurisdiction and product policy]. We do not knowingly collect personal data from children below the applicable age without required consent. If you believe a child has provided personal data, contact us at [privacy email].
We may use automated systems to support fraud detection, suspicious activity detection, security checks, search ranking, recommendations, moderation, analytics, and operational decisions. Where required by law, you may have the right to request human review of decisions that significantly affect you.
The Platform may integrate with payment gateways, Firebase, Google services, mapping/geocoding providers, cloud hosting, SMS/email providers, analytics tools, and third-party websites or apps. Their privacy practices are governed by their own policies.
We may update this Privacy Policy from time to time. We will post the updated version with a new "Last updated" date. If changes are material, we may notify you through the Platform, email, SMS, or other reasonable means.