Privacy Policy
Last updated: May 2026
Dir'aa helps you check whether a message looks like phishing or fraud. Your privacy matters to us — this page explains exactly what we collect, why, and how we keep it safe.
What we collect
• The message text or link you submit for scanning. • Your account email if you sign in (optional — guests can scan without an account). • Basic technical data: language, app preferences, and a hashed IP used only for guest rate-limiting. • Optional feedback you give on a verdict (helpful / not helpful) and any community report you choose to submit.
How we use it
• To analyze the message with our AI model and return a verdict. • To save your scan history so you can review it later (only if you are signed in). • To improve detection quality — disagreed verdicts you submit are sent to our internal Intelligence Console for testing, with personal identifiers stripped. • We never sell your data and never use it for advertising.
Where it is stored
Data is stored on Lovable Cloud (managed Supabase) in encrypted databases. Scans are kept while your account is active; you can delete any scan from your history at any time.
Security measures
• All traffic is encrypted in transit using HTTPS / TLS. • Row-Level Security policies enforce that you can only read or delete your own scans. • Passwords are checked against the Have I Been Pwned breach database to block known-compromised passwords. • Community reports shown publicly have emails, phone numbers, and long digit sequences automatically masked. • Admin-only tools (Intelligence Console) require a verified admin role on both the client and the server.
Your rights
You can sign in to view, export, or delete your scan history. You can request full account deletion at any time by contacting us — this removes your account and all linked scans and feedback.
Contact
Questions or data requests? Email us at info@diraa.ae and we will respond within 30 days.