Privacy policy.

In this policy "we", "us", and "Hassab" refer to RAMZ for Information Technology LLC, a company registered in the Sultanate of Oman with its principal office in Muscat. RAMZ operates the Hassab service. You can contact our privacy officer at privacy@hassab.io.

We collect (a) account data you provide — name, work email, phone, company name, role, password hash, language and time-zone preference; (b) operational data your team enters into the application — invoices, bills, bank statements, VAT registrations, customer and vendor contact details; (c) technical data — IP address, browser and device information, log data, usage events; (d) communication data — emails, support tickets, demo notes; and (e) marketing data — newsletter sign-ups and event attendance you have opted into.

We use personal data to provide and operate the service, authenticate users, deliver and bill the subscription, prevent abuse and fraud, improve the product, comply with our legal obligations including the OTA's record-retention requirements, communicate service changes, and (with consent or legitimate interest) send relevant product updates. We do not sell personal data and we do not use customer accounting data to train shared AI models.

We rely on (a) performance of contract for delivering the service to subscribers; (b) legitimate interests for product improvement, security, and fraud prevention; (c) consent for marketing emails and optional cookies; and (d) legal obligation for tax, audit, and regulatory record-keeping in Oman.

We share personal data only with: (a) sub-processors who help us run the service — cloud hosting, email delivery, error monitoring, AI processing, payment processing — under written data-processing agreements; (b) professional advisers (auditors, lawyers) under confidentiality; and (c) competent authorities where required by Omani law. A current sub-processor list is available on request.

When you upload a document for OCR or use the AI assistant, the document or message is sent to our AI sub-processor (Anthropic) under our data-processing agreement, processed to produce the requested output, and not retained for model training. Confidence scores and decisions are stored in your tenant.

Some of our sub-processors are located outside Oman (notably in the EU, UK, and US). We rely on the safeguards in the relevant data-processing agreements (including standard contractual clauses where applicable) and on Oman PDPL provisions for cross-border transfers. Customers on the Finance plan can request regional storage.

Our website uses strictly necessary cookies (session, locale, anti-CSRF) and optional analytics cookies. Optional cookies require your consent, given through the cookie banner on first visit. You can change your preferences any time.

Account and operational data is kept for the duration of your subscription plus 30 days for re-export, then deleted. Records subject to Oman tax law (invoices, bills, bank statements, VAT documents) are retained for 10 years (15 years for immovable-property records) under our retention schedule. Marketing data is kept until you unsubscribe.

We apply technical and organisational measures including encryption in transit (TLS 1.2+), encryption at rest, role-based access control, multi-tenant database scoping at row level, audit logging of every action, periodic security review, and least-privilege production access. We notify affected customers and the Oman Personal Data Protection Centre as required in case of a personal-data breach.

Under Oman's PDPL you have the right to (a) access your personal data, (b) correct inaccurate data, (c) request deletion subject to our legal retention obligations, (d) object to or restrict certain processing, (e) withdraw consent for processing based on consent, and (f) lodge a complaint with the Oman Personal Data Protection Centre. To exercise any of these rights, email privacy@hassab.io and we will respond within 30 days.

Hassab is a B2B service. We do not knowingly collect personal data from anyone under 18. If you believe a minor's data has reached us, contact privacy@hassab.io and we will remove it.

We update this policy when we change how we handle data. Material changes are announced in-app and by email at least 30 days before they take effect. The "last updated" date at the top of this page reflects the most recent revision.