Last updated:
This Privacy Policy explains what personal data Shofic collects when you use shofic.com, why we collect it, and the choices you have. Shofic, operated from Dubai, United Arab Emirates, is the data controller for the processing described here. We designed the service around data minimization: orders work without an account, and we never ask for social media passwords.
We collect only what is needed to run the service: your contact email address; order details, meaning the public links or usernames you submit, the services and quantities purchased, and order status; payment confirmation metadata received from our payment providers, such as transaction reference, amount and payment status; support correspondence you send us; and standard technical logs such as IP address, browser type and pages visited, kept for security and troubleshooting.
We do not collect social media account passwords under any circumstances, and we do not receive or store full card numbers — card and crypto payments are handled entirely by external payment processors.
We use your data to accept, deliver and support your orders; to send order confirmations and status updates by email; to process refill and refund requests; to prevent fraud and abuse of the service; to comply with legal obligations such as accounting and tax rules; and to understand, in aggregate, how the site is used so we can improve it. We do not sell or rent personal data, and we do not use your data for third-party advertising.
Where data protection law requires a legal basis, we rely on: performance of a contract, for processing order and contact data needed to deliver what you purchased; legal obligation, for records we must keep under commercial and tax legislation; and legitimate interests, for fraud prevention, security logging and service improvement, balanced against your rights. Where consent is required — for example for non-essential cookies — we ask for it separately and you may withdraw it at any time.
The site uses your browser’s local storage to keep your shopping cart and language preference on your own device; this data stays in your browser and is not transmitted to us until you check out. We use essential cookies for session functionality and privacy-conscious analytics to understand aggregate site usage. You can clear local storage and block non-essential cookies in your browser settings without breaking core functionality, although your cart contents will be lost when local storage is cleared.
Card, bank and cryptocurrency payments are processed by external payment providers over encrypted connections. Your payment details are entered on, or handled by, the provider’s systems; Shofic receives only confirmation metadata such as the transaction reference, amount and status. We never store full card numbers, CVV codes or wallet private keys. Each provider processes your data under its own privacy policy, which we encourage you to review.
We share personal data only with service providers who need it to operate the service: payment processors, to confirm and settle payments; hosting and infrastructure providers, to run the site and store order records; and email delivery providers, to send order notifications. These providers act on our instructions and may not use your data for their own purposes. We may also disclose data where required by law, a court order or a competent authority, or to establish or defend legal claims.
Our service providers may store or process data in countries other than your own, including outside the UAE. Where data is transferred internationally, we rely on providers that apply recognized safeguards — such as contractual data protection commitments and encryption in transit and at rest — so that your data receives a consistent level of protection wherever it is processed.
Order and payment confirmation records are retained for the period required by applicable commercial and tax legislation, after which they are deleted or anonymized. Support correspondence is kept as long as needed to resolve the matter and for a reasonable period afterwards. Technical logs are retained for a short rolling period for security purposes. Cart data in local storage remains on your device until you clear it or complete checkout.
Subject to applicable law, you may request access to the personal data we hold about you, correction of inaccurate data, deletion of data we no longer need to keep, restriction of or objection to certain processing, and a copy of your data in a portable format. To exercise any of these rights, email info@shofic.com from the address linked to your orders; we respond within 30 days. If you believe your rights have been violated, you may also complain to the data protection authority competent for you.
The service is intended for adults and is not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at info@shofic.com and we will delete it promptly.
We protect personal data with technical and organizational measures, including encryption in transit (TLS), access controls limiting data to staff who need it, and separation of payment processing from our own systems. No online service can guarantee absolute security, but we review our measures regularly and act promptly on any identified risk.
We may update this Privacy Policy from time to time; the "last updated" date at the top of the page shows the current version, and material changes will be highlighted on the site. Questions about this policy or your data can be sent to info@shofic.com.