Privacy Policy
- Version
- 1.0
- Effective Date
- 2026-05-17
The Arabic version is the legally binding text. This English version is for reference only.
We appreciate the trust you place in us when you entrust us with your personal and official documents for translation. This Policy explains clearly: what data we collect, why, who we share it with, how long we keep it, and what your rights are. It is built on the Omani Personal Data Protection Law issued by Royal Decree 6/2022 and its Executive Regulations Ministerial Decision 34/2024.
1. Who We Are
| Data Controller | TAMKEEN DIGITAL LLC — a Limited Liability Company |
| Platform Brand | trjm.om |
| Commercial Registration | 1645675 |
| Tax Identification No. | 2261616 |
| Address | North Al Moolah, Al Seeb, Muscat Governorate, P.C. 112, P.O. Box 108, Sultanate of Oman |
| General Email | info@trjm.om |
| Contact Phone | +968 7720 0778 |
Data Protection Officer (DPO)
In accordance with Article 34 of the Executive Regulations:
| Name | Salah Salim Ali Al Badi (Acting Data Protection Officer) |
| dpo@trjm.om | |
| Postal Address | North Al Moolah, Al Seeb, Muscat Governorate, P.C. 112, P.O. Box 108, Sultanate of Oman |
2. Data We Collect
2.1 Identification Data
| Item | When Collected | Required? |
|---|---|---|
| Full name | At registration | Yes |
| At registration | Yes | |
| Phone number | At registration | Yes |
| Country | At registration (Sultanate of Oman only) | Yes |
| Preferred language | At registration | No |
2.2 Authentication and Security Data
- Your password is stored as a hash using
Argon2idand cannot be retrieved by anyone. - Number of failed login attempts and lockout time.
- Last login timestamp.
2.3 Session Data
IPaddress.- Browser type and operating system (
User-Agent). - Last activity time and session expiry.
2.4 Payment Data
- Payment amount and currency.
- Card type (e.g., VISA, Mastercard).
- Last 4 digits of the card only (for invoicing).
- Thawani session identifier and time of completion.
Important: We never see or store the full card number, expiry date, or CVV.
2.5 Your Documents and Their Content
- The Original Document you upload for translation.
- The stamped Delivery Document from the office.
- Automatically extracted metadata: word count, page count.
- Document type and notes for the office.
2.6 Sensitive Data
If you select the document type "Medical Report", its content is classified as sensitive health data. We will request your separate consent before processing, and apply stricter access controls.
3. Purposes of Processing
| # | Purpose | Data Used |
|---|---|---|
| 1 | Deliver the translation service | All Request-related data |
| 2 | Create and manage your account | Identification and authentication |
| 3 | Process payment | Payment data |
| 4 | Transactional communication | Email and name |
| 5 | Tax and accounting compliance | Invoices and payments |
| 6 | Protect the platform from fraud | Session and IP |
We do not use your data for marketing in the first release. We will not send any promotional email.
4. Legal Basis for Processing
| Basis | When It Applies |
|---|---|
| Your explicit consent | When you accept this Policy and when processing health data |
| Performance of contract | Processing and delivering the Request |
| Legal obligation | Retaining payment and tax records |
| Legitimate interest | Protecting the platform from fraud |
5. Who We Share Your Data With
5.1 Translation Offices
The office that accepts your Request receives: your Original Document, your name, and your notes. It does not see your other data.
5.2 Sub-Processors
| Provider | Purpose | Country | Data Transferred |
|---|---|---|---|
| Cloudflare R2 | Document storage | Europe/Asia | Documents (encrypted) |
| Google Cloud Vision | Document text extraction | United States | Document content (transient) |
| Thawani | Payment processing | Sultanate of Oman | Name, email, amount |
| Resend / SMTP | Transactional email | EU / US | Email, name, content |
| Soketi / Pusher | Real-time notifications | Depends on hosting | User identifier |
| ClamAV | Antivirus scanning | Within our infrastructure | Files during scanning |
5.3 Official Authorities
We disclose data only when legally required, when reporting a suspected criminal violation, or when defending our rights.
6. Cross-Border Data Transfer
Some infrastructure services operate from data centers outside Oman. Per Articles 37-39:
- We obtain your explicit consent before transfer.
- We select providers offering a protection level no less than Oman's standard.
- We sign Data Processing Agreements (
DPAs) with each provider.
You may withdraw consent by contacting dpo@trjm.om; this may end service.
7. Data Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Completed Requests and documents | Indefinite | Audit requirement |
| Cancelled Requests | Minimum 2 years | Dispute resolution |
| Payment records and invoices | 7 years | Tax obligation |
| Refund records | 7 years | Tax obligation |
OTP codes | Deleted after 24 hours | No longer needed |
| Expired sessions | Purged daily | Not needed |
| Security and access logs | 12 months | Breach detection |
8. Your Rights Under the Data Protection Law
You have explicit rights, and we respond within a maximum of 45 days:
8.1 Right of Access
Request a copy of your data in a clear, readable format.
8.2 Right to Rectification
Correct your data directly from your account or by request.
8.3 Right to Erasure
Request deletion when the purpose ends, consent is withdrawn, or processing is unlawful. Exception: Data we must retain by law (e.g., payment records).
8.4 Right to Data Portability
Transfer your data to another controller in a machine-readable format.
8.5 Right to Withdraw Consent
Withdraw consent anytime without affecting prior processing.
8.6 Right to Object
Object to processing based on legitimate interest.
8.7 How to Exercise Your Rights
Send a request to dpo@trjm.om including: your name, account email, type of right, and a description of the data concerned.
8.8 Right to File a Complaint
You may file a complaint with the Ministry of Transport, Communications and IT or the National Centre for Information Safety.
9. How We Protect Your Data
9.1 Encryption
- In transit:
HTTPSwithTLS 1.2+andHSTS. - At rest: email and phone with
AES-256-CBC; documents encrypted in cloud storage; passwords withArgon2id.
9.2 Access Control
- Download links time-limited (
15minutes). - An office can only see its own Requests.
- Staff access on need-to-know basis with full audit logging.
9.3 Threat Protection
- Automatic
ClamAVscanning. - Rate limiting against brute-force.
- Account lockout after failed attempts.
- Strict
HTTPsecurity headers.
10. Data Breach
We apply a rapid-response plan per Articles 30 and 32:
| Action | Deadline |
|---|---|
| Notify Ministry of Transport (Data Protection Unit) | Within 72 hours |
| Notify affected individuals if material harm | Within 72 hours |
| Immediate corrective measures | On discovery |
11. Cookies
We use a very limited number of cookies, all essential:
| Cookie | Purpose | Lifetime |
|---|---|---|
session | Your session identifier | 24h idle / 30d absolute |
csrf | Protection against CSRF | End of session |
lang | Remember your preferred language | One year |
We do not use cookies for advertising tracking or behavioral analytics.
12. Children's Privacy
The platform is not intended for anyone under 18. If we discover a minor's data, we delete it immediately and close the account.
13. Updates to This Policy
- We notify you of material updates by email at least 30 days before they take effect.
- Minor updates are published without notice.
- You may review all prior versions on request from the DPO.
14. Contact and Complaints
14.1 For Inquiries and Requests
| Subject | Contact |
|---|---|
| Data rights requests | dpo@trjm.om |
| General support | info@trjm.om |
| Reporting breach or misuse | abuse@trjm.om |
| Phone | +968 7720 0778 |
| Address | North Al Moolah, Al Seeb, Muscat Governorate, P.C. 112, P.O. Box 108, Sultanate of Oman |
14.2 Regulatory Authorities in Oman
- Ministry of Transport, Communications and IT — Personal Data Protection Unit.
- National Centre for Information Safety.
- Consumer Protection Authority:
80079009.
Thank you for your trust. Your privacy is our responsibility.