Privacy Policy
Jaber Connect — published by [Your Legal Name as on Developer Account] on behalf of Jaber Group
Last Updated: April 25, 2026
Effective Date: April 25, 2026
1. Introduction
Welcome to Jaber Connect ("we," "us," "our"), a mobile application published by [Your Legal Name as on Developer Account] ("Publisher") on behalf of Jaber Group ("Company"). This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our mobile application ("App"), available on Apple App Store and Google Play Store.
This Privacy Policy is drafted in compliance with:
- The Jordanian Personal Data Protection Law No. 24 of 2023 (PDPL), which came into force on March 17, 2024, with full compliance required since March 16, 2025. This is Jordan's first comprehensive data protection legislation.
- The Jordanian Cybercrime Law No. 17 of 2023, effective September 13, 2023, which replaced the 2015 cybercrime law and governs data security offenses.
- The Jordanian Electronic Transactions Law No. 15 of 2015, governing electronic records and communications.
- The Jordanian Labor Law No. 8 of 1996 and its amendments, as applicable to employment data.
- Apple App Store Review Guidelines (including Guideline 5.1 on Privacy and Guideline 5.1.2 on data sharing with third parties including AI systems, updated November 2025).
- Google Play Developer Program Policies, including the Data Safety section requirements and account deletion requirements.
By using the App, you provide your explicit consent to the collection and processing of your data as described in this Privacy Policy, in accordance with Article 5 of the PDPL. If you do not agree, please do not use the App.
2. Data Controller Information
Data Controller: Jaber Group
Publisher / Data Processor: [Your Legal Name as on Developer Account]
Contact Email: support@jabergroup.com
Address: Amman, Jordan
Phone: [Your Phone Number]
Under Article 8 of the PDPL, Jaber Group acts as the Data Controller and is responsible for protecting all data in our custody. The Publisher acts as a Data Processor facilitating the publication and technical operation of the App on behalf of Jaber Group.
3. Information We Collect
3.1 Personal Data You Provide (Registration & Profile)
| Data Type | Required/Optional | Purpose |
|---|---|---|
| First name, last name | Required | Account identification |
| Username | Required | Authentication |
| Email address | Required (auto-generated as username@jaberconnect.app) | Account identification |
| Password | Required (stored only as bcrypt hash, never in plain text) | Authentication |
| Employee ID | Optional | Employer identification |
| National ID number | Optional | Employer identification (this is sensitive personal data under Article 2 of the PDPL) |
| Country, brand, branch | Required | Organizational assignment |
| Profile picture | Optional (uploaded by you) | Personalization |
3.2 HR/Employment Data (If Your Organization Uses the HR Module)
- Employee number, Arabic name, department, job title, hire date
- Salary and overtime rate information (sensitive financial data under the PDPL)
- Leave balances and leave request history
- Overtime records
- Performance notes authored by managers
- Uniform and stationery request history
- Custom HR fields as configured by your organization
3.3 Data Collected Automatically
| Data Type | When Collected | Purpose |
|---|---|---|
| Mobile activity timestamps | While App is active (synced periodically) | Inactivity policy enforcement |
| App usage patterns | During App use | Service delivery |
3.4 Data Collected With Your Permission
| Data Type | When Collected | Permission Required | Purpose |
|---|---|---|---|
| Camera images (front and back) | Only during proctored exam sessions, at configurable intervals | Camera permission (iOS: NSCameraUsageDescription; Android: CAMERA) | Exam integrity verification via AI analysis |
| GPS location (precise) | Only during exam start when geofencing is enabled for your role | Location permission (iOS: NSLocationWhenInUseUsageDescription; Android: ACCESS_FINE_LOCATION) | Verifying you are at an authorized exam location |
| WiFi network name (SSID) | Only during exam start when WiFi validation is enabled for your role | Network state permission | Verifying you are on an authorized network |
Important: Camera, location, and network data are collected only during specific exam-related actions, not continuously. You will be clearly informed before any such collection occurs.
3.5 Data Generated Through App Use
- Exam data: Scores, pass/fail status, attempt counts, session timestamps, answers submitted
- Cheat detection logs: Records of suspicious behavior during exams (app switching, screen capture attempts)
- AI analysis results: Cheat scores and verdicts generated from proctoring image analysis
- Learning progress: Video watch position and duration, course completion status
- Gamification data: Points balance, coins balance, spin wheel history, leaderboard rankings
- Shop data: Redemption codes, redemption history, transaction records
- Support data: Technical tickets, inquiries, and communications
- Notification history: Notifications received and read status
4. Legal Basis for Processing
Under Article 5 of the PDPL, we process your data based on the following lawful bases:
- Explicit Consent: You provide consent when you register for the App and when you grant camera, location, or network permissions for exam proctoring. Your consent is documented electronically as required by the PDPL.
- Contractual Necessity: Processing necessary to provide the services you have requested (educational content delivery, exam management, reward system, HR services).
- Legitimate Interest of Your Employer: Your organization uses this App as a workplace training and HR management tool. Exam integrity monitoring, performance tracking, and HR management serve your employer's legitimate operational interests.
- Legal Obligation: Retention of employment records as required by the Jordanian Labor Law.
You may withdraw your consent at any time (see Section 9), though this may affect your ability to use certain features of the App.
5. How We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Account creation and authentication | Name, username, email, password hash | Consent, Contract |
| Delivering educational content | User ID, category permissions, video progress | Contract |
| Exam administration and scoring | User ID, exam answers, scores, timestamps | Contract, Employer interest |
| Exam proctoring and integrity | Camera images, location, WiFi SSID, cheat logs | Explicit consent |
| AI-powered cheat detection | Proctoring images, exam behavior data | Explicit consent |
| Points/coins reward system | User ID, transaction history | Contract |
| Shop redemptions | User ID, coin balance, redemption codes | Contract |
| HR management | Employment data, leave/overtime records | Contract, Legal obligation |
| Notifications | User ID, notification content | Contract |
| Inactivity monitoring | Mobile activity timestamps | Employer interest |
| Company analytics and reporting | Aggregated exam and performance data | Employer interest |
| Technical support | Ticket content, user details | Contract |
6. AI-Powered Processing and Third-Party Data Sharing
6.1 AI Features
In compliance with Apple App Store Guideline 5.1.2 (updated November 2025), we explicitly disclose that your personal data is shared with the following AI system:
Google Gemini AI (provided by Google LLC) is used for:
- Exam proctoring image analysis: Your camera images captured during proctored exams are sent to Google Gemini for AI analysis to detect potential cheating. The AI generates a cheat score (0-100) and a verdict.
- HR chatbot: When you use the HR assistant, your employment-related queries and relevant HR data are processed by Google Gemini to generate responses.
- Question generation: Administrators use AI to generate exam questions from educational content. This does not involve your personal data.
Your explicit consent is obtained before any AI processing of your personal data. By starting a proctored exam, you consent to AI analysis of your proctoring images. By using the HR chatbot, you consent to AI processing of your query.
6.2 Third-Party Service Providers
We share data with the following third-party processors, each acting under our instructions in accordance with Article 12 of the PDPL:
| Provider | Location | Data Shared | Purpose |
|---|---|---|---|
| Google Gemini AI (Google LLC) | United States | Proctoring images, HR chatbot queries | AI analysis (see 6.1) |
| Cloudflare, Inc. | Global CDN | Proctoring images, profile pictures, PDF documents | Image and file storage |
| Vimeo, Inc. | United States | No personal data | Video content hosting |
| Google Maps Platform (Google LLC) | United States | GPS coordinates (during exam validation only) | Geofencing location verification |
| Railway | United States | All application data | Database and server hosting |
6.3 Cross-Border Data Transfer
Under Article 13 of the PDPL, personal data must not be transferred outside Jordan if the destination provides a lower level of protection, except where the data subject has explicitly consented after being informed.
Disclosure: Your data is stored on and processed by servers located outside Jordan (United States and global CDN locations). By using this App, you explicitly consent to this cross-border transfer, having been informed that these jurisdictions may not provide the same level of data protection as Jordan's PDPL. We ensure our third-party providers maintain appropriate security measures.
6.4 We Do NOT:
- Sell your personal data to any third party
- Share your data with advertisers or marketing companies
- Use your data for purposes unrelated to the App's services
- Share your data with any party not listed in this Privacy Policy
7. Data Shared With Your Employer
Your organization's authorized administrators and managers may access:
- Your exam scores, pass/fail status, and attempt history
- AI cheat detection results and proctoring analysis
- Your learning progress and video completion status
- Your points/coins balance and leaderboard ranking
- Your HR data (leave balances, overtime, requests)
- Performance notes and employee records
- Your account status (active, inactive, verified)
This sharing is necessary for the App's core purpose as a workplace training and HR management tool.
8. Data Security
In compliance with Article 8 of the PDPL, we implement the following security measures:
- Password protection: All passwords are hashed using bcrypt (one-way encryption) before storage. We never store or have access to your plain-text password.
- Authentication: JWT (JSON Web Token) based authentication with automatic session expiration.
- Encryption in transit: All data transmitted between the App and our servers uses HTTPS/TLS encryption.
- Role-based access control: Granular permission system ensuring users only access data authorized for their role.
- Screenshot protection: The App includes screen capture protection (react-native-capture-protection) to prevent unauthorized recording of educational content.
- Account verification: New accounts require branch manager approval before activation.
- Automatic deactivation: Accounts are automatically deactivated after configurable periods of inactivity.
8.1 Data Breach Notification
In compliance with the PDPL's breach notification requirements:
- We will notify affected users within 24 hours of discovering a serious data breach that could cause harm.
- We will notify the relevant Jordanian authority (the Personal Data Protection Unit) within 72 hours of discovering such a breach.
- Notifications will include details of the breach and measures you can take to mitigate negative consequences.
9. Your Rights Under the PDPL
Under Articles 9-11 of the Jordanian PDPL, you have the following rights. You are free from any financial or contractual consequences for exercising these rights:
- Right to Access (Article 9): You may request access to and obtain a copy of all personal data we hold about you.
- Right to Withdraw Consent (Article 9): You may withdraw your consent to data processing at any time. This may affect your ability to use certain App features.
- Right to Correction (Article 9): You may request correction, amendment, or update of any inaccurate or outdated personal data.
- Right to Erasure (Article 9): You may request deletion of all personal data collected about you, subject to legal retention requirements.
- Right to Limit Processing (Article 9): You may request that processing of your data be limited to a specific scope.
- Right to Object (Article 9): You may object to processing or profiling that is unnecessary, excessive, discriminatory, or in violation of Jordanian law.
- Right to Data Portability (Article 9): You may request transfer of your data from our possession to another data controller.
- Right to Be Notified (Article 9): You have the right to be notified of any data breaches that may compromise your data's security.
How to Exercise Your Rights
- In-App: Contact your organization's administrator
- Email: Send a request to support@jabergroup.com
- Account Deletion: You may request complete account and data deletion by contacting support@jabergroup.com or through your organization's administrator. We will process deletion requests within 30 days, subject to legal retention obligations.
Google Play Account Deletion Requirement: In compliance with Google Play's account deletion policy, we provide both an in-app path and a web-accessible method (email) for requesting account and data deletion.
10. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Duration of active account + 1 year after deletion request | Service delivery, legal compliance |
| Exam scores and results | Duration of employment relationship + as required by employer | Employer compliance, training records |
| Proctoring images | As configured by your organization (default: duration of exam session review period) | Exam integrity verification |
| Cheat detection logs | Duration of employment relationship | Audit and compliance |
| HR/employment data | As required by Jordanian Labor Law (minimum retention periods apply) | Legal obligation |
| Video progress | Duration of active account | Service delivery |
| Points/coins transactions | Duration of active account | Service delivery |
| Shop redemptions | Duration of active account + 1 year | Transaction records |
| Notifications | 90 days or until deleted by user | Service delivery |
| Inactivity logs | 1 year | Audit trail |
Upon account deletion, we will erase your personal data except where retention is required by law (Jordanian Labor Law, PDPL compliance records).
11. Children's Privacy
The App is designed exclusively for use by employees within corporate organizations. It is not intended for children. We do not knowingly collect personal data from anyone under the age of 18. If we discover that we have collected data from a person under 18, we will delete it promptly. If you believe a minor has provided us with personal data, please contact us immediately at support@jabergroup.com.
12. Device Permissions
The App may request the following device permissions:
| Permission | Platform | When Requested | Purpose | Required? |
|---|---|---|---|---|
| Camera | iOS, Android | Before proctored exams | Capturing proctoring images | Only for proctored exams |
| Location (When In Use) | iOS, Android | Before geofenced exams | Verifying authorized exam location | Only for geofenced exams |
| Network/WiFi State | Android | Before WiFi-validated exams | Verifying authorized network | Only for WiFi-validated exams |
| Internet | iOS, Android | Always | App functionality | Yes |
| Local Storage | iOS, Android | Always | Caching authentication tokens and preferences | Yes |
You can revoke camera and location permissions at any time through your device settings. Revoking these permissions may prevent you from taking proctored or geofenced exams.
13. Cookies and Local Storage
The App uses local device storage (AsyncStorage) to store:
- Authentication tokens (for keeping you logged in)
- User profile data (for offline display)
- Category permission cache (for content access)
The App does not use browser cookies, advertising identifiers, or tracking pixels. We do not track you across other apps or websites.
14. Push Notifications
The App may send notifications regarding:
- Account status updates (verification, deactivation)
- Administrative announcements from your organization
- HR request status updates
You can disable notifications through your device settings at any time.
15. Virtual Currency Disclosure
The App uses an internal virtual currency system (Points and Coins). These have no real-world monetary value, cannot be exchanged for real currency, and are not connected to any payment processing system. No real-money transactions occur within the App. There are no in-app purchases.
16. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make changes:
- We will update the "Last Updated" date at the top
- For material changes, we will notify you through the App
- Your continued use of the App after changes constitutes acceptance
Under the PDPL, if the nature, type, or purposes of processing change, we will obtain fresh consent from you.
17. Complaints
If you believe your data protection rights have been violated, you may:
- Contact us at support@jabergroup.com
- File a complaint with the Jordanian Personal Data Protection Unit established under the PDPL
- Seek remedy through the competent courts in Amman, Jordan
18. Governing Law
This Privacy Policy is governed by the laws of the Hashemite Kingdom of Jordan. Any disputes shall be subject to the exclusive jurisdiction of the courts of Amman, Jordan.
19. Contact Us
Jaber Group (Data Controller)
- Email: support@jabergroup.com
- Address: Amman, Jordan
- Phone: [Your Phone Number]
Publisher
- Name: [Your Legal Name as on Developer Account]
*This Privacy Policy was last updated on April 25, 2026.*