Legal

Privacy Policy

Last updated: 10 May 2026

This Privacy Policy explains how Nasmade (Nasmade, we, us, or our) collects, uses, shares, and protects information about you when you use the Nasmade marketplace (the Service). It applies to Companies, Creators, visitors, and anyone else who interacts with the Service. Capitalised terms not defined here have the meaning given to them in our Terms of Service.

1. Who we are

Nasmade operates a marketplace that connects Companies with Creators across the MENA region. We act as the controller of most personal information described in this policy. For engagements between Companies and Creators, each party independently controls the personal information they exchange through the Service.

2. Information we collect

2.1 Account information

Email address, password (stored as a salted hash), name, role (Company or Creator), preferred language, and theme preference. If you sign in with Google or Apple, we receive your email address and basic profile information from that provider as part of the OAuth handshake.

2.2 Profile and portfolio

For Creators: portfolio samples, niches, languages, country and city of operation, demographics relevant to casting (e.g. age bracket, gender, language), and rates. For Companies: business name, logo and brand assets, billing details, and the people authorised to act on the company's behalf.

2.3 Briefs, Assets, and communications

The Briefs you create, the Assets you upload (including drafts and intermediate Iterations), the metadata associated with them, and the messages you exchange with the other party through the Platform.

2.4 Payment information

For payouts and billing, we (or our payment processors) collect bank account or payment details, tax identifiers where required, and transaction records. We do not store full payment card numbers ourselves; card data is handled by certified payment processors.

2.5 Usage data

IP address, approximate location, device type, browser, pages viewed, actions taken, referrers, and timestamps. We use this for analytics, fraud prevention, and product improvement.

2.6 Cookies and similar technologies

See Section 11 — Cookies.

3. How we use your information

  • Provide and operate the Service: matching Companies with Creators, processing Briefs and Assets, releasing payouts on Approval.
  • Verify identity, prevent fraud, enforce our Terms, and investigate disputes.
  • Send transactional and service-related communications (sign-up confirmations, brief updates, payout receipts, security alerts).
  • With your consent, send marketing communications. You can opt out at any time via the link in each marketing email or your dashboard settings.
  • Improve the Service through analytics and aggregated metrics.
  • Comply with legal obligations and respond to lawful requests from public authorities.

Where required by applicable law (including the UAE Personal Data Protection Law and equivalent regimes), we rely on the following bases:

  • Performance of a contract — to deliver the Service you signed up for, including processing Briefs, delivering Assets, and releasing payouts.
  • Legitimate interests — to keep the Platform safe, prevent fraud, debug, and improve the Service. We balance these interests against your rights and freedoms.
  • Consent — for marketing communications, optional cookies, and any other processing that requires it. You can withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, anti-fraud, and other laws.

5. How we share your information

We share information with:

  • The other party of an engagement. When a Company commissions a Creator (or a Creator accepts a Brief), each party sees the information needed to complete the engagement: the Brief, the Asset and its versions, messages, and basic identity / contact details.
  • Service providers. Hosting (Vercel), authentication and database (Supabase), media storage and delivery (Mux), email delivery (Resend), and analytics partners. These providers process information only on our instructions and under written confidentiality and data-processing terms.
  • Payment processors. For payouts and billing. They are independent controllers of the payment information they process.
  • Legal & safety. When required by law, court order, or competent authority, or to protect the rights, safety, or property of Nasmade, our users, or the public.
  • Corporate transactions. In a merger, acquisition, financing, or sale of assets, your information may be transferred subject to standard confidentiality undertakings.

We do not sell your personal information.

6. International transfers

Nasmade serves users primarily in the UAE and KSA, but our infrastructure providers operate globally. Your information may be processed in countries with data-protection regimes different from your own. Where required, we use appropriate safeguards — including standard contractual clauses and provider commitments — to keep your information protected to a standard equivalent to that of your home jurisdiction.

7. Retention

We keep account information for as long as your account is active and for a reasonable period after closure, typically up to seven (7) years where required for tax, accounting, fraud-prevention, or to defend or bring legal claims. Briefs, Assets, and transaction records are retained on the same basis — they form part of the auditable record of an engagement. Where information is no longer needed and no legal obligation requires us to keep it, we delete or anonymise it.

8. Your rights

Subject to applicable law, you have the right to:

  • Access the information we hold about you.
  • Correct information that is inaccurate or incomplete.
  • Request deletion of your information, subject to legal retention obligations.
  • Object to or restrict certain processing.
  • Withdraw consent at any time, where consent is the basis.
  • Receive a portable copy of the information you provided.
  • Lodge a complaint with the data-protection authority of your country.

To exercise any of these rights, email privacy@nasmade.com. We respond within thirty (30) days of receiving a verifiable request, subject to extensions allowed by law.

9. Security

We use industry-standard measures to protect your information, including encryption in transit (TLS), encrypted storage, role-based access control, audit logging, regular dependency and security review, and limits on internal access on a need-to-know basis. No system can be perfectly secure — if you suspect unauthorized access to your account or to the Service, contact us immediately at security@nasmade.com.

10. Children

The Service is not directed to anyone under the age of 18 and we do not knowingly collect information from minors. If you believe we have inadvertently collected information from a minor, contact us and we will delete it.

11. Cookies and similar technologies

We use a small number of cookies and similar technologies to operate the Service:

  • Strictly necessary. Required for the Platform to function — for authentication, session continuity, security, and load balancing. These cannot be turned off without breaking sign-in and core features.
  • Preferences. Remember your theme (light or dark), language, and similar settings so the experience stays consistent across visits.
  • Analytics (anonymous and aggregated). Help us understand how the Service is used so we can improve it. Where required by law, we will request your consent before placing analytics cookies.

You can manage cookies in your browser settings. Disabling strictly-necessary cookies will break sign-in and core functionality. A consent banner offering granular control over non-essential cookies will be available in a future update.

12. Third-party services and links

The Service integrates with third-party services such as Google and Apple sign-in. When you use these, the third party's privacy policy applies in addition to ours. The Service may also link to external sites that we don't operate or control — we're not responsible for the privacy practices of those sites.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-product notice before they take effect.

14. Contact

Privacy questions can be sent to privacy@nasmade.com. For terms questions, see our Terms of Service.