How we handle your data
This page is maintained by Gearlist.ae to answer common security and privacy questions about our rental booking site. It describes the controls we have in place today; it is not an independent audit or certification.
Browsing the catalog is anonymous. When you click "Request" on a rig, you are sent to WhatsApp with a pre-filled message; from that point the conversation is between you and our team on WhatsApp.
Our admin console requires a sign-in (email or Google). Only authorized staff have admin accounts.
Our backend is hosted on Lovable Cloud (powered by Supabase) in managed, encrypted infrastructure. Connections to the site and to our backend are encrypted in transit (TLS). Rig content, pricing, and uploaded images are stored in our managed database and private storage bucket.
Public rig listings are readable by anyone. Editing rigs, pricing, availability, and images is restricted to admin accounts and enforced server-side by row-level security rules — not just by the UI.
Image uploads are written to a private storage bucket and served through short-lived signed URLs.
We use WhatsApp (Meta) to receive rental requests. Sending a request opens WhatsApp on your device; their privacy policy applies to that conversation. We do not run third-party advertising or analytics trackers on this site at this time.
We keep operational data (rig records, bookings, admin accounts) for as long as needed to run the rental service. To request deletion of personal data we hold about you, contact us using the details below.
If you believe you've found a security vulnerability, please contact us privately before disclosing it publicly. WhatsApp: +971 58 590 5128.
We update this page as our practices change. Please check back occasionally for the latest version.