Privacy Policy
Toujan L.L.C-FZ
Effective Date: March 2026
Last Updated: March 31, 2026
Company Information
| Legal Name | Toujan L.L.C-FZ |
| License Number | 2527856.01 |
| Foundation Number | 2527856 |
| Address | Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E. |
| Website | toujan.com |
| Product | my-auto.co |
| Privacy Contact | hello@toujan.com |
1. Introduction
This Privacy Policy explains how Toujan L.L.C-FZ ("Toujan," "Company," "we," "our," or "us") collects, uses, stores, shares, and protects information when you use our products and services.
| My-Auto Dealerships | Dealer management platform (CRM, inventory, website) |
| My-Auto Marketplace (Coming Soon) | Consumer automotive marketplace |
| Dealer Websites | Auto-generated websites (*.my-auto.co) |
2. Information We Collect
2.1 Information You Provide
Account Information:
- Name, email address, phone number
- Business name and trade license details (for dealers)
- Billing and payment information
- Profile photos and preferences
Content You Create:
- Vehicle listings (photos, specifications, pricing)
- Messages and communications
- Reviews and ratings
- Service requests and inquiries
2.2 Information Collected Automatically
- Device information (type, operating system, unique identifiers)
- IP address and location data
- Browser type and settings
- Usage data (pages visited, features used, time spent)
- Cookies and similar tracking technologies
2.3 Information from Third Parties
- Social media profile information (Facebook, Instagram, TikTok)
- WhatsApp Business account information
- Payment processor transaction data
3. How We Use Your Information
3.1 To Provide Our Services
- Operating and maintaining your account
- Processing transactions and payments
- Providing customer support
- Delivering notifications and updates
3.2 To Improve Our Services
- Analyzing usage patterns
- Developing new features
- Conducting research and analytics
- Ensuring platform security
3.3 To Communicate With You
- Service announcements and updates
- Marketing communications (with your consent)
- Responding to your inquiries
- Legal and administrative notices
4. Platform Integrations
Our services integrate with third-party platforms to provide enhanced functionality. When you enable these integrations, data is shared as described below.
4.1 Facebook
Our platform integrates with Meta's Graph API to enable dealers to post vehicle inventory to their Facebook Page and list vehicles on Facebook Marketplace.
Facebook Permissions Used:
| Permission | Purpose |
|---|---|
| pages_manage_posts | Publish vehicle photos and videos to your Facebook Page |
| pages_read_engagement | Read page information and post engagement metrics |
| catalog_management | Manage vehicle listings on Facebook Marketplace |
Data Shared:
- Your Facebook Page name and ID
- Vehicle photos, videos, and listing details you choose to post
- Marketplace catalog data (vehicle specs, pricing, photos)
Your Control:
- Connect or disconnect at any time from the Integrations settings
- Choose which vehicles to post — nothing is posted automatically
- Upon disconnection, access tokens are revoked and posting ceases
- Content already posted on Facebook remains on Facebook and is governed by Meta's policies
4.2 Instagram
Instagram integration is linked through your Facebook Page. It uses the Instagram Content Publishing API to post vehicle photos, carousels, and videos to your Instagram Business account.
Instagram Permissions Used:
| Permission | Purpose |
|---|---|
| instagram_basic | Read your Instagram Business account profile and username |
| instagram_content_publish | Publish vehicle photos, carousels, and videos to your Instagram profile |
Your Control:
- Requires Facebook to be connected first (Instagram Business accounts are managed through Facebook Pages)
- Connect or disconnect at any time independently from Facebook
- Choose which vehicles to post — nothing is posted automatically
4.3 WhatsApp Business API
Our platform integrates with the WhatsApp Cloud API (via Meta Business) to provide a unified messaging inbox for dealerships to communicate with customers.
Data Shared:
- Your business phone number and profile
- Customer phone numbers (only those who initiate contact or opt-in)
- Message content (text, images, documents) sent and received
- Message delivery and read status
- Message templates submitted for Meta approval
Data NOT Shared:
- ✕Message content is not used for advertising
- ✕Customer data is not shared with other dealers
- ✕Conversations are not sold to third parties
Your Control:
- Customers must initiate contact or opt-in before you can message them
- Customers can opt-out at any time by replying "STOP"
- Message history is retained in your CRM per our retention policy (2 years)
- Upon disconnection, webhook delivery stops and no further messages are sent
4.4 TikTok for Business
Our platform integrates with TikTok's Content Posting API to enable dealers to publish vehicle photos and videos directly to their TikTok accounts.
TikTok API Scopes Used:
| Scope | Purpose |
|---|---|
| user.info.basic | Retrieve your TikTok display name and avatar to show your connected account in the CRM |
| video.publish | Publish vehicle photos and videos directly to your TikTok profile on your behalf |
| video.upload | Included as part of the Content Posting API product; enables the upload pipeline used by the publish flow |
Data Shared with TikTok:
- Your TikTok account identifier (open ID)
- Vehicle photos and videos you choose to post
- Post captions and titles composed in the CRM
Data NOT Shared with TikTok:
- ✕Customer personal information or leads
- ✕Vehicle pricing or financial data
- ✕Internal CRM data or analytics
- ✕Other platform integration data (WhatsApp, Meta)
Your Control:
- Connect or disconnect TikTok at any time from the Integrations settings page in the CRM
- Choose which vehicles and content to post — nothing is posted automatically
- Upon disconnection, your TikTok access tokens are revoked and all posting activity ceases immediately
- Post history is retained in your CRM account for your records but no further data is sent to TikTok
Data Retention for TikTok:
- Access and refresh tokens: stored encrypted (AES-256) while connected; deleted upon disconnection
- Post history (publish IDs, timestamps): retained for your business records
- Content posted to TikTok is governed by TikTok's data retention policies
4.5 Payment Processors
Data Shared: Billing contact info, payment card details (not stored by us), transaction history
5. Data Protection & Security
5.1 Our Commitments
WE DO NOT AND WILL NEVER:
- ✕Sell your personal data to third parties
- ✕Share customer leads with competitors
- ✕Use your data for unauthorized purposes
- ✕Access your data without legitimate purpose
5.2 Security Measures
- Encryption: TLS/SSL for data in transit, AES-256 for data at rest
- Access Control: Role-based permissions, multi-factor authentication
- Infrastructure: Secure cloud hosting with redundancy
- Monitoring: 24/7 security monitoring and threat detection
- Audits: Regular security assessments and penetration testing
5.3 Data Isolation
- Each dealer's data is logically separated
- No cross-dealer data access is possible
- Customer data belongs only to the collecting dealer
6. Data Sharing & Disclosure
6.1 We Share Data With
| Service Providers | Cloud hosting, analytics, support |
| Payment Processors | Billing and payment information |
| Platform Partners | Integrations (Meta, WhatsApp, TikTok) |
| Legal Authorities | When required by law |
6.2 We Do NOT Share Data With
- ✕Advertising networks (for profiling)
- ✕Data brokers
- ✕Competitors
- ✕Unauthorized third parties
7. Your Rights
| Access | Request a copy of your data |
| Correction | Update inaccurate information |
| Deletion | Request data deletion |
| Export | Download your data in portable format |
| Objection | Object to certain processing |
| Withdraw Consent | Revoke previously given consent |
| Disconnect Integrations | Remove third-party connections |
To exercise your rights: Contact hello@toujan.com. We will respond within 30 days.
8. Data Retention
| Account data | Duration of account + 30 days |
| Transaction records | 7 years (legal requirement) |
| Messages | 2 years or until deletion request |
| Usage logs | 1 year |
| Marketing preferences | Until withdrawn |
9. Cookies & Tracking
| Essential | Authentication, security — Cannot disable |
| Functional | Preferences, settings — Can disable |
| Analytics | Usage statistics — Can disable |
We do not use third-party advertising or tracking cookies for profiling purposes.
10. International Data Transfers
- Adequate protection through contracts and security measures
- Compliance with UAE data protection requirements
- Equivalent security standards maintained globally
11. Children's Privacy
Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided data, contact us for deletion.
12. Legal Compliance
- UAE Federal Decree-Law No. 45 of 2021 (Personal Data Protection Law)
- DIFC Data Protection Law
- UAE Telecommunications Regulatory Authority guidelines
- Meta Platform Terms and Data Policy
- WhatsApp Business Policy
- TikTok for Business Terms
13. Changes to This Policy
- Email notification
- In-app notification
- Updated "Last Updated" date
14. Contact Us
Toujan L.L.C-FZ
Email: hello@toujan.com
Phone: +971 54 888 0443
Address: Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E.
We will respond to all inquiries within 30 days.
Summary
This Privacy Policy is provided in both English and Arabic. In case of any discrepancy, the English version shall prevail.
Toujan L.L.C-FZ | License: 2527856.01 | Foundation: 2527856
© 2026 Toujan. All Rights Reserved.