Privacy Policy

Welcome to OutSME (outsme.com), an expert consulting SaaS platform operated from the State of Qatar. OutSME provides professionals, consultants, and subject-matter experts with the tools to build, manage, and grow their consulting practices online — including profile management, appointment scheduling, integrated video sessions, invoicing, and client relationship management.

This Privacy Policy explains how OutSME ("we", "us", or "our") collects, uses, stores, shares, and protects your personal information when you use our platform, whether as an expert offering consulting services or as a client booking and attending sessions. By creating an account or using our services, you acknowledge that you have read and understood this Privacy Policy.

This policy was last updated in February 2026. We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or by posting a prominent notice on our platform prior to the changes taking effect.

We collect information that you provide directly, information generated through your use of the platform, and information received from third-party services integrated with OutSME.

Personal Information

When you register for an account or update your profile, we may collect:

• Identity information: Full name, email address, phone number, profile photograph, and professional title.
• Professional information: Areas of expertise, industry, credentials, certifications, biography, years of experience, and education history.
• Account information: Username, password (hashed and never stored in plain text), account role (expert or client), and subscription plan details.
• Payment information: Billing address and transaction records. Payment card details are processed securely by our payment provider Noqoody and are never stored on our servers.
• Identity verification data: Information shared through the KYCPort identity verification process, including government-issued identification documents when required for expert verification.

Usage Data

We automatically collect information about how you interact with our platform, including:

• Activity logs: Pages visited, features used, searches performed, services browsed, and booking actions taken.
• Device information: Browser type and version, operating system, screen resolution, device type, and language preferences.
• Network information: IP address, approximate geographic location derived from IP, and internet service provider.
• Referral data: How you arrived at our platform (e.g., search engine, social media link, direct visit).

Session Data

When you participate in video consulting sessions through our platform, we may collect:

• Session metadata: Date, time, duration, and participants of each consulting session.
• Connection quality data: Technical performance metrics to ensure session quality and troubleshoot issues.
• Session status: Whether sessions were completed, cancelled, rescheduled, or marked as no-shows.

Important: OutSME does not record the audio or video content of consulting sessions. The content of your conversations remains private between the expert and the client.

We use the information we collect for the following purposes:

We also use your information to personalize your experience, such as recommending relevant experts based on your industry interests, and to generate aggregated, anonymized analytics that help us understand how the platform is used overall. We will never sell your personal data to third parties for their marketing purposes.

Through the KYCPort integration, the following processes occur:

• Authentication: KYCPort verifies your identity and credentials. OutSME does not handle or store your KYCPort login password. Authentication tokens are exchanged securely using OAuth2 authorization code flow.
• Token security: OAuth2 access tokens and refresh tokens received from KYCPort are encrypted at rest on our servers using Fernet symmetric encryption. Tokens are never stored in plain text and are automatically refreshed or revoked as needed.
• Profile synchronization: With your consent, basic profile information (such as your name, email address, and verified identity status) is shared from KYCPort to OutSME to pre-populate your account and confirm your identity.
• Identity verification: For experts, KYCPort may perform enhanced identity verification (Know Your Customer) to ensure that professionals on the platform are who they claim to be. This verification status is shared with OutSME, but the underlying verification documents (such as passport or ID copies) are retained by KYCPort under their own privacy policy.
• Token revocation: When you log out of OutSME or deactivate your account, we revoke the associated OAuth2 tokens with KYCPort. You can also independently manage your KYCPort authorizations from your KYCPort account settings.

KYCPort operates under its own privacy policy. We encourage you to review KYCPort's Privacy Policy to understand how they handle your information.

We do not sell, rent, or trade your personal information to third parties. We share information only in the following circumstances:

• Between experts and clients: When a client books a session with an expert, necessary contact and booking information is shared between both parties to facilitate the consultation. Expert profiles, including name, photo, expertise areas, credentials, and ratings, are publicly visible on the platform directory.
• Payment processing: We share transaction data with our payment provider, Noqoody, to process payments for consulting sessions and subscriptions. Noqoody handles payment information in accordance with PCI-DSS standards and their own privacy policy.
• Identity verification: We exchange authentication and verification data with KYCPort as described in Section 4 above.
• Infrastructure providers: We use cloud hosting, email delivery, and content delivery network services to operate our platform. These providers process data on our behalf under strict data processing agreements and only to the extent necessary to provide their services.
• Legal requirements: We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a lawful government request.
• Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

We retain your personal information for as long as your account is active or as needed to provide you with our services. Specific retention periods apply to different categories of data:

• Account data: Retained for the lifetime of your account and for up to 12 months after account deletion to allow for reactivation and to resolve any pending disputes or obligations.
• Session records: Appointment metadata (date, time, duration, participants) is retained for 36 months after the session date for dispute resolution, invoicing accuracy, and platform analytics.
• Payment records: Transaction records are retained for a minimum of 7 years to comply with financial regulations and tax reporting requirements in the State of Qatar.
• Usage logs: Anonymized usage analytics are retained indefinitely for product improvement purposes. Identifiable usage logs (such as IP addresses) are retained for up to 12 months and then anonymized or deleted.
• Authentication tokens: OAuth2 tokens are retained only while your session is active and are securely deleted or revoked upon logout or expiration.

When you request account deletion, we will remove or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes as described above.

OutSME uses cookies and similar technologies to provide a smooth, personalized experience. We use the following types of cookies:

OutSME does not use third-party advertising cookies or tracking pixels. We do not serve ads on our platform, and we do not share cookie data with advertising networks. We also store your theme preference in your browser's localStorage as a fallback to prevent visual flickering when the page loads.

You can manage or delete cookies through your browser settings. Please note that disabling essential cookies (such as session_id) will prevent you from logging in or using authenticated features of the platform.

You have the following rights regarding your personal information. You can exercise these rights at any time by contacting us or through your account settings:

Additionally, you have the right to object to or restrict certain types of processing, and the right to withdraw consent where processing is based on consent. Exercising any of these rights will not result in discrimination or degradation of service. To make a request, please email us at [email protected] with the subject line "Privacy Rights Request."

OutSME is operated from the State of Qatar, and your data is primarily processed and stored on servers located in the Middle East region. However, as a global platform serving experts and clients worldwide, your information may be transferred to and processed in countries other than your country of residence.

These transfers may occur in the following circumstances:

• Cloud infrastructure: Our hosting providers may process or replicate data across multiple geographic regions for performance, redundancy, and disaster recovery purposes.
• Third-party services: Service providers such as KYCPort (identity verification) and Noqoody (payment processing) may process data in their respective operating jurisdictions.
• Cross-border consultations: When an expert and client are located in different countries, relevant booking and session information is accessible to both parties in their respective locations.

Where personal data is transferred internationally, we ensure that appropriate safeguards are in place, including data processing agreements with our service providers that incorporate standard contractual clauses and require at minimum the same level of data protection as described in this policy. We comply with the data protection laws of the State of Qatar, and we take reasonable steps to honor the privacy rights of users in jurisdictions with comprehensive data protection legislation, including the GDPR (European Union) and similar frameworks.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

For privacy-related requests, please include "Privacy" in your email subject line so we can route your inquiry to the appropriate team. We aim to respond to all privacy-related inquiries within 5 business days and to fulfill data access or deletion requests within 30 days.