دDar Bladi

Trust & safety

How we protect families, travelers & data

This page is maintained by the Dar Bladi team to answer common security and privacy questions about the platform. It describes the controls that are currently in place — it is editable project content, not an independent certification or audit report.

Accounts & authentication

Sign-in is powered by our backend authentication provider. Accounts are protected by email and password, with optional Google sign-in. Passwords are never stored by Dar Bladi; only a secure hash managed by the auth provider is kept.

Each account is assigned a role (traveler or host). Role-based access is enforced on the server — clients cannot grant themselves elevated permissions.

Data we collect

For travelers: name or display name, email, and the trips you browse or book. For hosts: the above, plus the listing details you choose to publish (family story, village, languages, photos, pricing).

We do not sell personal data. We do not run third-party advertising or behavioural tracking on the site.

How data is stored & access controlled

Application data is stored in a managed Postgres database with row-level security policies. Each row is scoped so that:

  • Hosts can read and edit only their own listings.
  • Travelers can read listings that are approved for publication.
  • Profile data is editable only by the account that owns it.
  • Privileged role checks live in a non-public database schema and are not callable through the public API.

Subprocessors & integrations

Dar Bladi relies on a small number of vendors to operate the service: a managed backend (database, auth, storage), the Lovable hosting platform for the web app, and MapTiler for the 3D map tiles on the Explore page. Each receives only the data needed to perform its function.

Cookies & analytics

We use first-party cookies and local storage only for keeping you signed in and remembering your session. We do not deploy cross-site advertising trackers.

Retention & deletion

Account data is retained while your account is active. If you want your account or a published listing removed, contact us and we will action the request.

Reporting a security issue

If you believe you have found a vulnerability, please contact the Dar Bladi team through the address listed in your account or via the host/traveler help links in the footer. Please do not publicly disclose the issue before we have had a chance to investigate.

Shared responsibility

Dar Bladi is responsible for the application code, the access policies described above, and the configuration of our backend and hosting providers. Travelers and hosts are responsible for keeping their account credentials confidential and for the accuracy of information they publish on the platform.

← Back to home