← Back

Privacy Policy

Last Updated: 28 Jan 2026

Thing Company ("Thing Company", "we", "us", or "our") is a digital platform operated by Thing W.L.L, Commercial Registration No. 196454-1, headquartered in Seef, Kingdom of Bahrain.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you use the Thing Company platform and related services (collectively, the "Platform"). This policy is issued in accordance with Bahrain's Personal Data Protection Law (Law No. 30 of 2018) ("PDPL").

By accessing or using Thing Company, you acknowledge that you have read and understood this Privacy Policy.

1. Scope of Application

This Privacy Policy applies to:

  • Users who browse, register, or transact on Thing Company
  • Buyers and sellers using the Platform
  • Visitors to Thing Company's landing website

Thing Company is intended for users of all ages. Where legally required, consent is obtained from a parent or legal guardian.

2. Data Controller

For the purposes of the PDPL, the data controller is:

Thing W.L.L
CR No.: 196454-1
Address: Seef, Kingdom of Bahrain
Email: hello@thing.bh

Thing Company does not currently appoint a formal Data Protection Officer. All data protection matters are handled internally.

3. Personal Data We Collect

We collect only data that is operationally necessary to deliver our services.

3.1 Data You Provide Directly

  • Full name
  • Email address
  • Phone number
  • Profile information
  • Listings content (photos, descriptions)
  • Messages exchanged via in-app chat
  • Delivery location data for orders
  • Payment-related confirmations (excluding full card details)

3.2 Identity & Verification Data (Conditional)

Where required for compliance, fraud prevention, or verification, we may collect:

  • CPR information
  • Commercial registration documents
  • Business ownership details

3.3 Transactional Data

  • Order history
  • Payment status
  • Refunds and escrow-related records

3.4 Technical & Usage Data

  • Device identifiers
  • IP address
  • App usage analytics and event data

4. Purpose of Processing

We process personal data to:

  • Create and manage user accounts
  • Enable platform transactions
  • Facilitate payments and escrow services
  • Enable communication between parties
  • Deliver orders and location-based services
  • Prevent fraud and misuse
  • Improve Platform performance and user experience
  • Comply with legal and regulatory obligations
  • Send transactional and marketing communications (where permitted)

Processing is conducted on lawful bases including user consent, contractual necessity, and legitimate business interests.

5. Payments & Escrow

Online payments are processed via Tap Payments, a third-party payment service provider. Thing Company does not store full payment card details.

Thing Company may temporarily hold funds in escrow until orders are confirmed as delivered, in accordance with Platform rules.

6. Third-Party Service Providers

We work with vetted third parties strictly on a need-to-know basis, including:

  • Tap Payments – payment processing
  • PostHog – analytics and product insights
  • Amazon Web Services (AWS) – cloud infrastructure (Bahrain region)
  • Vercel – website hosting

All third parties are contractually bound to process data in accordance with applicable data protection laws.

7. Data Storage & Localization

  • Personal data is hosted primarily on AWS infrastructure located in Bahrain
  • We do not intentionally transfer personal data outside the Kingdom of Bahrain
  • Data is retained only for as long as required for operational, legal, or regulatory purposes

8. User Rights

Subject to applicable law, users have the right to:

  • Access their personal data
  • Correct inaccurate or outdated data
  • Withdraw consent where processing is based on consent

Requests related to personal data may be submitted to hello@thing.bh.

9. Marketing Communications

Thing Company may send marketing emails or messages related to offers, features, or updates. Users may opt out at any time via provided unsubscribe mechanisms or by contacting us directly. Transactional communications are mandatory and cannot be opted out of.

10. Data Security

We implement commercially reasonable administrative, technical, and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. No system is completely secure. Users acknowledge and accept residual risks inherent in digital platforms.

11. Children's Privacy

Thing Company is accessible to users of all ages. Where required by law, consent must be obtained from a parent or legal guardian before collecting personal data from minors.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. Material changes will be communicated through the Platform. Continued use of Thing Company constitutes acceptance of the updated policy.

13. Contact Us

Email: hello@thing.bh
Entity: Thing W.L.L
Location: Kingdom of Bahrain

© 2026 Thing Company. All rights reserved.