Homa is Saudi Arabia's leading vacation rental platform connecting travelers with over 10,000 verified apartments, villas, and unique accommodations across the Kingdom. We offer instant booking confirmation, transparent pricing, and 24/7 customer support.

How do I book a stay on Homa?

Browse available properties, select your dates and number of guests, review the total price (no hidden fees), then complete the booking with secure payment options including Mada, Visa, Mastercard, and Apple Pay. You'll receive instant confirmation.

What types of accommodations are available?

Homa offers furnished apartments, luxury villas, traditional Saudi homes, beachfront properties, chalets, budget-friendly studios, family-sized homes, and pet-friendly accommodations across all major Saudi cities including Riyadh, Jeddah, Dammam, Abha, Taif, Khobar, and more.

How do I become a host on Homa?

Visit our 'Become a Host' page to list your property. The process takes 10 minutes: create an account, add property details and photos, set your pricing and availability. Our team reviews your listing within 24 hours and provides dedicated support throughout your hosting journey.

Is Homa safe and trustworthy?

Yes! All Homa properties are verified by our team. We check property ownership, conduct quality inspections, verify host identities, and monitor guest reviews. We also provide secure payment processing, 24/7 customer support, and booking protection.

What are Homa's cancellation policies?

Cancellation policies vary by property. Most hosts offer flexible, moderate, or strict policies. Full details are shown before booking. Many properties offer free cancellation up to 48 hours before check-in.

Privacy Policy

First: Introduction

The (Homa) platform is keen to protect the privacy of personal data for its users, and commits to collecting, processing, and retaining personal data according to the provisions of the Personal Data Protection Law issued in the Kingdom of Saudi Arabia, its Executive Regulations, and related laws, aiming to achieve the highest levels of security and transparency.

Second: Scope of the Policy's Application

This policy applies to all personal data collected, processed, stored, or shared through the Platform, whether related to:

Service Providers (Hosts).
Beneficiaries (Guests).
Platform Visitors.

Third: Personal Data Collected

The Platform may collect and process the following personal data, depending on the nature of the usage:

Personal Identification Data: Name, National ID or Residency (Iqama) number (when systematically required), Date of Birth.
Contact Data: Mobile phone number, Email.
Account and Reservation Data: Registration data, login information, reservation history, reviews, correspondence within the platform, details of properties/hospitality units alongside their addresses, descriptions, and photos.
Financial Data: Billing and payment data, bank card details, banking account information, billing records, and payment service details.
Technical Data: Internet Protocol (IP) address, device type, operating system, and browsing history within the platform.
Geographic Location Data: Upon the user enabling this feature – if applicable.

Fourth: Legal Basis for Processing Personal Data

Personal data is processed based on one of the following legal grounds, according to what is endorsed by the Personal Data Protection Law:

Explicit consent of the data owner.
Execution of a contractual obligation where the Platform is a party.
Compliance with a legal obligation imposed on the Platform.
Achieving a legitimate interest of the Platform, provided it does not conflict with the rights of the data owner.

Fifth: Data Collection Mechanism

Personal data is collected via:

The user entering their data during registration or booking.
Using the Platform and interacting with its services.

Sixth: Purposes of Data Collection and Processing

Personal data is utilized for the following purposes:

Creating and managing user accounts.
Executing booking processes and facilitating communication between the contracting parties.
Enhancing service quality and the user experience.
Complying with legal and regulatory commands.
Sending notifications, alerts, offers, and promotional/marketing materials – predicated on the user's consent.

It is noted that some services provided on the Platform are inherently linked to the processed data; therefore, delivering these services dictates agreeing to the processing of some of the user's personal data.

Seventh: Sharing Personal Data

Personal data is not shared with any third party except in the following cases:
- Upon obtaining explicit consent from the data owner.
- With service providers contracted with the Platform (e.g., payment gateways or hosting service providers), strictly to the extent required to provide the service.
- If the requesting party is a public entity, for purposes of public interest, security agendas, to implement another law, or to fulfill judicial requirements.
- If disclosing is necessary to safeguard public health/safety, or protect the life or health of a specific individual(s).
- If sharing is obligatory to achieve legitimate interests of the Platform, provided it does not disrupt the rights/interests of the data owner and does not involve sensitive data.
The Platform strictly implements protective measures ensuring data shielding upon sharing, conforming to system directives.

Eighth: Data Transfer Outside the Kingdom

Personal data is not transferred outside the Kingdom of Saudi Arabia except following stipulations authorized by the Personal Data Protection Law.
Whenever required naturally, transferring data occurs post-fulfillment of legal conditions, incorporating approval from designated authorities, or realizing ample data protection baselines.

Ninth: Data Storage and Protection

The Platform retains personal data inside or outside the Kingdom abiding by systemic controls officially authorized and mandated systemically.
The Platform enacts necessary organizational and technical measures shielding records avoiding unauthorized access, loss, damage, or breaches.

Tenth: Data Retention Period

The Platform retains personal data for the duration required to achieve the explicit purposes for which they were gathered (e.g., creating accounts, concluding bookings, communicating, enhancing services, systemic compliance, or sending promotional materials - under consent - or any legally grounded motif). Alternatively, for timelines mandated by related systems, eventually followed by secure destruction bypassing anomalies interfering with the Personal Data Protection Law and its Executive Regulations.

Eleventh: Rights of the Personal Data Owner

Proceeding observing the Personal Data Protection Law and its Regulations, the data owner exercises the ensuing rights:

The right to know about data collection, processing purposes, and the legal rationale driving it.
The right to access their personal data or acquire a copy thereof.
The right to demand correction, update, or completion spanning their data.
The right to request data destruction once collection purposes vanish unless valid legal retention mandates persist.
The right to restrict processing or object to it where the law approves.
The right to withdraw consent approving data processing dynamically, devoid of retroactively breaking prior legally grounded processes.
The right bridging complaints targeting specialized authorities encountering system breaches.

Twelfth: Consent and its Withdrawal

Consent is procured explicitly implementing distinct means preceding the collection and processing of data, whenever dynamically enforced by the system.
The data owner commands the privilege to withdraw consent at will, triggering parallel cessation covering actions structured uniquely upon that consent, excluding setups supported by alternative legal grounds powering continuity.

Thirteenth: Situations Enabling Processing Without Prior Consent:

When processing crafts verifiable benefits for the data owner yet reaching them is pragmatically complex or unachievable.
When navigating an overarching legal structure or concluding preliminary agreements binding the data owner exclusively.
When processing drives legitimate interests empowering the Platform barring intersections negatively hitting data owner rights/interests excluding sensitive arrays.

Fourteenth: Destroying Personal Data

The Platform pledges enacting safe, appropriate destruction mechanisms extinguishing personal records directly following intended purpose exhaustion, or upon the execution of a consent withdrawal by the user – when legally granted. Naturally, retaining arrays mandates prevailing legal directives stretching storage.

Data eradication rolls following definitive rules:

Extinction engulfs all physical or digital arrays comprehensively.
Utilizing technological tools structurally dismantling any retrieval or owner identification traits post-destruction.
The Platform maintains the liberty introducing anonymizing operations altering data effectively replacing actual obliteration wherever it realizes systemic requests fully.
Keeping verifiable destruction logs operates bindingly matching systemic mandates.
Destruction timelines steer clear restricting Platform privileges anchoring data preserving systemic rights or complying targeting judicial/official dictates continuously.

However, personal data is retained even after the purpose of its collection has ended in the following two cases:

A- If there is a legal justification requiring its retention for a specific period, in which case it is destroyed after the end of this period or the end of the purpose of its collection, whichever is longer.
B- If the personal data is closely related to a case pending before a judicial authority and its retention is required for this purpose, in which case it is destroyed after the completion of the judicial procedures related to the case.

Fifteenth: Notification of Data Breach

Should a breach, unauthorized entry, damage, or data spill emerge potentially harming the data owner, the Platform commits issuing notifications bridging specialized authorities parallel with the data owner fitting regulations alongside respective laws definitively.

Sixteenth: Personal Data Protection Officer

The Platform assigns a specialized Personal Data Protection Officer; contact runs via certified official arrays answering queries spanning data concerns universally.

Seventeenth: Modification of the Privacy Policy

The Platform possesses rights adapting policies dynamically; structural modifications trigger notifications directed structurally to users prior (one week). Operating services subsequent to those tweaks equals definitive endorsement inherently.

Eighteenth: Applicable Law

This policy is governed strictly interpreted observing the Laws of the Kingdom of Saudi Arabia.

Privacy Notice

The (Homa) platform is highly dedicated to safeguarding your personal data and compiling it complying firmly with the Personal Data Protection Law enforced in the Kingdom of Saudi Arabia. This notice distinctly shapes pathways identifying structural data compiling goals, utilization strategies, underlying purposes, alongside outlining natively integrated user rights concisely optimally.

Data We Collect

We may collect the following data upon your utilization of the Platform:

Personal Identification Data: Name, National ID or Residency (Iqama) number (when systemically required), Date of Birth.
Contact Data: Mobile phone number, Email.
Account and Reservation Data: Registration data, login information, reservation history, reviews, correspondence within the platform, details of properties/hospitality units alongside their addresses, descriptions, and photos.
Financial Data: Billing and payment data, bank card details, banking account information, billing records, and payment service details.
Technical Data: Internet Protocol (IP) address, device type, operating system, and browsing history within the platform.
Geographic Location Data: Upon the user enabling this feature – if applicable.

Purposes of Using Data

We use your data for the following purposes:

Creating and managing your account on the Platform.
Executing booking processes and facilitating communication between the contracting parties.
Enhancing Platform services and user experience.
Complying with legal and regulatory commands.
Sending notifications, alerts, offers, and promotional materials.

Legal Basis for Processing

Your data is processed based on:

Your explicit consent.
Execution of a contractual obligation where the Platform is a party.
Compliance with a legal obligation imposed on the Platform.
Achieving a legitimate interest of the Platform, provided it does not conflict with your rights.

Data Sharing

Your personal data is not shared except to the extent necessary to provide the service, or under a legal request from a competent authority, or after obtaining your consent, in the cases stipulated in Section Seven of the Privacy Policy.

Your Rights

Under the law, you have the right to:

Know about the collection of your personal data and the purposes of its processing.
Access your data and request a copy of it.
Request correction or update of your data.
Request destruction of your data when the purpose of its collection ends, unless there is a legal justification holding it.
Restrict or object to the processing of your data in cases determined by the law.
Withdraw your consent to processing whenever it is legally available, without prejudice to the previous legitimacy of the processing.
Submit a complaint to the competent authority.

Retention Period

We retain your data for the period necessary to achieve the purposes for which it was collected or as required by regulations, in accordance with what is stated in Section Ten of the Privacy Policy.

Communication

For inquiries or requests regarding your personal data, you can contact us through the official channels authorized on the Platform.

By using the Platform or registering in it, you acknowledge that you have read this Notice and agree to what is stated therein. For more details, please refer to the Privacy Policy adopted on the Platform.