Privacy Policy — Personal Data Protection (PDPL)

The data controller responsible for your personal data is ARISE (إفاقة), [legal entity name], Commercial Registration No. [CR number], registered address: [registered address], Kingdom of Saudi Arabia.

Contact for privacy matters / Data Protection Officer: privacy@arise.sa.

Account data: name, email address, phone number, and authentication identifiers.

Billing data: subscription/plan, transaction records, and payment metadata. Card details are processed directly by our payment processor (Moyasar) and are not stored on our servers.

Usage data: prompts, agent runs, files you upload, logs, device and browser information, and IP address.

Communications: support requests and correspondence.

We process personal data to: provide and operate the service; authenticate you; process payments and manage subscriptions; provide support; ensure security and prevent abuse; comply with legal obligations; and improve the service.

Our legal bases under the PDPL include: your consent; performance of a contract with you; compliance with a legal obligation; and our legitimate interests, where these do not override your rights.

Subject to the PDPL and its Implementing Regulations, you have the right to: be informed of the legal basis and purpose of collection; access your personal data; request a copy of your personal data in a readable format; request correction of inaccurate data; and request destruction of your personal data when it is no longer needed.

You may also withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any right, contact privacy@arise.sa. We will respond within the period required by the PDPL.

We retain personal data only for as long as necessary to fulfil the purposes described above, or as required by applicable law (for example, financial and tax record-keeping). When no longer needed, data is securely destroyed or anonymised.

We may share personal data with service providers acting on our behalf (for example, cloud hosting, the Moyasar payment gateway, and analytics), bound by confidentiality and data-protection obligations, and with competent authorities where required by law.

Where personal data is transferred or processed outside the Kingdom of Saudi Arabia, we do so only in accordance with the PDPL and the regulations on transferring personal data outside the Kingdom, applying appropriate safeguards. We aim to host Saudi customer data within the Kingdom or an approved jurisdiction.

We apply administrative, technical, and physical safeguards appropriate to the sensitivity of the data, including encryption in transit, access controls, and monitoring. No method of transmission or storage is completely secure.

We use strictly necessary cookies to operate the service and, with your consent, optional cookies for analytics. You can control non-essential cookies through your browser and our cookie controls.

The service is not directed to children. We do not knowingly collect personal data from children without the consent of a guardian as required by the PDPL.

If you believe your personal data has been handled in violation of the PDPL, you may contact us at privacy@arise.sa, and you have the right to lodge a complaint with the competent supervisory authority (SDAIA) in the Kingdom of Saudi Arabia.

We may update this Policy. Material changes will be notified through the service or by email. The "last updated" date reflects the latest revision.