Emtithal+ — Saudi Sovereign Compliance Intelligence Platform

Last updated: April 14, 2026 · Effective date: April 14, 2026

1. Introduction

Emtithal+ ('we', 'our', 'us') is a Saudi-based compliance intelligence platform. We are committed to protecting your personal data in accordance with the Saudi Personal Data Protection Law (PDPL), Royal Decree M/19, and its implementing regulations. This policy describes how we collect, use, store, and protect your information.

2. Data Controller

Emtithal+ operates as the data controller for all personal data processed through the platform. Our data processing activities are conducted within the Kingdom of Saudi Arabia in compliance with SDAIA guidelines.

3. Data We Collect

We collect: (a) Account data — name, email, organization, role; (b) Usage data — pages visited, features used, session duration; (c) Document data — files you upload for compliance analysis; (d) Device data — browser type, IP address, device identifiers. We do not collect sensitive personal data unless explicitly required for compliance analysis and consented to.

4. How We Use Your Data

Your data is used to: provide compliance analysis and monitoring services; generate audit reports; improve platform accuracy and performance; communicate service updates; and fulfill legal and regulatory obligations under Saudi law.

5. Data Storage & Security

All data is hosted within Saudi Arabia on NCA-aligned infrastructure. We employ AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, and continuous security monitoring. Our architecture supports air-gapped deployment for government entities.

6. Data Sharing

We do not sell personal data. Data may be shared with: authorized personnel within your organization; regulatory authorities when legally required; and vetted sub-processors bound by equivalent data protection agreements. Cross-border transfers require explicit consent and adequate safeguards per PDPL Article 29.

7. Data Retention

Personal data is retained only as long as necessary for the purposes described in this policy or as required by Saudi regulations. Compliance audit records are retained per applicable regulatory retention schedules. You may request deletion of your data subject to legal retention requirements.

8. Your Rights

Under the PDPL, you have the right to: access your personal data; correct inaccurate data; request deletion of your data; withdraw consent for processing; obtain a copy of your data in a portable format; and lodge a complaint with the competent authority.

9. Cookies & Analytics

We use essential cookies for authentication and session management. Optional analytics cookies help us understand usage patterns. You can manage cookie preferences through the consent banner displayed on first visit. See our Cookie Consent settings for granular control.

10. Changes to This Policy

We may update this policy to reflect changes in our practices or applicable law. Material changes will be communicated via email or in-platform notification at least 30 days before taking effect.

11. Contact

For questions about this policy or to exercise your data rights, contact our Data Protection Officer at privacy@emtithal.com or through the platform's support channel.