سياسة الخصوصية

1. Introduction

خصوصيتك مهمة لنا. تشرح سياسة الخصوصية هذه كيف نجمع وننظم ونحمي معلوماتك الشخصية. SARP takes data protection and privacy seriously. This Privacy Policy explains how we collect, use, protect, and disclose information from licensed Saudi real estate agencies and their authorized users.

2. Data We Collect

We collect information provided by your agency:

• Agency information (legal name, REGA license, registration details)
• User credentials (names, emails, roles within your agency)
• Client request data (buy/sell/rent requests and associated details)
• Property listings and descriptions
• Document vault records and compliance files
• Platform usage logs and activity records

3. Tenant Data Isolation

Each licensed agency's data is stored in a completely isolated database and is not accessible to any other agency. SARP maintains administrative access for technical support, platform security, and regulatory compliance only. Your agency retains full ownership of all data within your tenant.

4. How We Use Your Information

SARP uses your data to:

• Operate your private tenant workspace and sub-domain
• Enable request pipeline management and smart matching
• Support follow-up CRM and reporting features
• Maintain secure document vault and regulatory compliance records
• Provide customer support and onboarding assistance
• Improve platform performance and security
• Comply with Saudi regulatory and legal requirements

5. Data Sharing & Third Parties

SARP does not share your tenant data with other agencies or external parties except:

• With your authorized users (managers, agents, staff) within your agency
• With infrastructure providers necessary for platform operations (under strict data protection agreements)
• When required by Saudi law or regulatory authority
• To enforce our Terms of Service or protect our legal rights

6. Data Security

SARP implements industry-standard encryption, secure authentication, access controls, and monitoring to protect your data from unauthorized access, theft, or loss. We maintain secure servers and regular security audits. However, no system is completely immune to attack; you acknowledge that transmission over the internet carries inherent risks.

7. Data Retention

Your agency's data is retained during the active subscription period. Upon subscription cancellation or termination, you may request data export within 30 days. After 30 days, data may be permanently deleted at SARP's discretion unless required to be retained by law.

8. Your Rights & Controls

Your agency has the right to:

• Access all data stored in your tenant workspace
• Export or download your data in standard formats
• Correct or update information about your agency
• Request deletion of specific records (where not prohibited by Saudi law)
• Manage user access controls and permissions within your workspace

9. Saudi Data Residency

All SARP production infrastructure is hosted in the Kingdom of Saudi Arabia (Google Cloud me-central1, Dammam region). Your agency's data — including customer requests, property listings, contracts, and uploaded documents — does not leave the Kingdom. The only exceptions are (a) email delivery (transactional messages pass through our delivery provider) and (b) payment processing (handled by Moyasar, a Saudi-licensed payment gateway). We do not use any third-party analytics or advertising tools that egress data outside Saudi Arabia.

10. Your Rights Under PDPL

The Saudi Personal Data Protection Law (PDPL) grants you specific rights over your personal data:

• Right to be informed — what we collect and why (this policy).
• Right of access — obtain a copy of your data (see "Download my data" in Dashboard → Settings → Privacy).
• Right of rectification — update inaccurate data (editable in your profile settings).
• Right to erasure — request deletion of your account or organization (Dashboard → Settings → Privacy).
• Right to withdraw consent — opt out of marketing communications at any time.
• Right to object — object to specific processing activities by contacting privacy@sarp-sa.net.

We will respond to all data subject requests within 30 days. If we cannot fulfill a request (e.g. because ZATCA requires tax invoices to be retained for 6 years), we will tell you why and what data will be preserved under legal hold.

11. Data Protection Officer

To exercise your PDPL rights, report a data breach concern, or ask any question about how we handle your personal data, contact our privacy team at privacy@sarp-sa.net. We aim to acknowledge every request within 3 business days and resolve it within 30 days.

12. Supervisory Authority

You have the right to lodge a complaint with the Saudi Data & AI Authority (SDAIA), which supervises PDPL compliance in the Kingdom. SDAIA's contact details are available at sdaia.gov.sa.

13. Changes to This Policy

SARP may update this Privacy Policy at any time. We will notify you of material changes via email at least 30 days in advance. Continued use of the platform constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or your data, contact: