Privacy Policy

Effective 22 June 2026

This policy explains how Bawadir collects, uses, and protects your personal data, in line with the Saudi Personal Data Protection Law (Royal Decree No. M/19) and its regulations.

1. Who controls your data

The data controller is Bawadir. For any privacy request or question, contact hello@bawadir.io.

2. What we collect

Your email address; your preferences (language, and the regulators you choose to follow); and account and usage data (sign-in events, and basic technical logs needed to run and secure the Service). We do not collect or store your full payment-card details — card payments are handled directly by our payment processor, Stripe.

3. Why we use it, and our legal basis

To provide your account and deliver the digest (basis: performance of our contract with you); to send the email digest and service messages (basis: your consent — withdraw any time via the unsubscribe link or settings); to secure, maintain, and improve the Service (basis: our legitimate interests); and to take payment for paid tiers (basis: performance of our contract and compliance with law).

4. Who we share it with

We share the minimum necessary with service providers who process data on our behalf: Stripe (payment processing), Resend (sending emails — confirmation, sign-in codes, the digest), and Cloudflare (hosting and security). We do not sell your personal data.

5. Transfer outside the Kingdom

Some of these providers store or process data outside Saudi Arabia (for example, our hosting is in the European region). Where we transfer personal data outside the Kingdom, we do so under the conditions of the Personal Data Protection Law and its transfer regulation, and rely on appropriate safeguards (such as data-processing agreements / standard contractual clauses) with each provider.

6. How long we keep it

We keep your data for as long as your account is active, and afterwards only as long as needed for the purposes above or as required by law. When no longer needed, it is securely deleted.

7. Security

We use reasonable technical and organizational measures to protect your data, including encrypted connections and access controls. No method is perfectly secure, but we work to protect your information and will notify you and the competent authority of a breach as required by law.

8. Your rights

Under the Personal Data Protection Law you have the right to: be informed of how your data is used; access your data and obtain a copy; request correction, update, or completion; request deletion; and withdraw your consent at any time. To exercise any right, contact hello@bawadir.io; we respond within 30 days.

9. Cookies

We use only essential cookies — a sign-in session cookie and a setting that remembers your theme. We use Cloudflare Turnstile to prevent abuse on our forms. We do not use advertising or cross-site tracking cookies.

10. Children

The Service is intended for professionals and is not directed to anyone under 18.

11. Complaints

If you have a concern, contact us first at hello@bawadir.io. You also have the right to lodge a complaint with the Saudi Data & Artificial Intelligence Authority (SDAIA), the competent authority for personal data protection.

12. Changes

We may update this policy; material changes will be notified by email or on the Service.