Skip to content
Back to Home
Arshedni

Privacy Policy

Last updated: April 25, 2026

This Privacy Policy describes how Arshedni ("we," "us," "our," or "the Operator"), operated as a sole proprietorship by an independent Saudi professional authorised under a Saudi Freelance Work Document (‏وثيقة العمل الحر‏) issued by the Ministry of Human Resources and Social Development of the Kingdom of Saudi Arabia, collects, uses, stores, and protects your personal data when you use our platform and services (the "Service"). This policy is designed to comply with the Saudi Personal Data Protection Law (PDPL), Royal Decree M/19 dated 9/2/1443H, as amended, and its implementing regulations issued by the Saudi Data & Artificial Intelligence Authority (SDAIA).

By using the Service, you acknowledge that you have read and understood this Privacy Policy. Where we rely on your consent as a legal basis for processing, we will obtain your explicit consent before collecting or processing your personal data.

1. Data Controller

The data controller responsible for your personal data is:

  • Operator: Arshedni (independent Saudi professional, Freelance Work Document)
  • Location: Riyadh, Kingdom of Saudi Arabia
  • Contact: privacy@arshedni.com

2. Personal Data We Collect

2.1 Account Information

When you register, we collect:

  • Full name
  • Email address
  • Saudi mobile phone number (+966)
  • Hashed password (we never store plaintext passwords)
  • Google account information (if you sign in with Google): name, email, profile picture

2.2 Business Data

When you use the feasibility study service, we collect:

  • Your business idea description and details shared through the chat interface
  • Industry, location, budget, and other business parameters
  • Chat conversation history with our AI assistant

2.3 Generated Report Data

The Service generates and stores:

  • Feasibility study reports (English and Arabic versions)
  • PDF documents of your reports
  • Financial projections, market analysis, and other report sections

2.4 Technical Data

We automatically collect:

  • IP address and approximate location
  • Browser type and version
  • Device type and operating system
  • Pages visited, time spent, and interaction patterns
  • Error logs and performance data

3. How We Use Your Data

We process your personal data for the following purposes:

3.1 Service Delivery (Legal Basis: Contract Performance)

  • Creating and managing your account
  • Generating feasibility study reports
  • Processing payments
  • Sending transactional emails (account verification, password reset)
  • Providing customer support

3.2 Service Improvement (Legal Basis: Legitimate Interest)

  • Analyzing usage patterns to improve platform features
  • Monitoring and fixing technical errors
  • Measuring service performance and reliability

3.3 Security (Legal Basis: Legitimate Interest / Legal Obligation)

  • Preventing fraud, abuse, and unauthorized access
  • Enforcing our Terms of Service
  • Complying with Saudi regulatory requirements

4. AI Model Training & Data Usage

This section is critically important. Please read it carefully.

Arshedni uses artificial intelligence to generate feasibility reports. We are transparent about how your data interacts with AI systems:

4.1 Third-Party AI Processing

To generate your feasibility reports, your business idea and related data are processed by third-party AI service providers. The providers used depend on your selected service tier:

Standard Tier:

  • Google (Gemini) — headquartered in the United States
  • Anthropic (Claude) — headquartered in the United States
  • Perplexity AI (Sonar) — headquartered in the United States

Premium Tier (in addition to the above):

  • OpenAI (GPT-4o) — headquartered in the United States
  • xAI (Grok) — headquartered in the United States
  • Mistral AI — headquartered in France
  • Cohere — headquartered in Canada
  • DeepSeek (V4-Pro, business-model-canvas agent) — headquartered in the People's Republic of China

These providers process your data solely to generate your report and are contractually bound not to use your data for their own training purposes. This processing involves transferring your data outside the Kingdom of Saudi Arabia to the countries listed above (see Section 6).

4.2 Our Own AI Model Training ("Jadwa") — Requires Your Consent

We are developing our own AI model ("Jadwa") to power and improve Arshedni's feasibility-report capabilities. To train and improve Jadwa, we may use anonymized and de-identified data derived from generated reports and your interactions with the Service.

We will only use your data to train Jadwa if you have given us explicit, separate consent to do so. This consent is:

  • Optional — you can use the Service without consenting to Jadwa training
  • Revocable — you can withdraw consent at any time from your account settings; withdrawal applies to future training
  • Limited to internal use — Jadwa is our own model, used only within Arshedni; we do not sell or share training data with third parties

When data is used for training, we apply the following safeguards:

  • All directly identifiable information (names, phone numbers, email addresses) is stripped before data enters the training corpus
  • Business names and other specific identifying details are removed or generalized
  • Financial figures are aggregated where possible, not associated with you individually
  • The training corpus is access-controlled and cannot be reverse-engineered to identify you

5. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

  • AI Service Providers: As described in Section 4.1, to generate your reports
  • Cloud Infrastructure:Google Cloud Platform (GCP) hosts our servers and stores your data, including report PDFs. The primary storage region is GCP's me-central1 (Doha, State of Qatar). This is outside the Kingdom of Saudi Arabia and constitutes a cross-border transfer under PDPL Article 29 (see Section 6).
  • Payment Processors: To process payments securely (we do not store your full payment card details)
  • Legal Requirements: When required by Saudi law, court order, or government authority request

6. Cross-Border Data Transfers

Our AI service providers are located outside the Kingdom of Saudi Arabia. In accordance with the PDPL and the Regulation on Personal Data Transfer Outside the Kingdom (2025), your data may be transferred to:

  • United States: Google, Anthropic, OpenAI, Perplexity AI, xAI
  • France: Mistral AI (Premium tier only)
  • Canada: Cohere (Premium tier only)
  • People's Republic of China:DeepSeek (Premium tier only — business-model-canvas agent). DeepSeek is subject to China's National Intelligence Law (2017), which may require Chinese companies to disclose data to Chinese government authorities upon request without notifying you. If you wish to opt out of DeepSeek processing for your Premium report, contact us at info@arshedni.com before generating your report.
  • State of Qatar (Doha): Google Cloud Platform me-central1 region — primary storage for your account, conversations, and reports

We ensure that:

  • Transfers are necessary for the performance of the contract between you and us
  • Recipients provide adequate data protection safeguards
  • We maintain contractual obligations with all processors regarding data protection
  • We minimize the data transferred to what is strictly necessary

7. Data Retention

  • Account data: Retained for as long as your account is active, plus 12 months after deletion request to comply with legal obligations
  • Generated reports: Retained for 24 months after generation, then automatically deleted unless you request earlier deletion
  • Chat conversations: Retained for 12 months after the associated report is generated
  • Technical logs: Retained for 6 months for debugging and security purposes
  • AI training data (if consented): Anonymized data may be retained indefinitely as it cannot be linked back to you

8. Your Rights Under PDPL

Under the Saudi Personal Data Protection Law, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete data
  • Right to Deletion: Request deletion of your personal data when it is no longer necessary for the purpose it was collected
  • Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data in certain circumstances
  • Right to Complain: File a complaint with SDAIA if you believe your data rights have been violated

To exercise any of these rights, contact us at privacy@arshedni.com. We will respond within 30 calendar days as required by the PDPL implementing regulations. This period may be extended by an additional 30 days for complex or multiple requests.

8.1 Self-Service: Download Your Data

You can exercise the Right to Access and Right to Data Portability without contacting us. From Settings → Privacy & Data → Download my data we generate a ZIP archive containing your profile, every completed feasibility report (PDFs in both Arabic and English plus the structured JSON we used to render them), every conversation transcript, every consent receipt, and the last 1,000 entries of your account activity log. The build normally completes within a minute and we hand you a temporary download link directly in the page (and by email). The archive itself stays available for 30 days, after which it is automatically deleted from our storage; you can request a fresh copy any time.

8.2 Self-Service: Delete Your Account

From Settings → Account → Delete account you can schedule your account for permanent deletion. We do not delete immediately: your account enters a 30-day grace window during which all your data remains intact and you can sign in and click Cancel deletionto keep the account active. After 30 days, a daily scheduled job hard-deletes the account and every record it owns — reports, conversations, consent receipts, refresh tokens, account activity. The grace window exists to protect against impulsive or coerced deletions, and we send you a confirmation email with the exact purge date the moment deletion is scheduled.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • All data in transit is encrypted using TLS 1.3
  • Passwords are hashed using industry-standard algorithms (bcrypt)
  • Access to personal data is restricted on a need-to-know basis
  • Regular security reviews and monitoring
  • Secure cloud infrastructure with Google Cloud Platform
  • Authentication tokens with automatic expiration and refresh

10. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights, we will:

  • Notify SDAIA within 72 hours of becoming aware of the breach
  • Notify affected users without undue delay
  • Provide details including the nature of the breach, data affected, potential consequences, and measures taken to address it

11. Children's Data

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we discover that we have collected data from a minor, we will delete it immediately.

12. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies. Essential cookies are necessary for the Service to function and cannot be disabled.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or through the Service. The "Last updated" date at the top of this page indicates when this policy was last revised.

14. Contact Us

For privacy-related inquiries, data subject requests, or complaints:

You also have the right to lodge a complaint directly with the Saudi Data & Artificial Intelligence Authority (SDAIA) at sdaia.gov.sa.

© 2026 Arshedni. All rights reserved.

Terms of ServicePrivacy Policy