Back to Home
Arshedni

Privacy Policy

Last updated: April 1, 2026

This Privacy Policy describes how Arshedni ("we," "us," or "our"), a company registered in the Kingdom of Saudi Arabia, collects, uses, stores, and protects your personal data when you use our platform and services (the "Service"). This policy is designed to comply with the Saudi Personal Data Protection Law (PDPL), Royal Decree M/19 dated 9/2/1443H, as amended, and its implementing regulations issued by the Saudi Data & Artificial Intelligence Authority (SDAIA).

By using the Service, you acknowledge that you have read and understood this Privacy Policy. Where we rely on your consent as a legal basis for processing, we will obtain your explicit consent before collecting or processing your personal data.

1. Data Controller

The data controller responsible for your personal data is:

2. Personal Data We Collect

2.1 Account Information

When you register, we collect:

  • Full name
  • Email address
  • Saudi mobile phone number (+966)
  • Hashed password (we never store plaintext passwords)
  • Google account information (if you sign in with Google): name, email, profile picture

2.2 Business Data

When you use the feasibility study service, we collect:

  • Your business idea description and details shared through the chat interface
  • Industry, location, budget, and other business parameters
  • Chat conversation history with our AI assistant

2.3 Generated Report Data

The Service generates and stores:

  • Feasibility study reports (English and Arabic versions)
  • PDF documents of your reports
  • Financial projections, market analysis, and other report sections

2.4 Technical Data

We automatically collect:

  • IP address and approximate location
  • Browser type and version
  • Device type and operating system
  • Pages visited, time spent, and interaction patterns
  • Error logs and performance data

3. How We Use Your Data

We process your personal data for the following purposes:

3.1 Service Delivery (Legal Basis: Contract Performance)

  • Creating and managing your account
  • Generating feasibility study reports
  • Processing payments
  • Sending transactional emails (account verification, password reset)
  • Providing customer support

3.2 Service Improvement (Legal Basis: Legitimate Interest)

  • Analyzing usage patterns to improve platform features
  • Monitoring and fixing technical errors
  • Measuring service performance and reliability

3.3 Security (Legal Basis: Legitimate Interest / Legal Obligation)

  • Preventing fraud, abuse, and unauthorized access
  • Enforcing our Terms of Service
  • Complying with Saudi regulatory requirements

4. AI Model Training & Data Usage

This section is critically important. Please read it carefully.

Arshedni uses artificial intelligence to generate feasibility reports. We are transparent about how your data interacts with AI systems:

4.1 Third-Party AI Processing

To generate your feasibility reports, your business idea and related data are processed by third-party AI service providers, including:

  • Anthropic (Claude) — headquartered in the United States
  • Google (Gemini) — headquartered in the United States
  • Perplexity AI (Sonar) — headquartered in the United States

These providers process your data solely to generate your report and are contractually bound not to use your data for their own training purposes. However, please note that this processing involves transferring your data outside the Kingdom of Saudi Arabia (see Section 6).

4.2 Our Own AI Model Training (Requires Your Consent)

We develop our own AI translation model ("Jadwa") to improve the quality of Arabic translations in feasibility reports. To train and improve this model, we may use anonymized and de-identified data derived from generated reports.

We will only use your report data for AI model training if you have given us explicit, separate consent to do so. This consent is:

  • Optional — you can use the Service without consenting to AI training
  • Revocable — you can withdraw consent at any time
  • Specific — consent covers only anonymized data for translation model improvement

When data is used for training, we apply the following safeguards:

  • All personally identifiable information (names, phone numbers, emails) is stripped
  • Business names and specific identifying details are removed or generalized
  • Financial figures are aggregated, not used individually
  • The training data cannot be reverse-engineered to identify you

5. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

  • AI Service Providers: As described in Section 4.1, to generate your reports
  • Cloud Infrastructure: Google Cloud Platform (GCP) hosts our servers and stores your data, including report PDFs
  • Payment Processors: To process payments securely (we do not store your full payment card details)
  • Legal Requirements: When required by Saudi law, court order, or government authority request

6. Cross-Border Data Transfers

Some of our service providers are located outside the Kingdom of Saudi Arabia. In accordance with the PDPL and the Regulation on Personal Data Transfer Outside the Kingdom (2025), we ensure that:

  • Transfers are necessary for the performance of the contract between you and us
  • Recipients provide adequate data protection safeguards
  • We maintain contractual obligations with all processors regarding data protection
  • We minimize the data transferred to what is strictly necessary

7. Data Retention

  • Account data: Retained for as long as your account is active, plus 12 months after deletion request to comply with legal obligations
  • Generated reports: Retained for 24 months after generation, then automatically deleted unless you request earlier deletion
  • Chat conversations: Retained for 12 months after the associated report is generated
  • Technical logs: Retained for 6 months for debugging and security purposes
  • AI training data (if consented): Anonymized data may be retained indefinitely as it cannot be linked back to you

8. Your Rights Under PDPL

Under the Saudi Personal Data Protection Law, you have the following rights:

  • Right to Access: Request a copy of the personal data we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete data
  • Right to Deletion: Request deletion of your personal data when it is no longer necessary for the purpose it was collected
  • Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent
  • Right to Data Portability: Request your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data in certain circumstances
  • Right to Complain: File a complaint with SDAIA if you believe your data rights have been violated

To exercise any of these rights, contact us at privacy@arshedni.com. We will respond within 30 calendar days as required by the PDPL implementing regulations. This period may be extended by an additional 30 days for complex or multiple requests.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • All data in transit is encrypted using TLS 1.3
  • Passwords are hashed using industry-standard algorithms (bcrypt)
  • Access to personal data is restricted on a need-to-know basis
  • Regular security reviews and monitoring
  • Secure cloud infrastructure with Google Cloud Platform
  • Authentication tokens with automatic expiration and refresh

10. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights, we will:

  • Notify SDAIA within 72 hours of becoming aware of the breach
  • Notify affected users without undue delay
  • Provide details including the nature of the breach, data affected, potential consequences, and measures taken to address it

11. Children's Data

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we discover that we have collected data from a minor, we will delete it immediately.

12. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies. Essential cookies are necessary for the Service to function and cannot be disabled.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or through the Service. The "Last updated" date at the top of this page indicates when this policy was last revised.

14. Contact Us

For privacy-related inquiries, data subject requests, or complaints:

You also have the right to lodge a complaint directly with the Saudi Data & Artificial Intelligence Authority (SDAIA) at sdaia.gov.sa.

© 2026 Arshedni. All rights reserved.

Terms of ServicePrivacy Policy