Compliance

GDPR Compliance · European Union

Last updated: 13 May 2026

Even though we're headquartered in Riyadh, we treat every EU and UK customer under the GDPR framework.

1. About GDPR

The EU General Data Protection Regulation (2016/679) has been enforceable since May 2018. It applies to anyone processing data of individuals in the EU — even non-EU companies.

2. Lawful basis

  • Art. 6(1)(b): contract performance.
  • Art. 6(1)(f): legitimate interest (platform safety).
  • Art. 6(1)(a): explicit consent (marketing, analytics).

3. Rights

  • Access (Art. 15)
  • Rectification (Art. 16)
  • Erasure / "right to be forgotten" (Art. 17)
  • Restriction of processing (Art. 18)
  • Portability (Art. 20)
  • Objection (Art. 21)
  • Withdraw consent any time.

All available from /dashboard/settings, or email [email protected].

4. International transfers

EU customer data may be transferred to Saudi Arabia to run the service. Transfers are covered by:

  • EU Standard Contractual Clauses (SCC) 2021 edition.
  • TLS 1.3 in transit.
  • AES-256 at rest.

5. Data Processing Agreement

B2B customers who need a signed DPA — email [email protected]. We send a flexible template or counter-sign yours.

6. EU representative

Per GDPR Article 27, we are represented inside the EU by:

InstantDPO BV
Herengracht 449, 1017 BR Amsterdam, Netherlands
[email protected]