Privacy Policy

Effective Date: 06.15.2025

Overnight-Essay.org (“we,” “us,” “our,” or “the Platform”) is committed to protecting your privacy. This Privacy and Cookies Policy explains how we collect, use, disclose, and safeguard your information in compliance with applicable US and UAE privacy laws, including the California Consumer Privacy Act (CCPA), the Children’s Online Privacy Protection Act (COPPA), and other relevant federal and state regulations.

1. Information We Collect

We collect both personally identifiable information (“Personal Information”) and non-personally identifiable information in the following ways:

1.1 Information You Provide

When you interact with our platform, you may provide us with:

  • Full name
  • Email address
  • Uploaded files or documents relevant to our services
  • Payment information (processed via secure third-party payment providers; we do not store full card details)
  • Contact details (e.g., phone number, messaging handle if shared)
  • Any communication exchanged with our support team

1.2 Information Collected Automatically

When you visit or interact with the Platform, we may automatically collect:

  • IP address, device type, and browser information
  • Pages visited, time spent, interaction logs, and clickstream data
  • Time zone, language preferences, and location data (where available)
  • Device identifiers (such as advertising ID)
  • Referrer URLs, ad sources, and campaign performance data

2. How We Use Your Information

We use the collected data to:

  • Provide, maintain, and improve our services
  • Personalize your experience on the platform
  • Communicate with users regarding updates, offers, or relevant service notices
  • Process transactions and deliver customer support
  • Measure the effectiveness of advertising (including Google Ads) and conduct remarketing
  • Detect, prevent, and address security or technical issues

3. Legal Grounds for Processing

We process the personal information of our US users under the following lawful purposes consistent with federal and state law (e.g., CCPA, FTC guidelines):

  • Legal compliance – to meet tax, fraud prevention, and other regulatory requirements
  • Consent – for optional features such as newsletters and promotional communication
  • Contractual necessity – to provide services you request and fulfill contractual obligations
  • Legitimate business interests – including improving our services, securing the platform, and analyzing performance

We do not collect or process sensitive personal information unless necessary and explicitly provided by you.

4. Data Sharing and Third Parties

We only share your personal information with third-party providers when necessary to operate the platform, including:

  • Payment processors (Stripe, PayPal, etc.)
  • Email and communication services (Google Workspace, Mailchimp, etc.)
  • Analytics platforms (Google Analytics, Google Ads, etc.)
  • Freelancers and contractors – for collaboration on academic subjects under confidentiality agreements

We do not sell or rent your personal data to third parties. Sharing is strictly limited to service enablement, legal compliance, or advertising performance.

5. Cross-Border Data Transfers

We may use service providers located outside the United States (e.g., cloud hosting or email systems). Where data is transferred internationally, we ensure:

  • Use of vendors with adequate data protection practices
  • Compliance with contractual data protection clauses consistent with international standards
  • Limited access to personal information only as needed to perform the relevant service

If you reside in California or another jurisdiction with data transfer restrictions, you may contact us for more information on applicable safeguards.

6. Data Retention

We retain personal information only as long as necessary to:

  • Deliver requested services
  • Fulfill legal, accounting, or reporting obligations
  • Resolve disputes and enforce agreements

Unless legal requirements dictate otherwise, inactive user data is typically deleted after 5 years. You may request earlier deletion by contacting us at [email protected]. Some information may be retained in backups or archives for compliance purposes.

7. Your Rights (US Residents)

Depending on your state of residence, you may have the rights outlined below. If you believe your rights have been violated, you may file a complaint with your state’s Attorney General.

7.1. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you are entitled to additional privacy rights under the California Consumer Privacy Act (CCPA) and the amended California Privacy Rights Act (CPRA).

7.1.1. Your Rights Under California Law

Under the CCPA/CPRA, California residents have the rights to:

  • Request information about the categories and specific pieces of personal information we collect, the sources of that information, the purposes for which we use it, and the categories of third parties with whom it is shared.
  • Request deletion of personal information collected from you, subject to certain legal exceptions.
  • Opt out of the sale or sharing of your personal information. We provide a “Do Not Sell or Share My Personal Information” link in the footer of our website for this purpose.
  • Request correction of inaccurate personal data that we maintain about you.
  • Request that we limit the use and disclosure of sensitive personal information (e.g., precise geolocation, financial account details, etc.).
  • Not to be discriminated against for exercising your rights under the CCPA/CPRA.

To exercise any of these rights, contact us at [email protected] with the subject line “California Privacy Request.”

7.1.2. Data Minimization and Retention

In accordance with CPRA requirements, we:

  • Collect only the personal information necessary to fulfill the purpose disclosed at the time of collection (Data Minimization).
  • Retain data only for as long as needed for the stated purpose (Data Limitation). If a fixed retention period cannot be specified, we apply documented criteria to determine deletion timelines.
  • Include clear notices on all forms (e.g., contact, comment, checkout) informing users of the categories of data being collected and the purposes.

Details on data retention per category can be found in Section 6 of this policy.

7.1.3. Opt-Out Link

As required by California law, we include a “Do Not Sell or Share My Personal Information” link in our website footer. This allows California residents to exercise their right to opt out of data sale or sharing with third parties for cross-context behavioral advertising.

7.1.4. Enforcement and Penalties

Failure to comply with the CPRA may result in enforcement actions by the California Privacy Protection Agency (CPPA), including civil penalties of up to $2,500 per violation, or$7,500 per intentional violation.

7.2. Colorado Privacy Rights (CPA)

If you are a resident of Colorado, you are entitled to specific rights regarding your personal data under the Colorado Privacy Act (CPA), effective July 1, 2023.

7.2.1. Your Rights Under Colorado Law

Under the CPA, Colorado consumers have the rights to:

  • Opt out of the sale of personal data, as well as its use for targeted advertising and profiling in furtherance of decisions that produce legal or similarly significant effects.
  • Know whether we are collecting your personal data and for what purpose.
  • Request access to the categories and specific pieces of personal data we have collected about you.
  • Request correction of inaccuracies in your personal data.
  • Request deletion of personal data that we have collected from or about you.
  • Request your data in a portable and readily usable format, allowing you to transfer it to another platform.

You may exercise these rights by emailing us at [email protected] with the subject line “Colorado Privacy Request.” We will respond within 45 days of receiving your verified request. You also have the right to appeal our decision if your request is denied.

7.2.2. Consent for Sensitive Data

We do not collect or process sensitive personal information as defined under the CPA (e.g., biometric data, precise geolocation, racial or ethnic origin, sexual orientation, or health information). If this changes, we will obtain opt-in consent before collecting such data, as required by law.

7.2.3. Data Minimization and Collection Disclosure

We collect only the minimum amount of personal data necessary to operate our platform effectively. A full list of data categories and purposes for collection is detailed in Section 1 of this policy.

We do not engage in deceptive trade practices, and our data collection and processing are aligned with consumer expectations and business necessity.

7.2.4. Universal Opt-Out Mechanism

In compliance with Colorado law, we will implement auser-selected universal opt-out mechanism no later than July 1, 2024, enabling consumers to opt out of the sale or use of personal data for targeted advertising across our platform.

7.2.5. Enforcement and Penalties

Violations of the Colorado Privacy Act may be considered deceptive trade practices. Civil penalties may be imposed by the Colorado Attorney General of up to $20,000 per violation, with a cap of $500,000 per action.

7.3. Connecticut Privacy Rights (CTDPA)

If you are a resident of Connecticut, you have specific rights under the Connecticut Data Privacy Act (CTDPA), effective July 1, 2023. These rights apply when interacting with businesses that determine the purposes and means of processing your personal data.

7.3.1. Your Rights Under Connecticut Law

Connecticut consumers are entitled to the rights to:

  • Request access to the personal data we have collected about you.
  • Request correction of any inaccuracies in your personal data.
  • Request deletion of personal data, including data collected via third parties, subject to certain exceptions outlined in section 7.3.3 below.
  • Obtain a copy of your personal data in a portable and readily usable format to facilitate data transfer to another entity.
  • Opt out of:
    • The sale of your personal data
    • Targeted advertising
    • Profiling that may result in legal or similarly significant effects

You may submit a rights request once every 12 months at no charge. Additional requests may be subject to a reasonable administrative fee. To submit a request, email us at [email protected] with the subject line “Connecticut Privacy Request.” We will respond within 45 days. If necessary, we may extend this period by an additional 45 days and will notify you accordingly.

7.3.2. Data Collection, Minimization, and Notice

We follow the principle of data minimization, collecting only the personal data necessary and proportionate for the stated purpose.

Our Privacy Policy discloses:

  • The categories of personal data collected
  • The purposes of data processing
  • Whether and why personal data is shared with third parties
  • How you can exercise your CTDPA rights

This information is made available both at the point of collection (e.g., on forms) and in the full Privacy Policy.

We do not process sensitive personal data without first obtaining your explicit consent, in line with CTDPA requirements.

7.3.3. Exceptions to Deletion Requests

Your deletion request may be denied if it would:

  • Interfere with fulfilling a product or service you requested
  • Impair internal operations aligned with your expectations
  • Affect product recall procedures or technical issue remediation
  • Hinder detection or prevention of security threats or fraud
  • Violate any federal, state, or local legal obligations

7.3.4. Universal Opt-Out Mechanism

We are implementing a user-selected universal opt-out mechanism to allow Connecticut residents to opt out of data processing for sales, targeted ads, and profiling. This mechanism will be available via our website interface.

7.3.5. Enforcement and Penalties

Violations of the CTDPA may result in civil penalties of up to $5,000 per violation, enforced under the Connecticut Unfair Trade Practices Act. The Connecticut Attorney General may also pursue injunctive relief, restitution, and/or disgorgement as appropriate.

7.4. Delaware Privacy Rights (DPDPA)

Residents of Delaware are granted specific rights under the Delaware Personal Data Privacy Act (DPDPA). These rights apply to personal data collected and processed by businesses that meet the thresholds outlined in the Act.

7.4.1. Your Rights Under Delaware Law

If you are a Delaware resident, you have the right to submit authenticated requests regarding your personal data, including the rights to:

  • Confirm whether we process your personal data and to provide access to that data.
  • Request correction of inaccurate personal data we maintain about you.
  • Request deletion of personal data held about you.
  • Obtain a copy of your personal data in a portable and usable format.
  • Request a list of third-party categories to whom we have disclosed your personal data.
  • Opt out of:
    • Targeted advertising
    • The sale of personal data
    • Profiling in furtherance of automated decisions with legal or similarly significant effects

To exercise these rights, please email us at [email protected]. We will respond within 45 days of receipt. This response window may be extended once by up to another 45 days, depending on request complexity and volume.

If your request is denied, you have the right to appeal. Appeals will receive a written response within 60 days.

7.4.2. Sensitive Data and Consent

We do not process sensitive personal data without obtaining your explicit consent. Under DPDPA, sensitive data includes:

  • Data revealing racial or ethnic origin, religious beliefs, physical or mental health conditions (including pregnancy), sex life, sexual orientation, gender identity, national origin, citizenship, or immigration status
  • Precise geolocation data
  • Genetic or biometric data for unique identification
  • Personal data of a known child under 13

Our systems are configured to block or anonymize sensitive data categories unless you have provided affirmative, documented consent.

7.4.3. Transparency, Disclosure, and Opt-Out

We maintain a clear and accessible Privacy Policy that outlines:

  • What data we collect
  • How it is used and with whom it is shared
  • Your rights under DPDPA
  • The methods by which you may opt out of the sale or targeted use of your personal data

A universal opt-out mechanism is available through our cookie banner and website footer links, in accordance with state-level requirements.

7.4.4. Enforcement and Penalties

Although the DPDPA does not fix a penalty schedule, violations fall under Delaware’s general enforcement authority as outlined in Subchapter II of Chapter 25 of Title 29. This allows the Delaware Department of Justice to investigate and prosecute offenses. Fines may reach up to $10,000 per violation depending on the nature and frequency of the breach.

7.5. Florida Residents – Digital Rights Notice

The Florida Digital Bill of Rights (FDBR), effective July 1, 2024, grants specific digital privacy rights to Florida residents. However, Overnight-Essay.org is not subject to the FDBR’s statutory obligations as we do not meet the applicability thresholds defined for covered entities.

7.5.1. Scope of Exclusion

The FDBR applies only to businesses that qualify as controllers with over $1 billion in annual global revenue and who additionally:

  • Derive 50% or more of revenue from digital advertising;
  • Operate consumer smart speakers or voice command virtual assistant services linked to cloud platforms; or
  • Operate an app store or digital distribution platform offering 250,000+ consumer applications.

Overnight-Essay.org does not meet any of the above criteria, and therefore is not required to comply with FDBR mandates.

7.5.2. Commitment to Privacy for Florida Residents

While not legally obligated under the FDBR, we voluntarily adhere to high standards of data privacy and transparency, including:

  • Allowing users to access, correct, delete, or export their personal data
  • Not selling personal information or using it for automated decision-making that has legal or similarly significant effects
  • Maintaining clear privacy disclosures regarding data collection, usage, and user rights
  • Offering opt-out options for tracking technologies and marketing communications

Florida residents seeking to exercise their rights under our broader privacy framework may contact us at [email protected].

7.6. Indiana Privacy Rights (INCDPA)

Effective January 1, 2026, the Indiana Consumer Data Protection Act (INCDPA) grants Indiana residents a defined set of rights concerning their personal data. Overnight-Essay.org complies with these obligations where applicable and maintains internal safeguards aligned with the statute.

7.6.1. Consumer Rights

Indiana residents have the right to:

  • Confirm whether we process their personal data and obtain access to such data
  • Correct inaccuracies in the personal data they have previously provided
  • Delete personal data provided to or collected by us
  • Opt-out of:
    • The processing of their data for targeted advertising
    • The sale of their personal data
    • The use of their data for profiling that produces legal or similarly significant effects

Requests to exercise any of these rights may be submitted to [email protected]. We will respond within 45 days, with a possible extension of an additional 45 days depending on complexity.

7.6.2. Data Protection Impact Assessments

In line with INCDPA requirements, we conduct and maintain documented Data Protection Impact Assessments (DPIAs) for:

  • Targeted advertising
  • Sale of personal data
  • Profiling that presents a reasonably foreseeable risk of harm
  • Processing of sensitive personal data
  • Other processing activities presenting a heightened risk to consumer rights

7.6.3. Enforcement and Penalties

The Indiana Attorney General enforces the INCDPA. If violations occur, we are granted a 30-day cure period to resolve the issue. Non-compliance after this period may result in civil penalties up to $7,500 per violation and potential injunctive relief.

7.7. Iowa Privacy Rights (ICDPA)

Effective January 1, 2025, the Iowa Consumer Data Protection Act (ICDPA) provides Iowa residents with specific rights regarding their personal data. Overnight-Essay.org implements appropriate measures to comply with these requirements where applicable.

7.7.1. Consumer Rights

Iowa residents have the right to:

  • Opt out of the processing of their personal data for:
    • Sale of personal data
    • Targeted advertising

Note: The ICDPA does not grant consumers the right to opt out of profiling.

  • Receive notice and an opportunity to opt out prior to the processing of any sensitive personal data.

7.7.2. Our Practices

  • We have implemented a privacy notice and opt-out mechanism that clearly describes how we collect, process, and share personal data.
  • Users may correct personal information previously submitted by contacting us at [email protected].
  • Processing of sensitive data will not occur without prior notice and an opt-out opportunity.

7.7.3. Enforcement and Cure Period

The Iowa Attorney General is responsible for enforcement. In the event of a violation, we are granted a 90-day cure period, the longest under any US state privacy law. Failure to cure may result in civil penalties of up to $7,500 per violation, regardless of intent.

7.8. Montana Privacy Rights (MCDPA)

Effective October 1, 2024, the Montana Consumer Data Privacy Act (MCDPA) grants Montana residents specific rights regarding the processing of their personal data. Overnight-Essay.org is committed to complying with these rights where applicable.

7.8.1. Consumer Rights

Montana residents have the right to:

  • Confirm whether we are processing their personal data and obtain access to that data.
  • Correct inaccurate personal data.
  • Delete personal data collected about them.
  • Obtain a portable copy of their personal data for transfer to another controller.
  • Opt out of processing for:
    • Targeted advertising
    • Sale of personal data
    • Profiling that results in solely automated decisions with legal or similarly significant effect

7.8.2. Response Deadlines and Appeals

  • We will respond to verified consumer requests within 45 days, extendable by an additional 45 days if reasonably necessary due to complexity or volume.
  • Consumers have the right to appeal any refusal to act on their requests. We will respond to appeals within 60 days.
  • If an appeal is denied, we will provide consumers with a method to contact the Montana Attorney General to submit a complaint.

7.8.3. Penalties

The MCDPA does not specify civil penalty amounts but allows enforcement actions by the Attorney General.

7.9. New Hampshire Privacy Rights (NHPA)

Effective January 1, 2025, the New Hampshire Privacy Act (NHPA) provides New Hampshire residents with specific rights regarding their personal data. Overnight-Essay.org adheres to these rights when applicable.

7.9.1. Consumer Rights

New Hampshire residents have the right to:

  • Confirm whether we are processing their personal data and access that data, except where confirmation or access would reveal a trade secret.
  • Correct inaccuracies in their personal data.
  • Delete their personal data.
  • Obtain a copy of their personal data in an accessible format for portability.
  • Opt out of processing for targeted advertising, sale of personal data, or profiling. The NHPA supports universal opt-out mechanisms.

7.9.2. Response Deadlines and Consent

  • We respond to verified consumer requests within 45 days, with the possibility of a reasonable extension if the request is complex, provided we notify the consumer within 45 days.
  • We provide an easy-to-use mechanism for consumers to revoke consent, matching the ease of giving consent.
  • A clear and conspicuous link for consumers to opt out is available on our website.

7.9.3. Data Protection Impact Assessment (DPIA)

  • We conduct DPIAs for processing activities initiated on or after July 1, 2024, that present heightened risks, including targeted advertising, sensitive data processing, sale of personal data, or profiling that risks unfair or deceptive treatment or significant consumer harm.
  • The New Hampshire Attorney General may review these assessments.
  • DPIAs done for similar laws in other states may be used to satisfy this requirement.

7.9.4. Penalties

Violations of the NHPA are treated as violations of New Hampshire’s broader consumer protection law and may incur civil penalties of up to $10,000 per violation.

7.10. New Jersey Privacy Rights (NJDPA)

Effective January 15, 2025, the New Jersey Data Privacy Act (NJDPA) grants New Jersey residents specific rights concerning their personal data. Overnight-Essay.org complies with these requirements where applicable.

7.10.1. Consumer Rights

New Jersey residents have the right to:

  • Know whether we process their personal data.
  • Access their personal data and receive a copy in a readily transmittable format.
  • Correct inaccuracies in their personal data.
  • Delete their personal data.
  • Opt out of processing for targeted advertising, sale of personal data, or profiling that leads to legal or similarly significant effects.

7.10.2. Our Actions

  • We have updated our Privacy Policy to reflect these rights.
  • We provide a functional mechanism to allow consumers to correct their personal data.
  • We maintain a clear and accessible opt-out mechanism for applicable processing.

7.10.3. Possible Penalties

  • Violations can incur penalties of up to $10,000 for the first violation and up to $20,000 for subsequent violations.
  • The Act allows a 30-day cure period for violations, applicable until July 15, 2026.
  • There is no private right of action under this law.

7.11. Tennessee Privacy Rights (TIPA)

Effective July 1, 2025, the Tennessee Information Protection Act (TIPA) grants Tennessee residents specific rights regarding their personal information. Overnight-Essay.org adheres to these requirements as applicable.

7.11.1. Consumer Rights

Tennessee residents have the right to:

  • Confirm whether we are processing their personal information and access that information.
  • Correct inaccuracies in their personal information, considering the nature and purpose of processing.
  • Delete personal information provided by or obtained about them, except if the data is aggregated or de-identified.
  • Obtain a copy of their personal information in a portable and readily usable format.
  • Opt out of processing for selling personal information, targeted advertising, or profiling.

7.11.2. Our Actions

  • We have updated our Privacy Policy to reflect these rights.
  • We provide a functional mechanism for consumers to correct their data.
  • We respond to requests within 45 days, with a possible extension of an additional 45 days for complex requests, notifying consumers of the extension.

7.11.3 Possible Penalties

  • Violations may result in fines of up to $7,500 per violation.

7.12. Texas Privacy Rights (TDPSA)

Effective July 1, 2024, the Texas Data Privacy and Security Act (TDPSA) provides Texas residents with specific rights regarding their personal data. Overnight-Essay.org complies with these obligations where applicable.

7.12.1. Consumer Rights

Texas residents have the right to:

  • Confirm whether we are processing their personal data and access that data.
  • Correct inaccuracies in their personal data.
  • Delete personal data provided by or obtained about them.
  • Obtain a copy of their personal data, if available, in a portable and readily usable format.
  • Opt out of processing for targeted advertising, sale of personal data, or profiling.

7.12.2. Our Actions

  • Privacy Policy updated to reflect these rights.
  • Functional mechanisms provided to correct data.
  • Responses to requests are provided within 45 days, with a possible extension of 45 days for complex cases, with consumer notification.

7.12.3. Possible Penalties

  • Violations can result in penalties of up to $7,500 per violation.

7.13. Utah Privacy Rights (UCPA)

Effective January 1, 2024, the Utah Consumer Privacy Act (UCPA) grants Utah consumers specific rights related to their personal data. Overnight-Essay.org acknowledges and complies with these rights where applicable.

7.13.1. Consumer Rights

Utah consumers have the right to:

  • Confirm whether their personal data is being processed and access the personal data.
  • Delete personal data they have provided to the controller. Note that deletion does not extend to all data a controller holds, only data the consumer provided.
  • Obtain a copy of personal data they previously provided in a portable, readily usable format that allows transmission to another controller without impediment, to the extent technically feasible.
  • Opt out of processing for targeted advertising or sale of personal data.

7.13.2. Our Actions

  • Privacy notices include: categories of personal data processed, purposes of processing, how consumers can exercise their rights, categories of data shared with third parties, and clear disclosure of opt-out mechanisms if data is sold or used for targeted advertising.
  • Respond to requests within 45 days, with a possible 45-day extension for complex or numerous requests, with notification to the consumer.

7.13.3. Possible Penalties

  • Fines of up to $7,500 per violation if violations are not cured after a written notice or if violations continue.

7.14. Virginia Privacy Rights (VCDPA)

Effective January 1, 2023, the Virginia Consumer Data Protection Act (VCDPA) provides Virginia consumers with specific rights regarding their personal data. Overnight-Essay.org complies with these rights where applicable.

7.14.1. Consumer Rights

Virginia consumers have the right to:

  • Confirm whether their personal data is being processed and access such data.
  • Request correction of inaccuracies in their personal data, considering the nature and purpose of the data processing.
  • Request deletion of personal data provided by or obtained about them.
  • Obtain a portable and, when technically feasible, readily usable copy of their personal data previously provided, allowing transmission to another controller without hindrance.
  • Opt out of processing for targeted advertising, sale of personal data, or profiling that advances decisions producing legal or similarly significant effects.
  • Appeal a controller’s denial to act on their request within a reasonable time.

7.14.2. Our Actions

  • Privacy policy discloses categories of personal data processed, processing purposes, how consumers may exercise rights and appeal decisions, categories of data shared with third parties, and categories of third parties receiving data.
  • Respond to consumer requests within 45 days, extendable by an additional 45 days when necessary with consumer notification.

7.14.3. Possible Penalties

  • Fines of up to $7,500 per violation may be imposed.

8. Your Rights (UAE Residents)

Effective January 2, 2022, the UAE Personal Data Protection Law (PDPL) governs the processing of personal data in the UAE. Overnight-Essay.org complies with applicable PDPL requirements.

8.1. Consumer Rights

Under the PDPL, data subjects have the rights to:

  • Receive clear information about the purposes of data processing; the sectors or entities inside or outside the UAE with whom data will be shared; and safeguards for cross-border transfers. Additional information can be requested about types of data processed, automated decision-making, retention periods, and data breach measures.
  • Obtain personal data they provided in a structured, machine-readable format where processing is based on consent or contractual necessity and carried out by automated means.
  • Correct inaccurate or incomplete personal data.
  • Request deletion of personal data when no longer necessary for the original purpose or when consent is withdrawn and no legitimate grounds for processing exist.
  • Object to processing for direct marketing or statistical survey purposes.
  • Have personal data transmitted to another controller, where technically feasible.
  • Object to decisions based solely on automated processing.

8.1.2. Our Actions

  • Prior to processing, provide clear information about processing purposes, entities involved (inside or outside the UAE), and safeguards for cross-border transfers.
  • In case of data breach prejudicing data subject privacy, immediately notify the UAE Data Office with detailed information about the breach, consequences, and remedial actions as required by Article 9 of the PDPL. The Executive Regulations will specify timing and procedures.

9. Your Rights (Kingdom of Saudi Arabia)

Effective March 2022 (law) with Implementing Regulations following, the Saudi PDPL governs the collection, processing, and protection of personal data in the Kingdom of Saudi Arabia. Compliance with the PDPL is mandatory for controllers processing personal data of Saudi residents.

9.1. Consumer Rights

Users from the Kingdom of Saudi Arabia have the rights to:

  • Receive prescribed information, including the legal basis for processing and a “specific, clear, and explicit purpose.” The law mandates making such information available via a privacy policy.
  • Access their personal data and request a copy in a “readable and clear format” and a “commonly used electronic format.” Printed copies can be requested if feasible. Exercising this right must not negatively impact others’ rights.
  • Restrict processing when disputing the accuracy of their personal data, allowing the controller time to verify accuracy. Controllers may require supporting evidence.
  • Request destruction of personal data when it is no longer necessary for its original purpose or if processed in violation of the PDPL. The Implementing Regulations specify required steps for destruction.
  • Ensure anonymization techniques prevent re-identification. They must assess the impact and effectiveness of these techniques, implement organizational and technical safeguards, and adjust as needed. Anonymized data is not considered personal data under the PDPL.
  • Having consent given in any appropriate form—written, verbal, electronic—with documentation allowing future verification. Separate consent is required for each processing purpose. Explicit consent is mandatory for processing sensitive or credit data.

9.1.1 Our Actions

  • Update privacy policies to incorporate PDPL-mandated disclosures.
  • Implement mechanisms to support consumer rights under the PDPL, including data access, correction, restriction, and deletion.
  • Ensure consent collection and record-keeping meet PDPL standards.
  • Maintain procedures for secure data destruction and anonymization compliance.

10. Cookies and Tracking Technologies

We use cookies, pixel tags, and similar technologies to:

  • Remember user preferences and settings
  • Analyze traffic patterns and site performance
  • Enable personalized advertising, including retargeting via platforms like Google Ads

You can manage cookie preferences through your browser settings. For interest-based advertising, you can opt out via the Network Advertising Initiative (NAI) at optout.networkadvertising.org or the Digital Advertising Alliance (DAA) at optout.aboutads.info.

11. Sharing Your Information

We do not sell your Personal Information. We may share data only as necessary with:

  • Third-party service providers (e.g., payment processors, hosting partners)
  • Advertising platforms (e.g., Google Ads, Meta) for performance and targeting
  • Legal authorities when required to comply with law, regulation, or legal process

12. International Users

Our services are operated in the United States, Saudi Arabia, and UAE. If you access the Platform from outside these jurisdictions., you acknowledge that your information will be processed in accordance with the US, Saudi Arabia, and UAE laws.

13. Changes to This Policy

We may update this Privacy and Cookies Policy from time to time. Revisions will be posted with an updated “Last Updated” date. Your continued use of the Platform constitutes your acceptance of any updates.

14. Contact Us

For questions or concerns about this Privacy and Cookies Policy, please contact us at:
Email: [email protected]