AquriX is dedicated to safeguarding your personal information and protecting your privacy. Our Privacy Policy explains the data we collect, how we use it, and the measures we take to ensure it remains secure.
Privacy Policy of AquriX
Effective Date: December 1, 2024
Governing Law: The Kingdom of Saudi Arabia
1. General Provisions
This Privacy Policy ("Policy") governs the processing of personal data and other related information collected by AquriX ("Company", "we", "us", or "our") through its proprietary software platform AquriX ("Platform"). The Policy has been developed in accordance with the Personal Data Protection Law issued pursuant to Royal Decree No. M/19 dated 09/02/1443H ("PDPL") and its implementing regulations, and reflects our commitment to protect the privacy, confidentiality, and integrity of the data entrusted to us.
By accessing and using the Platform, the user ("User", "you", or "your") acknowledges that they have read, understood, and consented to the terms of this Policy and to the lawful processing of their data in accordance with the purposes and mechanisms outlined herein.
2. Scope of Application
This Policy applies to all Users who access or use the AquriX Platform, including individuals acting in their personal capacity and representatives of legal entities who interact with the Platform either through web interface, APIs, integrations, or auxiliary features. It applies to all data collected, stored, or otherwise processed by the Company in connection with such access or use.
3. Categories of Data Collected
The Company may collect and process the following categories of personal and non-personal data:
3.1. Account Data:
Information submitted by the User at the time of registration or account creation, including but not limited to full name, email address, phone number, job title, affiliated entity, and password credentials.
3.2. Communication Data:
Any information voluntarily disclosed by the User during correspondence with the Company, whether through email, support chat, or contact forms, including metadata, attachments, and inquiry content.
3.3. Usage and Interaction Data:
Automatically collected information regarding the User's interaction with the Platform, including but not limited to IP addresses, browser type, session timestamps, feature usage logs, clickstream behavior, and operational diagnostics.
3.4. Uploaded or Submitted Content:
Data sets, documents, textual inputs, or other materials uploaded by the User to the Platform for processing, analysis, or storage.
3.5. Third-Party Service Data:
Where applicable, metadata or data fragments exchanged between the Platform and approved third-party services for the sole purpose of service enablement or enhancement.
4. Legal Basis for Processing
Data is collected and processed exclusively on the following legal bases as permitted by PDPL:
Consent: Where the User has given explicit consent to the processing of their data.
Contractual Necessity: Where processing is required for the performance of a contract or provision of services.
Legal Obligation: Where the Company is under a legal duty to collect or disclose data.
Legitimate Interests: Where processing is necessary for the legitimate business interests of the Company and does not override the fundamental rights and freedoms of the User.
5. Purpose of Processing
The Company processes data for the following purposes, as applicable:
Account creation, authentication, and user identification.
Delivery of customized market research, analytics, and AI-enhanced insights.
Improvement of the Platform’s functionality, performance, and reliability.
Customer support, issue resolution, and operational communication.
Compliance with applicable legal and regulatory obligations.
Prevention of fraud, abuse, or unauthorized access to the Platform.
6. Infrastructure, System Architecture, and External Service Interfaces
The Company affirms that the primary infrastructure used for data storage and processing is located within the territorial jurisdiction of the Kingdom of Saudi Arabia. All data-at-rest is maintained within this infrastructure, in strict compliance with the national data residency obligations imposed by PDPL and relevant regulatory authorities.
Notwithstanding the above, the User acknowledges and agrees that certain functional components of the Platform may, from time to time, utilize interfaces (including APIs or microservice endpoints) operated by vetted third-party service providers for narrowly scoped tasks. These components may include, but are not limited to, parsing engines, formatting tools, visualization modules, or data normalization services.
All such integrations are subjected to rigorous vendor assessments, technical restrictions, and compliance controls. Where applicable, data shared with such services is anonymized, minimized, or tokenized, and is only processed in memory for the duration strictly necessary to fulfill the intended function. No persistent storage or secondary use of data is authorized under any circumstances.
The User accepts sole responsibility for ensuring that data uploaded or submitted to the Platform does not include content prohibited from being transmitted, even transiently, via external interfaces, under applicable local or sector-specific regulation.
7. Data Retention
Data is retained only for as long as necessary to fulfill the purpose for which it was collected, or as otherwise required under applicable law. Upon expiry of the retention period, data is securely deleted or irreversibly anonymized in accordance with internal data disposal protocols.
8. User Rights
The User has the following rights, exercisable by submitting a written request to privacy@aqurix.co:
Right to Access: Request a copy of personal data held by the Company.
Right to Rectification: Request correction of inaccurate or outdated data.
Right to Erasure: Request deletion of personal data, subject to legal limitations.
Right to Object: Object to specific types of processing, particularly those based on legitimate interests.
Right to Restrict Processing: Request a temporary restriction of processing in certain circumstances.
Right to Data Portability: Request transfer of data to another service provider where technically feasible.
9. Data Security
The Company employs industry-standard technical and organizational measures to safeguard the confidentiality, integrity, and availability of data. These measures include:
Encryption at rest and in transit.
Access control via role-based permissions.
Logging and monitoring of access and operations.
Secure software development lifecycle practices.
Periodic audits and penetration testing.
All personnel and contractors with access to personal data are bound by confidentiality obligations and undergo security awareness training.
10. Third-Party Disclosures
The Company does not disclose personal data to third parties except in the following circumstances:
Where required by a lawful subpoena, court order, or regulatory request.
Where necessary to protect the rights, property, or safety of the Company or its users.
Where expressly authorized by the User through written consent or agreement.
Where processors or service providers are engaged under a Data Processing Agreement ensuring compliance with PDPL and equivalent protections.
11. International Transfers
As a rule, personal data is not transferred outside of Saudi Arabia. In exceptional cases where technical processing or service integration necessitates limited exposure to foreign systems, such transfers will only be performed if:
The transfer complies with PDPL conditions.
The data is anonymized or tokenized to prevent reidentification.
Adequate safeguards are implemented, including contractual commitments and technical controls.
12. Amendments
The Company reserves the right to update or modify this Policy at any time. Where such modifications materially affect User rights or data usage, reasonable efforts will be made to notify Users through the Platform or by direct communication.
13. Contact and Compliance Office
All questions, concerns, or complaints regarding this Policy or data practices should be directed to:
Data Protection Officer
📧 Email: privacy@aqurix.co
Appendix A: Vendor Risk and Third-Party API Provider Clauses
1. Use of Vendors and External Interfaces
The Company may, in the normal course of service delivery, rely on third-party software vendors, service providers, or auxiliary platforms (collectively, “Vendors”) to facilitate certain features, enhancements, or microservice executions through APIs, SDKs, or modular integrations (collectively, “External Interfaces”). Such Vendors operate independently and are not agents, affiliates, or subcontractors of the Company.
These External Interfaces are used solely for limited, technically defined functions, such as document formatting, parsing, statistical processing, or visualization, and are not integrated with the Company’s core data infrastructure or storage systems.
2. No Agency; Independent Risk
The User acknowledges and agrees that:
Vendors are independent third parties and not under the direct supervision or control of the Company.
The Company does not warrant, guarantee, or represent the security practices, availability, or functionality of any External Interface.
Any engagement with a Vendor via the Platform is done at the User’s own discretion and risk.
The Company does not assume, accept, or undertake any responsibility or liability, whether direct or indirect, for:
Any act, omission, delay, failure, error, or breach committed by a Vendor.
Any data loss, exposure, unauthorized access, or breach of data confidentiality that arises from the Vendor’s systems or processing environment.
Any operational, reputational, financial, or legal damage suffered by the User as a result of Vendor behavior or system interaction.
3. Disclaimer of Warranties and Exclusion of Liability
The Company disclaims all warranties, express or implied, including but not limited to any warranty of fitness for a particular purpose, merchantability, accuracy, or non-infringement, with respect to Vendor services or External Interfaces.
To the maximum extent permitted under applicable law, the Company shall have no liability whatsoever, in contract, tort (including negligence), statutory duty, or otherwise, arising out of or in connection with:
The performance, availability, or use of any third-party Vendor service.
Any breach of data protection obligations by Vendors.
Any regulatory consequence, penalty, or dispute relating to Vendor action or inaction.
4. Indemnification
The User shall indemnify, defend, and hold harmless the Company and its affiliates, officers, directors, employees, and agents from and against any and all losses, claims, liabilities, damages, penalties, fines, and expenses (including attorneys’ fees) arising out of or related to:
The User’s use of Vendor services or External Interfaces.
Any data uploaded, transferred, or submitted to a Vendor in contravention of applicable laws or contractual restrictions.
Any third-party claims or regulatory actions stemming from the User’s interaction with or reliance upon Vendor systems.
5. No Duty to Monitor or Enforce
The Company shall have no duty, obligation, or responsibility to:
Monitor the performance or compliance of any Vendor.
Validate the security controls or certifications of Vendors on the User’s behalf.
Intervene in disputes between the User and any Vendor.
The User bears sole responsibility for assessing the suitability and legality of using any third-party service accessed via or in conjunction with the Platform.
6. Severability and Survivability
Each clause in this section shall survive termination of the User’s agreement with the Company and remain fully enforceable. If any part of this section is held to be unenforceable under applicable law, the remainder shall be interpreted to provide the maximum lawful protection to the Company.
