Privacy Policy

Tabrid.ai (“Tabrid.ai”, “we”, “our”, or “us”), a product of the Arabkor Group, is committed to protecting your personal data. This Privacy Policy describes how we collect, use, store, and share information when you use our platform, website, and services. It also describes your rights under applicable data protection laws, including the Saudi Personal Data Protection Law (PDPL) and other applicable GCC regulations.

By using Tabrid.ai services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.

1. Information We Collect

1.1 Information You Provide Directly

• Contact details: full name, work email address, job title, and company name provided through our demo request or contact forms.
• Account credentials: email address and encrypted password for platform access.
• Communications: messages, support tickets, and other correspondence you send us.
• Consent records: timestamps and method of consent for data processing.

1.2 Information Collected Automatically

• Usage data: pages visited, features accessed, session duration, and interaction events within the platform.
• Device information: browser type and version, operating system, device identifiers, and screen resolution.
• Network data: IP address, approximate geographic location (city/country level), and referral URL.
• Cookies and similar tracking technologies: as described in Section 5 of this policy.

1.3 Operational and Sensor Data

When you deploy Tabrid.ai within your facility, our platform processes real-time operational data including temperature readings, sensor telemetry, energy consumption metrics, and equipment status. This operational data is owned by you (the customer) and is processed by us solely to provide the contracted services.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: provisioning your account, operating the platform, and fulfilling your contracted services.
• Communications: responding to enquiries, sending service notifications, and providing onboarding support.
• Product improvement: analysing usage patterns to improve platform performance, reliability, and user experience.
• Security and fraud prevention: detecting, investigating, and preventing unauthorised access or abuse.
• Legal compliance: meeting obligations under applicable Saudi, GCC, and international data protection and sector-specific regulations.
• Marketing (with consent): sending product updates, newsletters, and event invitations where you have opted in.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

3. Data Storage & Security

3.1 Storage Location

Customer data is stored on secure cloud infrastructure within the GCC region by default. Enterprise customers may request on-premise or specific-region deployment options. We work with internationally recognised cloud infrastructure providers that maintain ISO 27001 and SOC 2 Type II certifications.

3.2 Security Measures

• Encryption at rest using AES-256 for all stored data.
• Encryption in transit using TLS 1.3 for all data moving between your browser and our servers.
• Role-based access controls and principle of least privilege for all internal systems.
• Multi-factor authentication for all administrative access.
• Regular penetration testing and vulnerability assessments by independent security firms.
• 24/7 security monitoring and incident response procedures.

3.3 Retention

We retain personal data only as long as necessary to fulfil the purposes outlined in this policy, comply with our legal obligations, resolve disputes, and enforce our agreements. Account data is deleted within 90 days of account closure unless a longer retention period is required by applicable law.

4. Cookies and Tracking Technologies

Our website and platform use cookies and similar technologies to provide functionality, analyse usage, and improve your experience.

• Strictly necessary cookies: required for authentication, security, and core platform functionality. These cannot be disabled.
• Analytics cookies: help us understand how visitors use our website so we can improve it. We use privacy-respecting analytics tools that anonymise IP addresses.
• Preference cookies: remember your settings and preferences across sessions.

You can manage cookie preferences through your browser settings. Blocking strictly necessary cookies may affect platform functionality. Our platform does not serve third-party advertising cookies.

5. Third-Party Services and Sharing

We share data with third-party service providers solely to operate and improve our services, under contractual obligations that restrict their use of your data:

• Cloud infrastructure providers for hosting, storage, and compute services.
• Email delivery services for transactional and notification emails.
• Analytics providers for aggregated, anonymised usage analysis.
• Security services for DDoS protection, bot mitigation, and threat intelligence.

We may also disclose data when required by applicable law, regulation, legal process, or governmental request, and to protect the rights, property, or safety of Tabrid.ai, our customers, or others.

6. Your Rights

Under the Saudi Personal Data Protection Law (PDPL) and applicable GCC regulations, you have the following rights regarding your personal data:

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion of your personal data, subject to legal obligations that may require us to retain it.
• Right to restriction: request that we restrict processing of your data in certain circumstances.
• Right to data portability: receive your data in a structured, commonly used, machine-readable format.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to object: object to processing based on legitimate interests.

To exercise any of these rights, contact us at privacy@tabrid.ai. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

7. GCC Regulatory Compliance

Tabrid.ai is designed to support customer compliance with applicable GCC data protection and sector regulations, including:

• Saudi Arabia: Personal Data Protection Law (PDPL), Royal Decree No. M/19, and implementing regulations issued by the National Data Management Office (NDMO).
• UAE: Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL).
• Industry-specific: UAE Food Safety Law (Federal Decree-Law No. 11 of 2024) for cold chain monitoring customers.
• Energy sector: Saudi Vision 2030 energy efficiency reporting requirements for data center customers.

8. Children's Privacy

Tabrid.ai services are designed for enterprise use and are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or applicable law. We will notify registered users of material changes by email or through a prominent notice in the platform. The “Last Updated” date at the top of this page reflects the most recent revision. Continued use of our services after an update constitutes acceptance of the revised policy.

10. Contact Us

For privacy-related enquiries, data subject requests, or to report a concern, contact our Data Protection contact: