Privacy Policy

We only collect data necessary to deliver our services: • Identity data: name, email, phone, organization. • Usage data: pages visited, session duration, device, browser type. • Payment data: handled entirely through licensed payment gateways (Moyasar, PayTabs). We never store card details. • Platform content: courses, assessments, and materials you upload as a platform admin, plus learner progress data.

We use your data to: • Deliver the service and operate your account and platform. • Improve performance and detect technical issues. • Send operational notifications (subscription renewals, invoices, security updates). • Respond to your inquiries and support requests. • Comply with regulatory and legal requirements in Saudi Arabia. We never sell your data to any third party for marketing purposes.

• Encryption at rest with AES-256; in transit via TLS 1.3. • Managed enterprise infrastructure with daily backups. • Role-based access control (RBAC) — each employee only accesses what their role requires. • Full audit log for every access to sensitive data. • Email-based two-factor authentication (MFA) is available on every account from the Security page.

Under Saudi Arabia’s Personal Data Protection Law (PDPL), you have the right to: • Access the personal data we hold about you. • Correct any inaccurate data. • Request deletion of your data (unless we are legally required to retain it). • Port your data to another service provider. • Withdraw consent to data processing at any time. • File a complaint with the Saudi Data & AI Authority (SDAIA). To exercise any of these rights, email privacy@bareeq.sa — we respond within 30 days.

• Active account data: throughout the subscription term. • After cancellation: 90 days grace period for recovery, then permanent deletion. • Invoices and financial records: 10 years per Saudi tax and zakat requirements. • Security access logs: 12 months, then automatic deletion.

If we detect a security breach that may affect your personal data, we commit to: • Notifying the Saudi Data & AI Authority (SDAIA) within 72 hours, per PDPL. • Notifying you directly and without delay if the breach specifically affects you. • Clearly explaining the types of data affected and the actions taken.

Data Protection Officer (DPO): Email: privacy@bareeq.sa Address: Riyadh, Saudi Arabia For any privacy-related inquiry, email privacy@bareeq.sa — we respond within 5 business days.