Privacy Policy
[آخر تحديث / Last updated]: [DATE]
This Privacy Policy explains how Soufra ("we") collects, uses, and protects your personal data when you use our platform and services, in accordance with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia.
Who we are
The Soufra platform is operated by [الكيان القانوني / Legal Entity Name], with registered address at [العنوان الوطني / Registered Address], [المدينة / City], Kingdom of Saudi Arabia, Commercial Registration No. [رقم السجل التجاري / CR No.]. We are the Data Controller responsible for the personal data processed under this policy.
Data we collect
We collect the following personal data depending on how you use the service:
- Account & restaurant data (from owners): name, email, phone number, business name, menu, prices, opening hours, and branch details.
- Diner data (from bookings, queue, and feedback): name, phone number, party size, reservation or wait time, and any notes you provide.
- Usage, device, and cookie data: IP address, browser and device type, pages visited, and session identifiers.
How we use data
- To provide and operate the service: creating accounts, displaying menus and branded pages, and managing reservations and the live queue.
- To communicate with you about bookings, operational notifications, and service messages.
- To improve the platform, measure performance, ensure security, and prevent fraud.
- To comply with regulatory and legal obligations.
Legal basis & consent under the Personal Data Protection Law (PDPL)
We process your personal data in accordance with the Saudi Personal Data Protection Law (PDPL) and its Implementing Regulations. Processing relies on one of the following legal bases: your consent, performance of a contract to which you are a party, a legitimate interest that does not override your rights, or compliance with a legal obligation. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Sharing & sub-processors
We do not sell your personal data. We share it only with trusted service providers who process it on our behalf under data processing agreements, including:
- Supabase — database and authentication.
- Amazon Web Services (AWS) — hosting and infrastructure.
- Resend — transactional email.
- Payment providers — when payments are enabled.
International data transfers
Some of our service providers may process data outside the Kingdom of Saudi Arabia. Where this occurs, we apply appropriate safeguards consistent with the PDPL and the cross-border transfer requirements issued by the Saudi Data & AI Authority (SDAIA).
Data retention
We retain personal data for as long as necessary to fulfil the purposes described in this policy, or for the period required by applicable law. When no longer needed, data is securely deleted or anonymised.
Security
We apply appropriate technical and organisational measures to protect your data from unauthorised access, disclosure, alteration, or destruction, including encryption in transit and access controls. However, no method of transmission over the internet can be guaranteed to be fully secure.
Your PDPL rights
Under the PDPL, you have the following rights regarding your personal data:
- The right to be informed of and access your personal data.
- The right to correct inaccurate or incomplete data.
- The right to request deletion when retention is no longer justified.
- The right to withdraw consent at any time.
- The right to object to certain processing.
- The right to lodge a complaint with the Saudi Data & AI Authority (SDAIA).
To exercise any of these rights, contact us at info@soufra.io.
Children
The service is not intended for direct use by individuals under 18 years of age, and we do not knowingly collect personal data from them. If we become aware of such data, we will delete it.
Cookies
We use cookies and similar technologies to operate the platform, remember your preferences, and measure performance. You can control cookies through your browser settings, though disabling them may affect some features.
Changes to this policy
We may update this policy from time to time. When we make material changes, we will notify you through the platform or by email. Your continued use of the service after changes take effect constitutes acceptance of them.
Contact
For any privacy-related or general enquiry, contact us at info@soufra.io.