Privacy Policy

Effective date: 1 May 2026 / 1 مايو 2026

This policy describes how Jabr collects, uses, and protects personal data, in accordance with the Saudi Personal Data Protection Law (PDPL) and SDAIA regulations.

1. Data We Collect

• Account data: Name, email, phone number, encrypted password
• Business data: Company name, CR number, VAT number, partner details
• Financial data: Journal entries, invoices, bank statements, financial reports
• Usage data: Login history, features used, session timing
• Device data: Browser type, OS, IP address

2. How We Use Your Data

We use data exclusively for: operating and improving the accounting service; processing payments and subscriptions; sending technical alerts and service notifications; regulatory compliance; and improving AI models to serve users better. We do not sell your data or share it for marketing or advertising purposes.

3. Data Storage and Security

Data is stored on Google Cloud infrastructure in the Middle East region (UAE/Qatar) where available. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Daily automated backups are maintained.

4. Data Retention

• Active account data: for the duration of the subscription
• Financial data: 5 years after account cancellation (per ZATCA requirements)
• Usage logs: 90 days
• You may request deletion of your account at any time

5. Third Parties (Sub-processors)

• Google Firebase: Database, authentication, and storage
• Anthropic (Claude AI): AI model processing — data is not used to train general public models
• Payment processor: Bank transfer verification only

6. Your Rights

Under PDPL, you have the right to: access and export your data; correct inaccurate data; delete your account and data; and object to data processing. To exercise these rights, contact: privacy@jabr.sa

7. Breach Notification

In the event of a security breach affecting your data, we will notify SDAIA within 72 hours and contact you directly as soon as possible.

8. Contact

Data Protection Officer: privacy@jabr.sa