Privacy Policy

Effective date: 13 May 2026

This policy explains how Naqaa collects, uses, and protects personal data when you use our services. We comply with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia and its implementing regulations issued by the Saudi Data & AI Authority (SDAIA).

1. About us

Naqaa is a laundry management system serving laundries operating in Saudi Arabia. Naqaa is a freelance business activity registered in the Kingdom of Saudi Arabia with Monsha'at (the Saudi General Authority for Small and Medium Enterprises) under freelance permit no. FL-376520615.

For all matters relating to this policy, contact us at support@naqaa.tech or on WhatsApp at +966 58 281 0217.

2. Data we collect

a. Laundry account data (admin account)

  • Name, email, mobile phone, laundry name, city.
  • VAT number and Commercial Registration (CR) number where needed for tax invoices.
  • Bank transfer details recorded for subscription renewal.
  • Login and in-app activity logs (for security and audit).

b. Your customers' data (processed on your behalf)

When you use Naqaa to manage your laundry customers, the following data may be entered and stored in your account:

  • End-customer name and mobile phone number.
  • Delivery address and order notes (optional).
  • Orders, payments, refunds, and loyalty points.

As the laundry, you are the "data controller" for your customers' data under the PDPL, and Naqaa acts as the "data processor" that stores and processes this data on your instructions and behalf.

c. Technical data collected automatically

  • IP address, browser, and device type (for security and troubleshooting).
  • Cookies necessary to keep your session active.

3. Why we collect this data

  • To operate the system and provide the features you subscribed to.
  • To issue invoices, track payments, and renew subscriptions.
  • To provide technical support and answer your inquiries.
  • To improve performance and notify you of failures or suspicious activity.
  • To comply with Saudi regulatory requirements (e.g., ZATCA tax requirements).

4. Legal basis for processing

We process your data under one of the following PDPL bases:

  • Contract performance: the subscription contract between you and Naqaa.
  • Legitimate interest: system security, fraud prevention, and service improvement.
  • Legal obligation: invoicing, tax reports, accounting records.
  • Your explicit consent: when you share receipts via WhatsApp links or send SMS notifications to your customers.

5. Where data is stored

All Naqaa data is stored in PostgreSQL databases held by Neon Inc. ("the sub-processor") in data centers located in Frankfurt, Germany, within the European Union. Neon maintains ISO/IEC 27001 and SOC 2 standards, and the data is subject to protection standards equivalent to or exceeding those required by PDPL (the EU GDPR framework).

As the laundry (the controller for your end-customer data), your subscription to Naqaa constitutes explicit consent to this cross-border transfer and processing through Naqaa under Article 29 of the PDPL. If the Saudi Data & AI Authority (SDAIA) later issues additional requirements for cross-border data transfers, we will update this policy and notify you in advance.

6. Retention period

  • Account and transaction data: kept for the duration of your subscription plus thirty (30) days after cancellation.
  • Invoice and financial records: retained for the period required by applicable Saudi laws (including ZATCA requirements).
  • Security and audit logs: up to two years maximum.
  • On full deletion request, personal data is removed except where retention is required by law.

7. Data sharing

We do not sell your data. We may only share it with:

  • Service providers that support system operations: Neon (database), Resend (email delivery), Sentry (error monitoring), Unifonic (SMS delivery, when enabled).
  • Competent government authorities when legally required under Saudi law.
  • Your end customers when you share an order receipt via WhatsApp link.

8. Your rights under PDPL

As a data subject, you have the right to:

  • Obtain a copy of your data we hold.
  • Request correction of inaccurate data.
  • Request deletion of your data (except data we must retain by law).
  • Withdraw consent at any time for consent-based processing.
  • File a complaint with the Saudi Data & AI Authority (SDAIA).

To exercise any of these rights, contact us at support@naqaa.tech. We will respond within 30 days at the latest.

9. Data security

  • Data is transferred between your browser and our servers over HTTPS with TLS 1.2 or later.
  • Passwords are hashed using Argon2id.
  • Each laundry's data is isolated at the database level (Row-Level Security).
  • Daily backups with periodic restore testing.
  • Monitoring for suspicious activity and failed login attempts.

10. Children's privacy

Naqaa is a service for business entities, not children under the age of 18. We do not knowingly collect data from minors.

11. Changes to this policy

We may update this policy from time to time. If material changes are made, we will notify you via your registered email at least 30 days before the change takes effect. Continued use of the system after the effective date constitutes acceptance of the updated version.

12. Contact

For privacy inquiries or to exercise your rights: