Privacy Policy
Last updated: 2026-07-05
This policy explains how Nawat Nexus Company, commercial registration no. 705471961, Kingdom of Saudi Arabia ("Nawat", "we") collects and uses personal data when you use the Nawat platform (nawatnexus.sa). We process personal data in accordance with the Saudi Personal Data Protection Law (PDPL).
1. Data we collect
Account data: your name, email address, and sign-in details (or your identity as provided by your organization’s sign-in provider, such as SSO, a directory, or Nafath).
Content: the work items, comments, files and settings that you and your organization create in the service. Your organization controls this content.
Usage and technical data: sign-in events, security events (such as failed attempts), feature-usage analytics collected first-party to improve the product, device/browser type and IP address in server logs.
Billing data: your plan, seats and payment history. Card payments are processed by our licensed payment provider (Moyasar); we do not store card numbers.
2. Why we process it
To provide and secure the service (authentication, roles and permissions, audit logging, fraud and abuse prevention); to bill and manage subscriptions; to send service notifications (which you can tune per event); to support you; and to improve the product using aggregated usage insights.
3. Legal basis
We rely on the performance of our contract with you, our legitimate interests in securing and improving the service, compliance with legal obligations, and your consent where the law requires it.
4. Sharing
We do not sell personal data. We share it only with processors needed to run the service: cloud hosting infrastructure, our payment provider (Moyasar) for payments, and email delivery providers for notifications, each bound to process data only on our instructions. Enterprise customers may choose to route notification email through their own mail servers. We may disclose data where required by law or competent authority.
5. Security
Data is encrypted in transit and at rest; sensitive fields are additionally protected so they are not stored in readable form. The platform supports multi-factor authentication, role-based access, failed-sign-in lockout, session controls, and an audit log of security events and administrative actions.
6. Retention
We keep personal data while the account or organization is active and as needed for legal, billing and security purposes, then delete or anonymize it. Organizations that leave the service may request an export of their content within a reasonable period.
7. Your rights
Under the PDPL you may request access to your personal data, correction, deletion, or a copy, and you may object to certain processing. Where your account is managed by your organization (for example through its directory or SSO), some requests are fulfilled through your organization’s administrator. Contact us at info@nawatnexus.sa and we will respond within the statutory period.
8. Cookies and local storage
The service uses strictly necessary browser storage to keep you signed in, and first-party analytics of feature usage. The marketing site and product do not use third-party advertising trackers.
9. Where data is processed
The service runs on secure cloud infrastructure. For enterprise customers with data-residency requirements, in-Kingdom hosting is available under contract.
10. Children
The service is a business tool and is not directed to individuals under 18.
11. Changes and contact
We may update this policy; the date above reflects the current version, and material changes will be notified in the product or by email. Questions and requests: Nawat Nexus Company, CR 705471961, Kingdom of Saudi Arabia, info@nawatnexus.sa.