Privacy Policy

Mobcoder Saudi Arabia (“we”, “us”, “our”, or “Mobcoder Saudi”) is a technology services company providing software development, IT consulting, web and mobile application development, and related professional services in the Kingdom of Saudi Arabia. This Privacy Policy describes how we collect, use, disclose, retain, transfer, and otherwise process Personal Data in the course of our business, including data collected via our website, digital properties, client engagements, recruitment processes, and other interactions.

This Policy is governed by the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia, its Implementing Regulations, and other applicable Saudi laws. The Arabic version of this Policy (when prepared and certified) will prevail in case of any inconsistency or conflict between language versions.

This Privacy Policy applies to Personal Data processed by Mobcoder Saudi in the context of:

For the purposes of this Policy, defined terms align with the PDPL and common data protection practice:

We collect and process the following categories of Personal Data, as necessary and proportionate to the relevant purpose:

Under the PDPL and applicable legal requirements, we rely on one or more lawful bases to process Personal Data. Where relevant, we will identify the specific basis in privacy notices or contractual documentation. The typical legal bases we rely on include:

(a) Consent: when processing requires explicit consent under PDPL (for marketing communications, certain cookies, or processing of Sensitive Personal Data). Consent will be specific, informed, and revocable.

(b) Contractual necessity: processing necessary for the performance of a contract to which the data subject is party, including pre-contractual steps at the request of a data subject (e.g., proposals, delivery of services).

(c) Legal obligation: processing required to comply with applicable laws, regulations, court orders, tax or regulatory obligations (e.g., record-keeping for VAT or workforce compliance).

(d) Legitimate interests: where our legitimate interests (or those of a third party) justify processing and such interests are not overridden by the data subject's fundamental rights and freedoms. Legitimate interest processing is applied only after conducting an internal Legitimate Interest Assessment and documenting safeguards.

(e) Vital interests / public interest: where necessary to protect vital interests or when PDPL permits processing in the public interest as prescribed by law.

Processing of Special / Sensitive Personal Data will be undertaken only where lawful under PDPL (for example, with explicit consent or where permitted for employment and legal obligations) and with heightened safeguards.

We obtain Personal Data via the following lawful and transparent means:

(a) Directly from you: when you submit inquiry or contact forms, register for services, apply for a job, communicate by email or telephone, attend meetings, or otherwise interact with our staff.

(b) Automatically: through cookies, web beacons, analytics, and other tracking technologies when you visit our websites and digital properties. This includes IP addresses, device identifiers, browser type, pages visited, and interactions.

(c) From third parties: from clients, partners, public sources, recruiters, background check providers, social media platforms (where you have agreed to share such data), payment processors, and other service providers acting as Controllers or Processors.

(d) From internal sources: generated during service delivery (project data, logs, technical metadata), performance and HR systems, and other lawful internal records.

We will inform you at or before the point of collection of the purposes for which we will process your Personal Data and the legal basis relied upon.

We process Personal Data for specified, explicit, and legitimate purposes, including but not limited to:

(a) Delivering services, proposals, and contractual obligations, including software development, deployment, maintenance, support, and consulting services.

(b) Managing client relationships, sales and business development, responding to enquiries, providing quotes and proposals, and performing pre-contractual activities.

(c) Recruitment, onboarding, HR administration, payroll, benefits, performance management, training, and statutory compliance for employees and contractors.

(d) Billing, invoicing, tax, accounting, and financial administration.

(e) Providing customer support, troubleshooting, security incident response, and service improvements.

(f) Marketing communications, newsletters, event invitations, and promotional activities, where lawful and subject to applicable opt-in or opt-out rights.

(g) Website analytics, quality assurance, product development, and user experience improvements.

(h) Fraud prevention, risk management, legal compliance, internal investigations, and to protect the rights, property, and safety of Mobcoder Saudi, our clients, and others.

(i) Compliance with legal and regulatory obligations, including record-keeping and responding to lawful requests by competent authorities.

We will not process Personal Data for purposes incompatible with those disclosed at the time of collection unless we provide notice and obtain lawful basis for the new purpose.

Our websites use cookies, local storage, pixels, log files, analytics, and similar technologies to provide functionality, remember preferences, measure performance, and tailor content. Cookies fall into categories such as strictly necessary (essential), performance/analytics, functional, and advertising/targeting.

We provide clear information about the cookies we use and their purposes. Where required by law or regulation, we obtain consent prior to setting non-essential cookies. You may control cookies using your browser settings or our cookie consent mechanism available on the website, which allows you to accept or reject categories of cookies. Disabling certain cookies may affect website functionality.

Opt-out mechanism: For analytics cookies and targeted advertising, we use partners (e.g., analytics providers, advertising networks). You can opt out of tracking by adjusting cookie settings in our cookie banner, using your browser privacy controls, or using partner opt-out tools (links provided in the cookie settings page). For marketing emails, you may opt out using the unsubscribe link in the message or by contacting us at the contact details provided in this Policy.

We will not sell your Personal Data. We may share Personal Data in the following limited circumstances:

(a) Internal recipients: authorized Mobcoder Saudi employees, contractors, and affiliates on a need-to-know basis to perform services and business functions and who are bound by confidentiality obligations.

(b) Service providers and Processors: third-party vendors engaged to perform services on our behalf, such as cloud hosting providers, analytics platforms, payment processors, recruitment and background-check providers, customer support tools, professional advisors, and auditors. Such processors are selected after due diligence and contractually required to process data only on our instructions and to implement appropriate security measures.

(c) Clients and business partners: where the transfer is necessary for service delivery, contracting, or joint operations and pursuant to a contract or lawful basis that governs data usage.

(d) Legal and regulatory authorities: when disclosure is required by law, court order, regulator (including Saudi authorities), or to protect legal rights, prevent fraud, or to respond to a lawful request. We will only disclose the minimum Personal Data necessary to satisfy such requests.

(e) Corporate transactions: in the event of a reorganization, merger, sale, financing, acquisition, or transfer of all or a portion of our business or assets, Personal Data may be transferred to the successor entity subject to confidentiality protections and, where required, notice to affected Data Subjects.

When engaging third-party recipients, we will ensure contractual safeguards consistent with PDPL and its Implementing Regulations, including data processing agreements that impose confidentiality, security, and permitted-use restrictions.

Cross-border transfers of Personal Data outside the Kingdom of Saudi Arabia may occur for legitimate operational purposes (e.g., use of international cloud providers, development teams, or partners). Such transfers will be undertaken only where permitted under PDPL and its Implementing Regulations and where appropriate safeguards are in place.

We rely on one or more of the following safeguards and mechanisms for international transfers:

(a) Transfer with the Data Subject's explicit consent for the specific transfer and processing purpose, where required.

(b) Ensuring that the receiving jurisdiction provides an adequate level of protection as recognized under PDPL or has comparable safeguards; where applicable, we will document assessments and safeguards.

(c) Standard contractual clauses, binding corporate rules, or equivalent contractual and organizational measures acceptable under PDPL and its Implementing Regulations.

(d) Any other legal mechanism permitted by PDPL, in accordance with the relevant authority's guidance.

Data subjects will be informed of cross-border transfers where required, and we will maintain records of transfers and safeguards applied. Transfers to countries that do not provide comparable levels of protection will only occur when necessary and accompanied by appropriate safeguards or the data subject's consent.

We retain Personal Data only as long as necessary to fulfill the purposes for which it was collected, to meet legal and regulatory obligations, to resolve disputes, and to enforce agreements. Retention periods vary according to the category of Personal Data and purpose; typical retention periods include:

Under PDPL, data subjects have the following rights in relation to Personal Data we process, subject to legal limitations and exceptions:

(a) Right of access: the right to request confirmation of whether we process your Personal Data and to obtain a copy of the Personal Data we hold about you.

(b) Right to rectification: the right to request correction of inaccurate or incomplete Personal Data.

(c) Right to erasure (deletion): the right to request deletion of Personal Data where processing is no longer necessary, consent is withdrawn, or processing is unlawful, subject to legal retention obligations.

(d) Right to withdraw consent: where processing is based on consent, the right to withdraw consent at any time without prejudice to processing carried out prior to withdrawal.

(e) Right to restriction of processing: the right to request temporary suspension of processing in certain circumstances (for example, where accuracy is contested).

(f) Right to object: the right to object to processing based on legitimate interests or direct marketing, including profiling for such purposes.

(g) Right to portability: where applicable, the right to receive Personal Data in a structured, commonly used, machine-readable format and to transmit it to another Controller, when processing is based on consent or contractual necessity and carried out by automated means.

(h) Right to lodge a complaint: the right to lodge a complaint with the competent authority and to seek judicial remedies in accordance with PDPL.

We will process requests to exercise rights in a timely manner and in accordance with PDPL requirements, subject to verification of identity and any applicable exemptions.

To exercise any of your Data Subject rights, please contact us using the contact details provided below or via our designated privacy request channel on our website. When you submit a request, we will:

(a) Acknowledge receipt promptly and provide guidance on any additional information required to verify identity.

(b) Respond within the timelines required by PDPL and its Implementing Regulations (default response periods are as provided under PDPL; where specific statutory timeframes apply, we will comply; otherwise, we aim to respond within 30 calendar days of receipt).

(c) Provide the requested information or take action or explain any lawful reason for refusing the request (in whole or in part).

(d) Where we require additional time to respond due to complexity, we will inform you of the extension and its reasons.

If you are not satisfied with our response, you have the right to file a complaint with the Saudi Data & AI Authority (SDAIA) or to seek other remedies available under PDPL.

We implement technical and organizational measures designed to protect Personal Data from unauthorized access, disclosure, alteration, loss, or destruction. Measures include, where appropriate:

(a) Logical and physical access controls, role-based access restrictions, and least-privilege principles.

(b) Encryption of data in transit (e.g., TLS/HTTPS) and at rest where appropriate.

(c) Secure configuration and patch management of systems and infrastructure.

(d) Use of reputable cloud service providers and contractual security obligations for processors.

(e) Regular data protection and security awareness training for employees.

(f) Incident response, logging and monitoring, vulnerability management, and penetration testing programs.

(g) Data minimization, separation of duties, and pseudonymization where feasible.

Despite these safeguards, no system or transmission over the internet is fully secure. In the event of a data breach affecting Personal Data, we will follow PDPL breach notification procedures and notify SDAIA and affected data subjects as required by law.

Our services and website are intended for business and adult users. Under Saudi norms and PDPL, the minimum age for certain processing without parental consent is determined by law and industry guidance. We do not knowingly collect or solicit Personal Data from children under 18 years of age through our services. If we become aware that we have collected Personal Data of a child under applicable age thresholds without appropriate parental consent, we will take reasonable steps to delete that data without undue delay.

Our website may contain links to third-party websites, platforms, or services. We are not responsible for the privacy practices, content, security, availability, or policies of those third parties. This Policy applies only to Personal Data collected by Mobcoder Saudi. You should review the privacy policies of any third-party website before providing Personal Data.

We may update this Privacy Policy to reflect changes in our practices, statutory requirements, or for operational, technical, or legal reasons. When we make material changes, we will post the updated Policy with a revised "Last Updated" date and, where required by law, obtain fresh consents or provide notice. The updated Policy will apply to Personal Data collected after the effective date. Continued use of our website or services following publication constitutes acceptance of the updated Policy.

If you have questions, requests, or concerns about this Privacy Policy or our processing of Personal Data, please contact:

If you are not satisfied with our response to a privacy request or believe your Personal Data has been processed in violation of PDPL, you may file a complaint with the Saudi Data & AI Authority (SDAIA) or other competent regulatory authorities. SDAIA contact details and complaint procedures are available on SDAIA's official website. You also retain any judicial remedies available under Saudi law.

This Policy is prepared in English for convenience.