Privacy Policy

In accordance with the Saudi Personal Data Protection Law (PDPL), the data controller is:

Name: Polaris Arabia

Website: polarisarabia.com

Email: [email protected]

Address: Kingdom of Saudi Arabia, Riyadh

For any questions regarding the processing of your personal data, please contact us at the email above.

We collect the following types of personal data:

a) Data you provide directly:

• Full name and email address upon registration

• Startup information (name, sector, stage, revenue)

• Cap table data (founder names, ownership percentages)

• Employee data in ESOP plans (names only, no sensitive personal data)

• Any content you enter into Platform tools

b) Data we collect automatically:

• Usage data and session logs

• IP address, browser type, and operating system

• Pages visited and time spent

• Cookies and similar tracking technologies

c) Data from third parties:

• Authentication data from login providers (Manus OAuth)

Under the PDPL, we process your personal data based on:

• Your explicit consent: When you register on the Platform and accept this Privacy Policy

• Contract performance: To provide the services you have requested

• Legitimate interests: To improve the Platform, ensure its security, and prevent fraud

• Legal obligation: To comply with Saudi regulatory requirements

You have the right to withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.

We use your personal data for the following purposes:

• Providing, operating, and improving Platform services

• Creating and managing your account and verifying your identity

• Personalizing your experience and saving your settings and data

• Sending service notifications and material updates

• Responding to your inquiries and support requests

• Complying with legal and regulatory requirements

• Analyzing usage patterns to develop the Platform (in aggregated, anonymized form)

We will not use your data for direct marketing without your explicit consent.

We do not sell your personal data to any third party. We may share your data in the following cases:

• Technical service providers: We use trusted cloud and technology services (such as storage and authentication) under strict data processing agreements

• Legal compliance: When requested by competent government or judicial authorities under Saudi regulations

• Rights protection: To protect the rights of Polaris Arabia, its users, or the public when necessary

• Business transfers: In the event of a merger or acquisition, with prior notice to you

When sharing data with third parties, we ensure an equivalent level of protection to that described in this Policy.

In accordance with Article 16 of the PDPL, your data may be transferred to servers outside the Kingdom of Saudi Arabia. We comply with the following safeguards:

• We ensure receiving countries provide an adequate level of data protection

• We use approved contractual safeguards where necessary

• We maintain records of cross-border data transfers as required by SDAIA

We retain your personal data for as long as necessary to fulfill the purposes described in this Policy:

• Account data: For the duration of your active account and up to 3 years after closure

• Usage data: 12 months from the date of collection

• Financial and legal records: 10 years as required by Saudi regulations

• Technical support data: 2 years from the date of resolution

After the retention period, we securely delete or anonymize your data.

The Saudi Personal Data Protection Law grants you the following rights:

• Right of Access: Obtain a copy of the personal data we hold about you

• Right to Rectification: Correct any inaccurate or incomplete data

• Right to Erasure: Request deletion of your data in cases permitted by law

• Right to Object: Object to the processing of your data in certain cases

• Right to Restrict Processing: Request restriction of data processing in specific circumstances

• Right to Data Portability: Receive your data in a machine-readable format

To exercise any of these rights, please contact us at: [email protected]

We will respond to your request within 15 business days as required by law.

We implement appropriate technical and organizational security measures to protect your data, including:

• Data encryption in transit using TLS 1.3 protocol

• Data encryption at rest using AES-256 standards

• Strict access controls and identity management

• Regular security reviews and penetration testing

• Incident response plans for security breaches

In the event of a security breach that may affect your data, we will notify you and the relevant regulatory authorities in accordance with legal requirements.

We use cookies for the following purposes:

• Essential: To operate the Platform and manage user sessions (cannot be disabled)

• Analytical: To understand how the Platform is used and improve it (can be declined)

• Preferences: To save your settings and preferred language

You can manage cookie preferences through your browser settings. Please note that disabling certain cookies may affect Platform functionality.

Our Platform is not directed at persons under 18 years of age, and we do not knowingly collect their personal data. If we become aware that we have collected personal data from a person under this age, we will delete it immediately. If you believe a minor has submitted data to us, please contact us.

If you have a complaint about the processing of your personal data, please:

1. Contact us first at: [email protected]

2. If you are not satisfied with our response, you have the right to file a complaint with the Saudi Data & AI Authority (SDAIA) at: sdaia.gov.sa

We may update this Policy periodically. We will notify you of any material changes via your registered email address or a prominent notice on the Platform at least 30 days before they take effect. The date of the last update is shown at the top of this page.