Privacy Policy

The data controller is the Mashfak team in the Kingdom of Saudi Arabia. For any privacy inquiry, contact privacy@mashfak.sa.

Account data: name and email when you register.

Usage data: pages visited, saved facilities, and reviews.

Location data: processed only with your explicit permission for the purpose of showing nearby facilities, and stored only when you choose to save them.

Technical data: IP address, browser and device type, and cookies strictly necessary to operate the service.

We process your data on the basis of: (1) your explicit consent at registration or when granting location permission, (2) performance of the contract to deliver the service, (3) legitimate interests in improving the platform and preventing fraud, (4) compliance with applicable Saudi regulations.

We use data to operate the platform, surface nearby facilities, save your bookmarks, manage your account, improve your experience, and prevent abuse. We do not sell your personal data to third parties.

We share limited data only with trusted service providers (such as hosting, analytics, and Google Maps) under contracts that protect confidentiality. We may disclose data to competent Saudi authorities in response to a lawful or judicial request.

Some data may be processed by service providers located outside the Kingdom. Such transfers are carried out in accordance with the PDPL and its Implementing Regulations, ensuring an adequate level of protection.

We use strictly necessary cookies for sign-in and to remember preferences (such as language). We do not use third-party advertising or cross-site tracking cookies.

We retain your data as long as your account is active or as needed to deliver the service. Upon deletion request, your account and related data are removed within 30 days, except where retention is legally required.

Right to know the legal basis and purposes of processing.

Right to access your data and obtain a copy.

Right to correct, complete, or update your data.

Right to request destruction of your data when it is no longer needed.

Right to withdraw consent at any time without affecting the lawfulness of prior processing.

Right to file a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA) if you believe processing breaches the law.

We apply reasonable technical and organizational measures to protect your data, including encryption in transit and access controls. In the event of a breach likely to cause harm, we will notify the competent authority and affected data subjects within statutory timelines.

The service is intended for users aged 18 and above. We do not knowingly collect data from minors. Such data is deleted once identified.

To exercise any of your rights or for any inquiry: privacy@mashfak.sa. We will respond within 30 days as required by law.