Rishat Tadwin
Coming soon — contact us
Back to home

Privacy Policy

Last updated: March 1, 2026

Our commitments at a glance

PDPL compliant
We never sell your data
End-to-end encryption
Your rights protected

Scope & Regulatory Framework

Rishat Tadwin ('the Platform') is committed to protecting its users' personal data in accordance with the Saudi Personal Data Protection Law (Royal Decree No. M/19 dated 9/2/1443 AH) and its Executive Regulations. This policy explains how we collect, process, store, and protect your personal data when you use the platform's services, including digital services (freelance), 'Raje' (government-errand reviews), and 'Risha & Hibr' (document printing and pickup). By using the platform, you acknowledge that you have read this policy and consent to processing your data accordingly. The platform is registered and operated within the Kingdom of Saudi Arabia.

Personal Data We Collect

We collect the following personal data based on a clear legal basis (data subject consent or performance of the service contract): Registration & identity data: • Full name and mobile number • Email address and residence address • Profile picture (optional) Identity verification data (for providers): • National ID or residence number — via Nafath or manual verification • Professional qualifications and certificates • Commercial registration (for print shops and businesses) • Bank account (IBAN) for payouts Transaction data: • Order details and financial history • Documents and files uploaded for service execution • Messaging content within the platform Technical data collected automatically: • IP address, browser, and device type • Geolocation (with your consent where needed — e.g., to find the nearest Risha & Hibr print shop) • Cookies and session identifiers

Data Disclosure & Sharing

We do not sell your personal data. We disclose it only in the following cases: With providers on the platform: • Only information necessary to fulfill your order (name, order details) • Documents and files required to complete the service • Communication happens exclusively through the platform's internal messaging With technical service providers (data processors): • Payment gateways licensed by the Saudi Central Bank (Mada, Visa, Mastercard, Apple Pay) • Hosting and cloud infrastructure providers • Analytics services — after full anonymization • All data processors are bound by data-protection agreements With Nafath (Unified National Access): • Provider identity verification via the Digital Government Authority's Nafath portal With government and regulatory bodies: • In response to judicial orders and lawful requests • Upon request from competent authorities (CST, SDAIA) • To protect our legal rights or user safety

Security & Technical Measures

We apply security, technical, and organizational measures to protect your personal data in line with best practices and information-security standards: Encryption: • All communications encrypted with TLS 1.3 • Sensitive data at rest encrypted with AES-256 • Passwords hashed with one-way algorithms (bcrypt) Access control: • Tiered permissions limited to the minimum necessary access • Multi-factor authentication for admin and sensitive systems • Logging and monitoring of all data access Infrastructure: • Hosting on certified data-center servers • Regular encrypted backups with disaster-recovery plans • Periodic security testing and vulnerability assessments Organizational measures: • Binding confidentiality agreements with all personnel • Regular security-awareness training • Clear incident-response procedures and regulatory notification

Cookies & Tracking

We use cookies and similar technologies for the following purposes: Strictly necessary (no consent required): • Session management and authentication • Saving language preferences (Arabic/English) • Session protection and CSRF prevention Analytics (with your consent): • Measuring platform performance and load speed • Understanding page and service usage patterns • Improving UX based on anonymized data Marketing (with your explicit consent): • Measuring ad-campaign effectiveness • Presenting tailored content based on your interests You can manage or disable cookies in your browser settings. Disabling necessary cookies may affect your ability to use the platform.

Data Retention Period

We retain your personal data for as long as needed to achieve the purpose of collection or as required by law: Account data: • Throughout your account's active period on the platform • After account closure or deletion: one year, unless the law requires otherwise Documents & files: • 90 days after order completion and delivery acceptance • You may request earlier deletion Financial & accounting records: • 10 years per ZATCA regulations Identity verification data: • Throughout the provider's active period, then one year after account closure Technical & security logs: • 12 months maximum After the retention period, data is deleted or irreversibly anonymized.

Data Subject Rights

The Personal Data Protection Law grants you the following rights, which we are committed to enabling you to exercise: Right to be informed: • To know the purpose of collecting your data and the legal basis for processing Right of access: • To obtain a copy of your personal data we hold Right to rectification: • To request correction of inaccurate or incomplete data Right to erasure: • To request deletion of your personal data when the purpose no longer applies • Subject to legal obligations that may require retention Right to withdraw consent: • To withdraw your consent to processing at any time • Without affecting the lawfulness of processing before withdrawal Right to object: • To object to processing your data for direct marketing Right to data portability: • To receive your data in an electronic, readable, and usable format To exercise any of these rights, reach out via the email shown in the 'Contact & Inquiries' section below. We will respond within no more than 30 days of receipt.

Children's Data Protection

The platform is directed at individuals 18 years or older, and we do not knowingly collect personal data from minors. If we learn that we have collected data from a person below the legal age, we will delete it immediately and close the associated account. If you are a guardian and believe a minor under your care has created an account, please contact us to take appropriate action.

Policy Updates

We may update this policy from time to time to align with legal changes or technical developments. For material changes: • We will notify you via the email registered in your account • We will publish a clear notice inside the platform • We will update the 'Last updated' date at the top of this page • We may request renewed consent to material changes before continued use We recommend reviewing this policy periodically.

Competent Regulatory Authority

The authority responsible for supervising the Personal Data Protection Law in Saudi Arabia is the Saudi Data & AI Authority (SDAIA). You have the right to file a complaint with the authority if you believe your data has been processed contrary to the law's provisions.
SDAIA official website(https://sdaia.gov.sa)

Contact & Inquiries

For any inquiries related to this policy or to exercise your rights, reach our Data Protection Officer via the following channels:

We will respond to all inquiries and requests within a maximum of 30 days.

Questions about privacy?

Our data-protection team is available to answer your questions and requests