📅 Updated: May 2026
Official Privacy Policy

We Protect Your Data
and Respect Your Privacy

This policy explains how we collect, use, share, and protect your personal data when you use the Ecomflow platform for managing e-commerce stores.

📅 Effective: May 12, 2026 🇸🇦 Saudi Arabia ⚖️ PDPL Compliant 🔒 Encrypted & Secured
📋
Section 1

Data We Collect

We collect only the data necessary to operate the platform and deliver our services at the highest quality.

  • Account data: Full name, email address, phone number, username, and BCrypt-encrypted password.
  • Business data: Store name, brands, branches, commercial registration, tax number, and location addresses.
  • Subscription & payment data: Plan details, invoices, payment history, and contract data.
  • Usage data: Login logs, IP addresses, device type, operating system, and preferred language.
  • Images & documents: Profile photos, brand logos, uploaded business documents and contracts.
  • Employee data: Employee names, job roles, departments, and their login credentials.
💡

Data Minimisation Principle

We follow the data minimisation principle — we do not collect any data that does not serve a specific and necessary purpose in operating the platform.

⚙️
Section 2

How We Use Your Data

We use your data exclusively for legitimate purposes related to operating the platform and delivering its services.

  • Operating the platform and delivering all its services and features correctly.
  • Managing your account, employee permissions, and configuring job roles.
  • Processing subscriptions, issuing invoices, and tracking payment records.
  • Sending important operational notifications such as subscription renewals and security alerts.
  • Improving platform performance and resolving technical faults and software issues.
  • Complying with applicable legal and regulatory requirements in Saudi Arabia.
🚫

What We Do Not Do

We do not use your data for targeted advertising, nor do we sell it or share it with marketing partners without your explicit consent.

🤝
Section 3

Data Sharing

We never sell your personal data. We share it only in the narrow cases specified below.

  • Technical service providers: Trusted partners who help operate the platform (cloud hosting, email services, payment gateways), all bound by strict confidentiality agreements.
  • Legal requirements: When a formal legal request or court order is issued by a competent government authority under applicable Saudi law.
  • Rights & safety protection: When strictly necessary to defend the rights of the company or its users, or to protect their safety.
  • Business transfer: In the event of a merger or acquisition, users are notified in advance and data protection continues under this policy.
🔐
Section 4

Data Security

We apply a multi-layered security system to ensure your data is protected at all times.

🔑
BCrypt + Salt Password encryption
🎫
JWT Tokens Secure session management
🌐
HTTPS / TLS Encrypted data transfer
🚫
Account Lockout After failed attempts
👤
RBAC Role-based access control
📋
Audit Logs Full operation monitoring
ℹ️

No internet data transmission method is 100% secure. Despite our best efforts, absolute security for every transmission cannot be guaranteed.

🗓️
Section 5

Data Retention

We retain your data as long as your account is active or as long as necessary to provide our services to you.

During active account

All personal and business data is kept in full to ensure uninterrupted service delivery.

Within 90 days of account termination

Personal data is permanently deleted unless there is a legal obligation requiring its retention.

7 years for financial records

Invoices, contracts, and financial records are retained for 7 years per ZATCA requirements.

⚖️
Section 6

Your Rights Under PDPL

Saudi Arabia's Personal Data Protection Law (PDPL) grants you full rights over your data.

👁️
Right to Access

Obtain a full copy of the data we hold about you at any time.

✏️
Right to Rectify

Correct any inaccurate or incomplete data relating to your account.

🗑️
Right to Erasure

Request deletion of your data when no longer needed or consent is withdrawn.

⏸️
Right to Restrict

Request restriction of processing during a dispute or review.

🚫
Right to Object

Object to processing your data for any marketing purpose at any time.

📦
Right to Portability

Receive your data in a machine-readable electronic format for transfer.

📬

To exercise any of these rights, email us at support@ecomflowksa.com. We will respond within 30 business days of receipt.

🍪
Section 7

Cookies

We use only essential cookies for login session management and saving preferences. We do not use marketing tracking cookies.

  • Session cookies: Maintain your login state and expire automatically when the browser is closed.
  • Preference cookies: Store your settings such as preferred language and interface appearance.
👶
Section 8

Children's Privacy

Ecomflow is intended exclusively for business entities and adults (18 years and older).

We do not knowingly collect children's data. If you discover that a child has submitted data without a guardian's permission, please contact us immediately at support@ecomflowksa.com and we will delete that data promptly.

🔄
Section 9

Policy Updates

We may update this policy periodically. We will notify you of material changes before they take effect.

  • Material changes are notified via registered email 30 days before taking effect.
  • Update notifications appear in-app on first login after the modification.
  • Continued use of the platform after the effective date constitutes explicit acceptance of the revised policy.
📬
Section 10

Contact the Privacy Team

For any questions about your privacy or data, our team is ready to help.

🔒

Have a Question About Your Privacy?

Our dedicated privacy team is fully prepared to answer all your questions and handle your requests professionally and promptly.

✉️ support@ecomflowksa.com 💬 Customer Support
⏱️
Response Time
30 business days
🌍
Languages
English
📍
Location
Saudi Arabia