Privacy Policy

How PUIUX collects your data, why, and what your rights are under Saudi Arabia's Personal Data Protection Law.

Last updated: 2026-04-24

1. Who We Are

PUIUX (“we”, “us”, or “the Company”) operates the puiux.com website and related software services. We are a Saudi software house founded in 2016, specializing in mobile app development, web applications, and custom software systems. We operate from three branches within the Kingdom of Saudi Arabia: Riyadh (headquarters), Ta'if, and Sakakah.

We process your personal data in compliance with the Saudi Personal Data Protection Law (PDPL) issued by Royal Decree M/19 and its Implementing Regulations, in addition to relevant international privacy standards.

For any inquiry regarding this policy, contact us at hello@puiux.com or call ‎+966 11 520 16 55. Registered address: مجمع يو ووك، شارع التخصصي, Riyadh, Saudi Arabia.

2. Data We Collect

We collect the minimum data necessary to deliver our services and respond to your inquiries. The data we process falls into the following categories:

a) Data you voluntarily provide via contact or quote-request forms:

  • Full name
  • Email address
  • Phone number (optional)
  • Company or organization name (optional)
  • Project description or inquiry

b) Data you provide when subscribing to our newsletter:

  • Email address only

c) Data collected automatically when you visit the site (with your cookie consent):

  • IP address (stored in truncated form for statistical purposes)
  • Browser type and operating system
  • Pages visited and time spent
  • Referrer URL
  • Device type (mobile / desktop)

d) Technical data kept in server logs for cybersecurity and error-handling purposes: incoming requests, response codes, and timestamps. These logs are automatically deleted within 30 days.

3. Purposes and Legal Basis

We process your personal data exclusively for the following legitimate purposes:

  • Responding to your inquiries and providing quotes — basis: your explicit consent when submitting the form.
  • Performing software service contracts and providing support — basis: execution of the contract.
  • Sending newsletters and marketing content — basis: your voluntary subscription, with the right to unsubscribe at any time.
  • Measuring site performance and improving user experience via analytics tools — basis: your consent for analytics cookies.
  • Protecting the site from abuse and fraud — basis: the Company's legitimate interest in safeguarding its digital assets.
  • Complying with legal and regulatory obligations in Saudi Arabia — basis: legal compliance.

We will not use your data for any other purpose without your prior explicit consent, and we do not make automated decisions that produce legal effects on you.

4. Data Retention

We do not retain your personal data for longer than actually necessary to achieve the purpose for which it was collected. Retention periods:

  • Contact-form submissions: retained for a maximum of 24 months from your last interaction, then deleted unless the interaction becomes a contractual relationship.
  • Contracted-client data: retained for the duration of the contract and five years after it ends, in compliance with Saudi accounting and tax regulations.
  • Newsletter subscription data: retained until you unsubscribe.
  • Anonymized analytics data: retained for 26 months per the Google Analytics 4 default.
  • Technical server logs: automatically deleted within 30 days.

5. Data Sharing with Third Parties

We do not sell your personal data under any circumstances. We share the minimum necessary data with trusted external processors bound by data-processing agreements (DPAs):

  • Vercel Inc. — hosting of the website frontend (servers in the Frankfurt region).
  • Hostinger — hosting of our automation servers (n8n) on a dedicated VPS.
  • Google LLC — analytics tools (Google Analytics 4) and Google Tag Manager, configured with IP anonymization.
  • Email providers: Gmail (Google Workspace) and encrypted SMTP for automated replies.
  • Competent Saudi governmental and judicial authorities — only upon receipt of a lawful order issued under proper legal procedures.

Some data may be transferred for processing to servers located outside the Kingdom of Saudi Arabia. In such cases we apply appropriate safeguards including encryption requirements, binding processing agreements, and reliance on providers that adhere to recognized international standards.

6. Cookies and Similar Technologies

We use cookies to enhance your experience on the site. These cookies are categorized as:

  • Strictly necessary: required for site operation and cannot be disabled (session, language preferences).
  • Analytics: help us understand how the site is used via Google Analytics 4. Activated only with your consent.
  • Marketing: used to measure the effectiveness of Google Ads campaigns (when active). Activated only with your consent.

You can adjust your preferences at any time through your browser settings or refuse non-essential cookies. Refusing certain cookies may affect the performance of some site features.

7. Your Rights Under the PDPL

The Saudi Personal Data Protection Law grants you the following rights, which you may exercise free of charge at any time:

  • Right to be informed: to know the legal basis and purpose of data collection.
  • Right of access: to obtain a copy of the personal data we hold about you.
  • Right to rectification: to request correction of inaccurate data or completion of incomplete data.
  • Right to erasure: to request deletion when processing is no longer needed or when you withdraw consent.
  • Right to object: to object to processing for marketing purposes or based on legitimate interest.
  • Right to data portability: to receive your data in a structured, machine-readable format.
  • Right to withdraw consent: to withdraw previously given consent at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, email us at hello@puiux.com stating the right you wish to invoke. We commit to responding within a maximum of 30 days. If you are unsatisfied with our response, you have the right to file a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA).

8. Data Security

We apply reasonable technical and organizational controls to protect your data from unauthorized access, loss, or alteration, including:

  • Encrypted communications via HTTPS/TLS.
  • Encryption of databases and backups.
  • Access controls on a need-to-know basis.
  • Periodic review of access and activity logs.
  • Team training on personal data protection principles.

In the event of a potential breach affecting your personal data, we commit to notifying the competent regulatory authority within the statutory timeframe, and notifying you directly if the breach is likely to cause you material harm.

9. Children's Privacy

Our services are directed at business and adult individual customers. We do not knowingly collect personal data from children under the age of 18. If we become aware that we have collected data from a child without legal-guardian consent, we will delete it immediately. If you are a legal guardian and believe we hold a child's data, please contact us immediately.

10. Changes to This Policy

We may update this policy from time to time to reflect changes in our services or regulatory requirements. For any material change, we will publish the updated version on this page and update the "Last updated" date at the top, and we may notify you directly by email if you are subscribed to our mailing lists.

Your continued use of the site after any update constitutes your acceptance of the revised policy.

11. Contact Us

For any inquiry or request regarding your data privacy, contact PUIUX's data protection contact via:

  • Email: hello@puiux.com
  • Phone: ‎+966 11 520 16 55
  • Address: مجمع يو ووك، شارع التخصصي, Riyadh, Saudi Arabia

We commit to responding to your inquiry as soon as possible and within the timeframes prescribed by law.