Legal

Privacy Policy

سياسة الخصوصية

Board material is among the most sensitive data an organisation has. This is exactly what we do — and don't do — with yours.

بيانات مجالس الإدارة من أكثر البيانات حساسية. هنا نوضح بالضبط كيف نتعامل معها. النسخة العربية الرسمية ستصدر بعد المراجعة القانونية.

Last updated: 9 July 2026Draft v0.2 — subject to legal review before first paying customer.

1. Who this covers

This policy explains how Adwan Development Company Ltd. (“BoardOS”, “we”) handles personal data when organisations and their board members use the BoardOS platform. It is written with the requirements of the Saudi Personal Data Protection Law (PDPL) in mind.

For governance content created by your organisation, we act on your organisation's instructions; your organisation's administrator is your first point of contact for access and corrections.

2. What we collect

Account data: your name (English and Arabic), email address, role, professional title and, if provided, phone and biography.

Governance content: the meetings, documents, minutes, resolutions, votes, action items, notes and messages your organisation creates in the platform.

Security and audit data: sign-in events, passkey registrations, document access logs, electronic-signature records (including timestamp, network address and device information) and an organisation-level audit trail. These records exist to protect confidential board material and support your organisation's compliance.

3. How we use it

Solely to operate, secure and support the Service: signing you in, delivering notifications and reminders, generating board packs and signed minutes, maintaining audit trails, and responding to support requests.

We do not sell personal data, we do not use it for advertising, and we do not use customer content to train artificial-intelligence models.

4. Who we share it with

No one, except the service providers that host and deliver the platform under contract: Vercel (application hosting), Supabase (database and file storage, EU — Frankfurt) and Resend (transactional email). Each processes data only on our instructions.

We disclose data to authorities only where the law requires it, and we will notify your organisation's administrator unless legally prevented.

5. How we protect it

Encryption in transit and at rest; passwordless authentication (one-time links and passkeys); role-based access with committee-level scoping; per-recipient document watermarking; access logging; and tamper-evident signature hashes on signed minutes.

Our staff access customer content only when strictly necessary to resolve a support issue, and with the organisation's permission.

6. Where data lives

Production data is hosted in the European Union (Frankfurt), encrypted at rest. Saudi data-residency options for regulated entities are on our roadmap; regulated customers should contact us to discuss their requirements before onboarding.

7. How long we keep it

Governance records are retained for the life of your organisation's subscription — that permanence is a deliberate feature of a board system of record. Deactivated members' historical records are preserved for the organisation's audit trail.

After termination, your organisation may request export and deletion; we delete production data on request, subject to legal retention obligations and backups that expire on their normal cycle.

8. Your rights

Subject to the PDPL, you may request access to and correction of your personal data, and deletion where it is no longer required for the purposes above. Because most data in BoardOS belongs to your organisation's governance record, start with your organisation's administrator; you can also contact us directly and we will respond within a reasonable period.

You can manage your own name, title, biography, language and passkeys at any time from your account settings.

9. Changes to this policy

We will notify organisation administrators of material changes before they take effect and record the date of the latest revision at the top of this page.

Questions about this document? Contact us at privacy@boardos.app — we answer governance and compliance questions directly, not through a chatbot.