1. Who this covers
This policy explains how Adwan Development Company Ltd. (“BoardOS”, “we”) handles personal data when organisations and their board members use the BoardOS platform. It is written with the requirements of the Saudi Personal Data Protection Law (PDPL) in mind.
For governance content created by your organisation, we act on your organisation's instructions; your organisation's administrator is your first point of contact for access and corrections.
2. What we collect
Account data: your name (English and Arabic), email address, role, professional title and, if provided, phone and biography.
Governance content: the meetings, documents, minutes, resolutions, votes, action items, notes and messages your organisation creates in the platform.
Security and audit data: sign-in events, passkey registrations, document access logs, electronic-signature records (including timestamp, network address and device information) and an organisation-level audit trail. These records exist to protect confidential board material and support your organisation's compliance.
3. How we use it
Solely to operate, secure and support the Service: signing you in, delivering notifications and reminders, generating board packs and signed minutes, maintaining audit trails, and responding to support requests.
We do not sell personal data, we do not use it for advertising, and we do not use customer content to train artificial-intelligence models.
5. How we protect it
Encryption in transit and at rest; passwordless authentication (one-time links and passkeys); role-based access with committee-level scoping; per-recipient document watermarking; access logging; and tamper-evident signature hashes on signed minutes.
Our staff access customer content only when strictly necessary to resolve a support issue, and with the organisation's permission.
6. Where data lives
Production data is hosted in the European Union (Frankfurt), encrypted at rest. Saudi data-residency options for regulated entities are on our roadmap; regulated customers should contact us to discuss their requirements before onboarding.
7. How long we keep it
Governance records are retained for the life of your organisation's subscription — that permanence is a deliberate feature of a board system of record. Deactivated members' historical records are preserved for the organisation's audit trail.
After termination, your organisation may request export and deletion; we delete production data on request, subject to legal retention obligations and backups that expire on their normal cycle.
8. Your rights
Subject to the PDPL, you may request access to and correction of your personal data, and deletion where it is no longer required for the purposes above. Because most data in BoardOS belongs to your organisation's governance record, start with your organisation's administrator; you can also contact us directly and we will respond within a reasonable period.
You can manage your own name, title, biography, language and passkeys at any time from your account settings.
9. Changes to this policy
We will notify organisation administrators of material changes before they take effect and record the date of the latest revision at the top of this page.
Questions about this document? Contact us at privacy@boardos.app — we answer governance and compliance questions directly, not through a chatbot.