Back to home
Legal

Privacy Policy

Last updated: June 2026

Privacy Policy

Last updated: June 22, 2026

1. Introduction

Welcome to Atheir ("we", "us", or "our"), a Software-as-a-Service (SaaS) platform operated in the Kingdom of Saudi Arabia that provides WhatsApp chatbot automation (tree-based flows) and AI-powered smart reply services. This Privacy Policy explains how we collect, use, store, share, and protect your personal data in accordance with the Personal Data Protection Law (PDPL) — Royal Decree No. M/19 dated 9/2/1443H — and its implementing regulations.

By registering for or using Atheir, you acknowledge that you have read and understood this Policy.

2. Data Controller

Atheir Platform
Website: atheir.com
Email: [email protected]
Jurisdiction: Kingdom of Saudi Arabia

3. Data We Collect

3.1 Account & Registration Data
Name, email address, phone number, company name, and password (hashed) when you create an account.

3.2 WhatsApp Connection Data
To connect your WhatsApp account, we generate a QR code for scanning. Upon scanning, session credentials are stored securely on our servers to maintain the WhatsApp connection on your behalf. We do not store the content of personal conversations beyond what is necessary to operate chatbot flows and AI replies.

3.3 Message & Conversation Data
Incoming and outgoing WhatsApp messages processed through our platform are stored for the purpose of delivering chatbot responses, AI smart replies, CRM records, and campaign reporting. You control data-retention settings within your account.

3.4 Payment Data
Subscription payments are processed by Paymob (a licensed payment service provider). We do not store full card details. We receive only the transaction reference and payment status from Paymob.

3.5 Usage & Technical Data
IP addresses, browser type, pages visited, session duration, and platform feature usage — collected to improve service performance and security.

3.6 AI Processing Data
When the AI Smart Reply feature is enabled for a conversation, message content may be processed by our AI model to generate responses. Processing is governed by data-processor agreements with strict confidentiality obligations.

4. Legal Basis for Processing

We process your personal data under the following grounds permitted by PDPL:

  • Contractual necessity: to deliver the services you subscribed to.
  • Legitimate interest: fraud prevention, platform security, and service improvement.
  • Legal obligation: compliance with Saudi laws and regulatory orders.
  • Consent: for marketing communications (you may withdraw at any time).

5. How We Use Your Data

  • Provide and operate the Atheir platform and its features.
  • Process subscription payments and issue invoices in SAR including 15% VAT.
  • Deliver WhatsApp chatbot tree flows and AI smart replies on your behalf.
  • Send service notifications, security alerts, and support responses.
  • Analyze usage patterns to improve features and prevent abuse.
  • Comply with legal obligations under Saudi law.

6. Data Retention

Account data is retained while your account is active and for 5 years after closure to meet commercial and regulatory requirements under Saudi law. Message data is retained for the period you configure in your account settings. You may request earlier deletion subject to legal retention obligations.

7. Data Sharing

We do not sell your personal data. We share data only as follows:

  • Paymob: to process subscription payments.
  • WhatsApp / Meta: messages are routed through WhatsApp infrastructure per Meta's terms.
  • AI Service Providers: message content processed by AI models under data-processing agreements with strict confidentiality obligations.
  • Saudi Authorities: when required by law, court order, or regulatory request from ZATCA, CST, or other competent authorities.
  • Infrastructure Providers: hosting, CDN, and monitoring services operating under contractual data-protection obligations.

8. Cross-Border Data Transfers

We aim to store your data within the Kingdom of Saudi Arabia. Where transfer outside KSA is technically required (e.g., AI model inference, global CDN), we ensure adequate protection measures are in place as required by PDPL Article 29.

9. Data Security

We implement industry-standard security measures including HTTPS/TLS encryption for all data in transit, encrypted storage for sensitive credentials, HMAC-SHA256 signed webhooks, role-based access controls, and regular security audits. In the event of a data breach affecting your personal data, we will notify you and the competent authority as required by PDPL.

10. Your Rights Under PDPL

You have the right to:

  • Access: request a copy of your personal data we hold.
  • Correction: request correction of inaccurate or incomplete data.
  • Deletion: request deletion of your data where no legal retention obligation applies.
  • Data Portability: receive your data in a machine-readable format.
  • Objection: object to processing based on legitimate interest.
  • Withdraw Consent: for processing based on your consent.

To exercise these rights, email [email protected]. We will respond within the timeframes specified by PDPL.

11. Cookies

We use essential cookies for session management, language preferences, and security. No third-party advertising cookies are used. You can control cookies through your browser settings.

12. Children's Data

Atheir is a business platform intended for adults (18+). We do not knowingly collect data from minors.

13. AI Transparency

When AI Smart Reply is active on a conversation, responses may be generated automatically by an AI system. You can inform your customers of this through your chatbot flow. We do not use your message data to train our AI models without your explicit consent.

14. Updates to This Policy

We may update this Policy to reflect changes in law or our practices. We will notify you by email or in-app notice at least 14 days before material changes take effect.

15. Contact Us

Data Protection inquiries: [email protected] | atheir.com