Privacy Policy

Last updated: January 2025

1. Introduction

ANDEXA ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our sovereign AI analytics platform.

As a company dedicated to data sovereignty, we have designed our services to comply with the Saudi Personal Data Protection Law (PDPL) and the National Cybersecurity Authority (NCA) Essential Cybersecurity Controls.

2. Data Sovereignty Commitment

ANDEXA is deployed 100% on-premises within your organization's infrastructure. This means:

  • Zero Data Egress: Your organizational data never leaves your facility
  • Air-Gapped Architecture: Complete isolation from external networks when required
  • Local Processing: All AI processing occurs within your data center
  • Saudi Data Residency: Full compliance with Kingdom of Saudi Arabia data localization requirements

3. Information We Collect

3.1 Business Contact Information

When you request a demo or contact us, we collect:

  • Name and job title
  • Organization name
  • Business email address
  • Business phone number
  • Inquiry details and communication preferences

3.2 Technical Information

For website visitors, we may collect:

  • IP address (anonymized)
  • Browser type and version
  • Pages visited and interaction patterns
  • Referring website

3.3 Your Organizational Data

ANDEXA processes your organizational data only within your premises. We do not have access to, nor do we collect, any data processed by the ANDEXA platform deployed in your environment.

4. How We Use Your Information

We use collected business contact information to:

  • Respond to your inquiries and demo requests
  • Provide product information and updates
  • Deliver customer support services
  • Send relevant communications (with your consent)
  • Improve our products and services

5. Legal Basis for Processing (PDPL Compliance)

Under the Saudi Personal Data Protection Law, we process your data based on:

  • Consent: When you submit inquiries or subscribe to communications
  • Legitimate Interest: To provide requested services and maintain business relationships
  • Contractual Necessity: To fulfill our obligations under service agreements
  • Legal Compliance: To meet regulatory requirements in Saudi Arabia

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share information with:

  • Service Providers: Trusted partners who assist in business operations (under strict confidentiality agreements)
  • Legal Authorities: When required by Saudi Arabian law or valid legal process
  • Business Transfers: In connection with mergers, acquisitions, or asset sales (with notice)

7. Data Security

We implement comprehensive security measures including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and audits
  • Employee training on data protection
  • Incident response procedures

8. Your Rights Under PDPL

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Restriction: Request limitation of processing
  • Portability: Request transfer of your data
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw previously given consent

9. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy, or as required by Saudi Arabian law. Business contact information is typically retained for the duration of the business relationship plus a reasonable period afterward.

10. Cookies and Tracking

Our website uses essential cookies to ensure proper functionality. We use analytics cookies only with your consent to improve our services. You can manage cookie preferences through your browser settings.

11. International Data Transfers

As a Saudi-focused company committed to data sovereignty, we minimize international data transfers. When necessary for business operations, we ensure appropriate safeguards are in place in accordance with PDPL requirements.

12. Children's Privacy

Our services are designed for business use and are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children.

13. Changes to This Policy

We may update this Privacy Policy periodically. Significant changes will be communicated through our website or direct notification. The "Last updated" date indicates when the policy was last revised.

14. Contact Us

For privacy-related inquiries or to exercise your rights, contact us at:

ANDEXA Data Protection Officer
Email: privacy@andexa.ai
Address: Riyadh, Kingdom of Saudi Arabia

15. Regulatory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Saudi Data & Artificial Intelligence Authority (SDAIA).