Last Updated: February 23, 2026
1) Data Controller Identity
This policy explains how personal data is collected, processed, and protected on the Cloudx website at the domain cloudx.sa. We are an information technology company based in the Kingdom of Saudi Arabia – Riyadh – Al Munsiyah District.
For privacy and data protection inquiries: privacy@cloudx.sa.
2) Scope of Application
This policy applies to data collected through the website, contact forms, email, business-related WhatsApp, and any digital interaction relevant to our services.
3) Data We Collect
- Identification and Contact Data: Name, email, mobile number, and entity name.
- Service Request Data: Type of service requested, project scope, related messages and attachments.
- Technical Data: IP address, browser type, device, pages viewed, visit time.
- Usage and Analytics Data: Performance measurement and interaction data via Google Analytics.
4) Data Sources
- Directly from the data subject (via forms or direct communication).
- Automatically during website use (cookies and usage logs).
- From a third party when there is authorization or a contractual relationship linked to the service request.
5) Processing Purposes
- Responding to inquiries and providing quotations and technical proposals.
- Executing contracts and projects, providing technical support and post-delivery service.
- Improving performance, user experience, content quality, and services.
- Complying with regulatory requirements and protecting legal rights.
6) Legal Basis for Processing
Data is processed based on one or more of the following bases: data subject consent, performance of a contract or service request, legitimate interest that does not conflict with the data subject’s rights, or a legal obligation under applicable regulations in the Kingdom of Saudi Arabia.
7) Cookies and Analytics
We use cookies to enhance user experience and measure performance. We also use Google Analytics to understand website usage and improve services. For more details, see the Cookie Policy.
You can manage cookies through your browser settings; disabling some may affect certain website functions.
8) Disclosure of Data to Third Parties
We do not sell personal data. We may share limited data – when necessary – with technical service providers (such as hosting, security, analytics) or with competent authorities when there is a legal obligation or judicial order.
9) Transfer of Data Outside the Kingdom
Processing or technical hosting may occur with providers outside the Kingdom when operationally necessary, applying appropriate contractual, regulatory, and technical controls to protect data in compliance with regulatory requirements.
10) Data Retention Period
We retain personal data for the period necessary to fulfill the purpose of its collection, or for the period required by law or contract, after which it is securely deleted, destroyed, or anonymized.
11) Data Subject Rights
Under applicable regulations, the data subject has the right – depending on the situation – to request knowledge of processing, request access, request correction or update, request deletion when the legal need ceases, and withdraw consent in cases based on consent.
To submit rights-related requests: legal@cloudx.sa.
12) Data Security and Incident Notification
We implement appropriate organizational and technical security measures to protect data from unauthorized access, loss, or unlawful disclosure, and we review controls periodically. In the event of a significant security incident, it is handled according to regulatory procedures.
13) Payments
Currently, payments are not collected electronically through the website. Any payments are made via bank transfer according to an approved contract or invoice.
14) Policy Updates
This policy may be updated when services or regulatory requirements change. The version published on this page is the approved version.
15) Applicable Law and Jurisdiction
This policy is governed by the laws of the Kingdom of Saudi Arabia, and jurisdiction for disputes shall be the courts of Riyadh City.
