Legal
Privacy Notice
Last updated: 5 May 2026
Who We Are
Profectus (profectus.sa) is a KSA AI governance advisory operating under Saudi law. We provide structured AI governance engagements to Saudi private sector organizations.
What We Collect
Contact name, company name, role, email address, and questionnaire responses submitted via the scorecard or contact form. We do not collect any other personal data.
How We Use It
To respond to enquiries, generate your scorecard report, and — only with your explicit consent — to contact you about our services. We do not sell, license, or share personal data with third parties for their own purposes.
Legal Basis
PDPL Article 5: legitimate interest for responding to enquiries you have initiated; consent for marketing communications. You may withdraw consent at any time by emailing privacy@profectus.sa.
Sub-Processors
HubSpot (CRM), Resend (email delivery), Vercel (hosting and serverless compute), Upstash (Redis cache). All data transits outside Saudi Arabia; transfer is conducted under standard contractual clauses.
Retention
Contact form submissions retained for 12 months. Scorecard responses retained for 30 days, then deleted.
Your Rights
Under PDPL Articles 4–8: right to access, correct, delete, and object to processing of your personal data. To exercise any right, contact us at: privacy@profectus.sa
No Cookies
This website does not use cookies or tracking scripts of any kind. No analytics platform is installed. No consent banner is required.
Privacy Contact
For any privacy-related request, enquiry, or complaint, please contact: privacy@profectus.sa