namla
Resources Legal Privacy Policy
Legal

Privacy Policy

How Namla collects, uses, protects, stores, and governs personal and operational data.

February 16, 2026 LegalPrivacyCompliance
Privacy Policy

1) Our privacy commitments

Namla is a privacy-first firm. We apply the following baseline commitments across our websites, products, and services:

  • we never sell personal data,
  • we collect only data needed for legitimate and defined purposes,
  • we implement security-by-design and least-privilege controls,
  • we prioritize local hosting in Saudi Arabia for relevant workloads and data.

2) Scope of this policy

This policy applies to personal and related operational data processed through Namla digital channels, products, and service interactions.

Where a customer contract includes stronger or more specific data terms, that contract governs for that engagement.

3) Data we may collect

Depending on context, we may process:

  • contact details (name, email, phone, role, company),
  • service and account metadata (organization, usage context, support requests),
  • technical and security data (IP, device/browser data, logs, diagnostics),
  • communication content (meeting requests, support messages, business correspondence).

We do not intentionally collect unnecessary or unrelated personal data.

4) Why we process data

We process data to:

  • provide, operate, and secure services,
  • respond to requests, support, and business communications,
  • maintain service quality, reliability, and observability,
  • meet legal, contractual, and compliance obligations,
  • prevent abuse, fraud, and unauthorized access.

5) Data sharing and disclosure

Namla does not sell personal data.

We may share limited data only when necessary with:

  • contracted processors and infrastructure providers under confidentiality and security obligations,
  • authorized partners involved in delivering agreed services,
  • regulators or authorities when legally required.

We require relevant third parties to follow appropriate confidentiality and security controls.

6) Data residency and local hosting

Namla prioritizes Saudi-hosted infrastructure for relevant systems and data.

If a specific service requires controlled cross-border processing, we apply legal and technical safeguards based on contractual requirements and applicable regulations.

7) Security safeguards

Namla applies layered controls that may include:

  • encryption in transit and at rest where appropriate,
  • role-based access control and least-privilege permissions,
  • logging, monitoring, and incident-response procedures,
  • vulnerability management and secure engineering practices,
  • periodic reviews aligned to risk and compliance needs.

Our security and governance approach is designed with reference to relevant Saudi frameworks and guidance, including expectations associated with:

  • CST,
  • NCA,
  • SDAIA.

8) Retention and deletion

We retain data only as long as necessary for service delivery, legal obligations, and legitimate business purposes.

When no longer required, data is deleted, anonymized, or archived according to defined retention controls and legal requirements.

9) Your rights and requests

Subject to applicable law and contractual scope, you may request to:

  • access personal data processed by Namla,
  • correct inaccurate or incomplete data,
  • request deletion where legally and operationally permissible,
  • ask questions about our privacy and security practices.

To submit a request, contact: [email protected].

10) Cookies and analytics

Namla may use essential technical cookies and limited analytics mechanisms to maintain reliability and improve user experience.

We avoid collecting excessive tracking data and apply data minimization principles.

11) Policy updates

We may update this policy to reflect legal, regulatory, operational, or service changes.

The latest version and effective date will always be published on this page.

12) Contact

For privacy or data-protection inquiries: