SandooqiHome

Privacy Policy

Last updated: May 7, 2026

One-line summary

We take the minimum data we need. We don't sell it. We don't share with advertisers.

1. What we collect

  • Shop name + email — to create your account.
  • Recovery code — randomly generated, stored hashed.
  • Entries and closures — what you type (amount, category, note, date).
  • Technical signals — IP, browser, aggregated device fingerprint, timestamps. Used to prevent abuse.
  • Subscription / payment status — we never receive card details (these go directly to Moyasar).

2. Why

  • Run the service.
  • Send subscription / closure notifications you opt into.
  • Prevent fake-account farming and attacks.
  • Aggregate analytics for product improvement (no personal identifiers).

3. Sharing

We don't sell your data. We share with:

  • Moyasar — payment processing, regulated by the Saudi Central Bank.
  • Email provider — to send subscription receipts and monthly reports (Pro).
  • Government authorities — only with a valid Saudi court order.

4. Retention

  • Account data: as long as the account exists.
  • After deletion: fully purged within 30 days (backups age out).
  • Payment records: 5 years per ZATCA requirements.

5. Your rights (PDPL)

Under Saudi Arabia's Personal Data Protection Law:

  • Access a full copy of your data.
  • Correct mistakes.
  • Delete your account and data.
  • Withdraw consent or object to processing.

To exercise these: privacy@sandooqi.sa

6. Security

Encrypted at rest, HTTPS in transit. Passwords / recovery codes never appear in plain text in our logs.

7. Cookies & analytics

Strictly necessary cookies only — to keep you signed in. No advertising or third-party trackers.

If you accepted the privacy banner on first visit, we run analytics tools to understand how you use Sandooqi so we can improve it:

  • Google Tag Manager — loads Google Analytics 4 (page views, most-used screens).
  • Microsoft Clarity — aggregated session replay with password and sensitive-input masking.
  • Cloudflare Web Analytics — cookie-free, no personal identifiers. Always on (it never identifies you).

All free tools. We never share your data with advertisers. You can withdraw consent anytime — the tools stop on this device immediately.

Changed your mind?

8. Children

Not directed to under-18s. We don't knowingly collect children's data.

9. Changes

Material changes notified by email 14 days before they take effect.

10. Contact

Data Protection Officer: privacy@sandooqi.sa