Privacy Policy
Last updated: 2026-07-10 · العربية
1. What we collect — exactly
From the identity provider at sign-in: name, email, profile photo, and provider ID (Google is the currently enabled provider). What you provide: home country and nationality (to personalize visa information), visited countries with optional details (dates, duration, trip type, notes), your contributions (reviews, photos, places, questions and answers, phrases, votes, ideas, complaints), and your profile privacy preference. Automatically: the sign-in session (cookie), moderation logs of your actions, interactions features need (followed countries, notification preferences), and approximate usage data for page-update prioritization.
2. Your photos: location metadata is stripped before storage
Every photo you upload is re-encoded on arrival, deleting its EXIF metadata entirely — including GPS coordinates — before any storage. We never store where your photos were taken. This protection is built into the system, not just a policy promise.
3. What we do not collect
We do not collect precise geolocation, payment data (the platform currently has no payments), biometric data, or your browsing history outside the platform.
4. How we use your data
Service provision (your profile, nationality-based personalization, notifications); moderation — automated checks filter and flag for review while decisions on sensitive matters remain human per the published moderation matrix; content improvement via the harvest loop: extracting factual updates from public reviews into guide pages with attribution; aggregated anonymized statistics (trends, most-requested cities); and safety and legal compliance.
5. Future commercial uses — transparently
The platform may in future offer aggregated-insights products or a licensed API. Our standing commitment: your individual data is never sold or shared; anything beyond the public display of your content is in aggregated, anonymized form only.
6. Your rights under the PDPL
Under the Saudi Personal Data Protection Law you may: access your data, correct it, delete it, and withdraw consent [legal basis per processing purpose: LAWYER to map]. To exercise your rights: the 'Export my data' button in your profile settings produces an immediate copy of your data, the private-complaint channel in the Contribute system is designated for privacy requests and reaches administration directly, or write to the privacy contact listed in the footer.
7. Retention periods
Account data: until account deletion plus a reasonable wind-down window [exact period: LAWYER to set]. Moderation logs: retained for accountability and compliance. Public content woven into the platform: per the license clause in the Terms (content remains; identity attribution is deleted).
8. Cross-border data transfer
Data may be processed by categories of processors outside the Kingdom: cloud hosting (EU), file storage and CDN (Cloudflare), and AI processing (Anthropic — US) for moderation checks and summaries only. [The PDPL transfer-compliance mechanism MUST be verified by the lawyer before commercial activity, together with the SDAIA registration question.]
9. Breaches and contact
If a breach affects your data we commit to notifying the competent authorities and affected users per legal requirements. The designated privacy contact is listed in the site footer and reachable via the private-complaints channel.
10. Cookies, storage, and children
Our usage is deliberately light: one session cookie and local UI preferences. We collect aggregate, cookieless visitor statistics with no individual tracking (page counts and referral sources only) [processing basis: LAWYER to map]. No advertising trackers. The minimum age matches the Terms; we do not knowingly collect data below it, and accounts found underage are deleted.
Professional draft pending specialized (PDPL) legal review.