• No raw files or personally identifiable data uploaded to the platform are stored beyond the processing duration.

• Aggregated and anonymized analysis results are preserved solely for auditing, compliance verification, and future reference by the data owner.

• Data lifecycle policies are enforced: data is deleted securely once it is no longer required, ensuring full compliance with PDPL.

• All initial processing occurs locally in the user's browser (client-side) to minimize data exposure.

• Submitted data is processed in-memory only, with secure deletion immediately after completion.

• End-to-end encryption (AES-256) ensures all data in transit and at rest is fully protected.

• No raw content is ever stored in any database, safeguarding personal information.

• Codata is designed following SDAIA-approved best practices and fully adheres to the Saudi Personal Data Protection Law (PDPL).

• Regular internal and external audits are conducted to verify continuous compliance.

• No data is shared with third parties unless legally required, and all consent is respected.

• Users may request access to all personal data held by the platform.

• Users may request correction, deletion, or restriction of processing of their personal data.

• Users can withdraw consent for any processing activities at any time in accordance with PDPL.

• Users may file complaints or inquiries regarding privacy practices with our Data Protection Officer.

For questions regarding your personal data, rights, consent, or privacy practices, contact our Data Protection Officer at privacy@codata.sa. We aim to respond to all requests within 30 business days.