Privacy Policy

Version 2026-05 · Last updated May 12, 2026

This page is a starter template. The operator deploying Next EAM is responsible for replacing this copy with their actual Privacy Policy, reviewed against PDPL and any local jurisdiction-specific privacy laws, before commercial launch.

1. What we collect

We collect the information you provide when you create a workspace or accept an invitation (name, email, role) plus the operational records you store in the product (assets, work orders, attachments). We do not collect biometric or sensitive financial data.

2. Lawful basis

We process your personal data under the consent you give when you accept these terms. Tenant administrators may additionally process personal data under the legitimate interest of operating their organisation.

3. Your rights under PDPL

Right of access — request a copy of your personal data. Tenant administrators can produce a Data Subject Access Request (DSAR) pack on demand.
Right to correction — request that inaccurate personal data is corrected.
Right to deletion — request that your personal data is erased subject to legal retention.
Right to withdraw consent — contact your tenant administrator to record withdrawal.

4. Data residency

Each operator chooses the hosting region. KSA-resident deployments keep all workspace data inside Saudi Arabia.

5. Sharing with third parties

Third-party processors are only used when your tenant administrator explicitly enables them (email delivery, AI providers, telemetry). Data minimisation rules apply — for example, AI prompts are PII-masked by default.

6. Breach notification

In the event of a personal data breach we notify the National Data Management Office (NDMO) within 72 hours per PDPL Article 20 and notify affected tenant administrators in the same window.

7. Contact

Privacy questions or rights requests: contact your tenant administrator, who will route to the operator's Data Protection Officer.