PDPL Compliance

Our Commitment

ZeroForget AI is designed from the ground up to comply with Saudi Arabia's Personal Data Protection Law (PDPL), enacted by Royal Decree M/19. We treat compliance as a foundational requirement, not an add-on feature.

Data Residency (Article 29)

All personal data is stored and processed exclusively in the AWS Bahrain region. Data is never transferred or replicated outside the region under any circumstances, including backups and disaster recovery.

Consent and Purpose Limitation (Articles 5 & 6)

• Explicit consent is obtained before collecting personal data
• Data is used only for the specific purpose it was collected for
• We do not share data with third parties without consent

Data Minimization (Article 10)

We collect only data necessary to provide our services. Data source connections are selective with clear justification for each source.

Right to Access and Deletion (Article 20)

• Individuals can access their personal data at any time
• Deletion requests are completed within 30 days
• Deletion covers all records, files, and encrypted keys
• Data export is available before deletion

Audit Trail (Article 32)

We maintain comprehensive audit logs for all access, modification, and deletion operations. Each log entry includes the actor, timestamp, and action taken.

Breach Notification (Article 24)

In the event of any data breach, we commit to notifying SDAIA and affected parties within the timeframes specified by the law.

Contact Us

For compliance inquiries: info@zeroforget.ai