Privacy Policy

Last Updated: January 2025

Introduction

At Afkar Alawlama Company, we are committed to protecting your privacy. This privacy policy explains how we collect, use, and protect your personal information.

Data Collection

We collect the following information:

  • Personal identification information (name, email, phone number)
  • Company and customer information
  • Invoice and transaction data
  • Usage and system access information
  • Sensitive ZATCA data (private/public keys, CSID, encryption certificates)
Data Use

We use your data for the following purposes:

  • Providing and managing system services
  • Processing invoices and transactions
  • Improving our services and communicating with you
  • Integration with ZATCA system for invoice submission and compliance verification
Data Protection

We use advanced security measures to protect your data from unauthorized access, alteration, or disclosure.

Protection of Sensitive ZATCA Data

We give special attention to protecting sensitive ZATCA data:

  • Private and public keys are encrypted and stored securely
  • Encryption certificates (CSID) are protected with multiple security layers
  • Credentials are encrypted in the database
  • Access to ZATCA data is restricted only to authorized users
  • We use advanced security protocols (TLS/SSL) for all communications with ZATCA
  • We do not share sensitive ZATCA data with third parties except when legally necessary
Data Sharing

We do not sell or rent your personal data to third parties. We may share data only when legally necessary or with ZATCA authority as required.

ZATCA Data Sharing

Regarding sensitive ZATCA data:

  • We only share data required to complete ZATCA integration (such as signed invoice XML)
  • Private and public keys are never sent to ZATCA or any third party
  • We use keys only to sign invoices locally before submission
  • All communications with ZATCA are encrypted and secured
User Rights
  • Right to access your personal data
  • Right to correct inaccurate data
  • Right to delete your data under certain circumstances
  • Right to object to processing your data
  • Right to know how your ZATCA data is being used
  • Right to request information about who has access to your sensitive ZATCA data
ZATCA Integration and Sensitive Data

Our system integrates with Zakat, Tax and Customs Authority (ZATCA) to submit electronic invoices. This integration requires collecting and storing sensitive data:

Data We Collect from ZATCA Account:
  • Private and Public Keys - Used to digitally sign invoices
  • Encryption Certificate (CSID - Compliance Stamp Identifier)
  • API Credentials for accessing ZATCA interfaces
  • Company information registered with ZATCA (Tax Number, Commercial Registration)
  • Submission and response logs from ZATCA
How We Use This Data:
  • Private Keys: To digitally sign invoices before submission to ZATCA
  • Public Keys: To verify signature validity
  • CSID: To identify the company in ZATCA system
  • Credentials: To securely connect to ZATCA API interfaces
  • Logs: To track invoice status and troubleshoot issues
Special Security Measures:
  • All private keys are encrypted using strong encryption (AES-256)
  • Access to ZATCA data is restricted only to authorized users (Admins)
  • We use advanced security protocols (HTTPS/TLS) for all communications
  • Sensitive logs are protected from unauthorized access
  • We maintain encrypted backups of ZATCA data
Contact

For privacy policy inquiries:
Email: info@afkaralawlama.com