Privacy Notice
Saudi Architectural Compliance System
Sections
Account & Profile
Examples: name, email address, organization
Purpose: account creation, authentication, profile management, support and billing
Authentication Tokens & Session Data
Examples: access tokens, refresh tokens, temporary session tokens stored client-side
Purpose: secure authentication, session management, logout and token revocation
Project Metadata
Examples: project name, description, location, intended purpose, building tier
Purpose: project management, search, display, and analysis context
Uploaded Files & Images
Examples: photographs or other documents you upload
Purpose: carry out requested analyses, generate reports, display within the project interface
Chat / Conversation Content
Examples: messages you send to the chat interface or analyst assistant
Purpose: chat functionality, context for analysis, generating AI-assisted responses
AI Analysis Outputs & Derived Data
Examples: structured analysis results, metrics, and metadata derived from your files
Purpose: present analysis results in the application and for project record-keeping
Logs & Operational Metadata
Examples: system logs, request metadata, error traces (may include identifiers)
Purpose: debugging, monitoring, security, and incident response
What is transmitted:
When you request analysis or use the chat assistant, the system may transmit the following to our AI provider:
- The textual prompt created by the system which includes user-provided text and system context
- Images you uploaded (either as data or as URLs referencing stored images)
- Related project metadata when necessary to give context for the analysis
Purpose:
Per-request analysis to produce architectural insights and structured outputs shown back to you in the project.
Does the AI provider train on my data?
Our per-request use is for generating responses and analyses. The AI provider may log errors. The logs may contain input data, such as inputs and outputs, as well as metadata. Such logging is only used for ensuring reliable operation of the service and enforcing the Acceptable Use and Responsible AI Policy and customer’s compliance with use restrictions in customer’s Services Agreement
Your responsibilities:
Do not upload personal data of third parties (for example, third-party identification documents, photographs containing identifiable people, or other private personal data) unless you have a lawful basis and the necessary consents to share that data. Uploaded content may be transmitted to third-party AI services as described above.
Third-Party AI Provider
Purpose: Per-request AI analysis and generation of responses based on image(s) and prompt text. Data sent typically includes the textual prompt built by the server and references to, or data of, your uploaded images.
Infrastructure Providers (Internal Storage & Backup)
Purpose: To store your files and data (database, object storage, backups).
Monitoring / Analytics Providers (if used)
Purpose: Application monitoring and performance analytics. If any external monitoring vendors are used, they will be listed in our vendor disclosures.
Authorized Internal Personnel and Administrators
Purpose: Support, debugging, exports required for business operations or legal compliance.
Temporary Session Credentials
Retained until expiry; automated cleanup is implemented for temporary credentials.
AI Analysis Outputs (Project Analysis Results)
AI analysis results are retained until the user deletes them.
Conversation History / Chat Messages
Conversation history and chat messages are retained until the user deletes them.
User Profile Data (Account Information)
User profile data is retained until the user deletes their account.
We provide deletion mechanisms for user data and AI outputs.
View / Access
You can view and update your account profile via the account settings in the app.
Rectify / Update
You can update your profile information in the app.
Delete (Right to Erasure)
Users can delete their data by clicking the delete button for the relevant record.
Portability
You can export your personal data from the account settings in the app.
To protect your privacy, we verify identity before fulfilling requests affecting account data.
We use industry-standard security measures to protect your data: encrypted storage for sensitive fields, authenticated API access, and session token management. We also maintain temporary file cleanup for analysis jobs. We continue to improve security posture and adopt secret management best practices.
Will my images be shared with an AI provider?
Yes — images and prompts used for analysis are transmitted to a third-party AI provider to generate the analysis you request. We will ask for your consent where required.
Can I remove an uploaded file and the analysis results?
Users can delete their uploads and AI outputs by clicking the delete button for the upload or analysis result.
Does the system sell my personal data?
No. We do not sell personal data.
This public privacy notice is written for end users. A more detailed internal technical appendix with implementation details and evidence is maintained internally for audits and regulators and is not published in the public notice.