Privacy Policy
Last updated: 21 May 2026
This Privacy Policy explains how Riscora ("we", "our", "us") collects, uses, and protects your personal data in compliance with the Saudi Personal Data Protection Law (PDPL) and applicable international privacy standards. By using our website or services you agree to the practices described below.
1. Who we are
Riscora is an AI-native Virtual Risk Manager service operated as a beta program by [Riscora Operating Entity TBD].
Contact us about privacy: privacy@riscora.app
2. What data we collect
Information you give us directly
- Email address (when you sign up for the demo or early access program)
- Name, company name, sector, employee count (when you submit the early access form)
- Documents you upload to the platform (when using the demo or paid product)
Information collected automatically
- Browser type, IP address, device type, pages visited, time spent on pages
- Cookies used to maintain your session and remember preferences (no third-party advertising cookies at this time)
No sensitive personal data
We do not knowingly collect or process special categories of personal data (health, religion, political opinion, etc.)
3. Why we collect it
- To deliver the Riscora demo and product features you request
- To communicate with you about the early access program, product updates, and educational content (you can opt out anytime)
- To improve the product through aggregate usage analysis
- To comply with legal obligations in KSA and other jurisdictions where we operate
4. Lawful basis for processing (PDPL)
We rely primarily on explicit consent when you submit forms on our site, and on legitimate business interest for limited operational analytics.
You can withdraw consent at any time by emailing privacy@riscora.app.
5. Where your data is stored
Personal data is currently hosted in Microsoft Azure West Europe (Netherlands), with strict access controls.
Document content submitted via the demo is processed in-memory and not persisted; document content submitted via paid product features is encrypted at rest.
6. Who we share data with
- Service providers we contract for hosting, AI model inference, email delivery, and analytics, under written data-processing agreements
- No sale of personal data: we never sell or rent your personal data to third parties
- Legal disclosure: we may share data when required by KSA law, court order, or to protect against fraud or security threats
7. Your rights under PDPL
- Right to know what personal data we hold about you
- Right to access a copy of your personal data
- Right to correct inaccurate personal data
- Right to delete your personal data, subject to limited legal retention requirements
- Right to object to specific processing activities
- Right to withdraw consent at any time
To exercise any of these rights, email privacy@riscora.app with proof of identity. We will respond within 30 days.
8. Data retention
- Marketing leads: retained for 24 months from last interaction, then deleted
- Demo session data: deleted within 90 days of session end
- Paid product data: retained per the customer's contract, deleted within 30 days of contract termination
- Audit logs (legally required): retained for 7 years
9. Cookies
- Essential cookies: remember your session, theme preferences, language. Cannot be disabled (without breaking the site).
- Analytics cookies: none currently. If we add Google Analytics in future, we'll update this policy and request explicit consent.
- Advertising cookies: none.
10. Children's data
Riscora is a B2B product not intended for individuals under 18. We do not knowingly collect data from minors.
11. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the latest version. Material changes will be communicated by email to active users.
12. Contact
- Privacy questions or PDPL rights requests: privacy@riscora.app
- General contact: hello@riscora.app
- Mailing address: [Riscora Operating Entity TBD, Riyadh, Kingdom of Saudi Arabia]