Home/Privacy Policy

Privacy Policy

Effective Date: April 2, 2026Last Updated: April 4, 2026

The Ark AI Company Ltd. ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you use TrizGPT (the "Service"). It also describes your rights under the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and the Saudi Personal Data Protection Law (PDPL).

1. Information We Collect

1.1 Information You Provide

  • Account data: Name, email address, password (hashed), and optional profile information
  • Payment data: Billing address and payment method details (processed by Moyasar — we do not store raw card data)
  • Problem inputs: Problem statements, context, and responses you submit to the AI
  • Communications: Support tickets, emails, and feedback you send us

1.2 Information Collected Automatically

  • Usage data: Features used, session length, clicks, problem categories, API calls
  • Device/browser data: IP address, browser type/version, operating system, device identifiers
  • Log data: Server logs, error reports, timestamps
  • Cookies: Session cookies, preference cookies, analytics identifiers

1.3 Information from Third Parties

  • OAuth providers: If you sign in via Google or GitHub, we receive your name and email
  • Payment processors: Moyasar provides transaction confirmations and billing status

2. How We Use Your Information

We use collected information to:

  • Provide, operate, and improve the Service
  • Process payments and manage subscriptions
  • Authenticate users and maintain account security
  • Send transactional emails (receipts, security alerts)
  • Send product updates and marketing communications (with consent where required)
  • Analyze usage trends to improve performance
  • Detect and prevent fraud, abuse, or security incidents
  • Comply with legal obligations

Legal bases (GDPR): Contract performance, legitimate interests, legal obligation, or consent.

3. How We Share Your Information

We do not sell your personal data. We share data only:

  • Service providers: Vendors under data processing agreements (hosting, email, analytics, payments, error monitoring)
  • Business transfers: In connection with merger, acquisition, or asset sale
  • Legal requirements: When required by law or court order
  • With your consent: Any other sharing requires explicit consent

Key sub-processors: Moyasar, AWS (hosting), Postmark (email), Sentry (error monitoring), PostHog (analytics).

4. Data Retention

Data TypeRetention Period
Account dataDuration of account + 30 days post-deletion
Problem inputs/outputsPro/Enterprise: indefinite; Free: 30 days per session
Payment records7 years (legal/tax requirement)
Usage/analytics data24 months rolling
Server logs90 days
Marketing consent records3 years from last interaction

After the retention period, data is securely deleted or anonymized.

5. Cookies

  • Essential cookies: Required for login and security. Cannot be disabled.
  • Preference cookies: Store settings (theme, language). Can be disabled.
  • Analytics cookies: Usage patterns (PostHog). Opt out via cookie banner.
  • Marketing cookies: Only with explicit consent. Off by default.

6. Data Security

We implement: TLS/HTTPS in transit, AES-256 encryption at rest, hashed passwords (bcrypt), role-based access controls, regular security audits, and incident response procedures. We will notify affected users and regulators of breaches as required by law.

7. Your Rights (GDPR — EU/EEA Residents)

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data
  • Restriction: Limit processing of your data
  • Portability: Receive your data in machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: At any time where processing is consent-based

To exercise rights, email [email protected]. We respond within 30 days. You may lodge a complaint with your local data protection authority (DPA).

8. Your Rights (CCPA/CPRA — California Residents)

  • Right to Know: Categories and specific pieces of personal information collected, used, shared
  • Right to Delete: Request deletion (subject to exceptions)
  • Right to Correct: Correct inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell or share personal information for cross-context behavioral advertising
  • Right to Non-Discrimination: We will not discriminate for exercising these rights

Submit requests to [email protected] or use the in-app privacy request form. Categories collected (last 12 months): Identifiers, commercial information, internet/network activity, usage inferences.

9. Your Rights (PDPL — Saudi Arabia Residents)

The Ark AI Company Ltd. is subject to the Saudi Personal Data Protection Law (PDPL), issued by Royal Decree M/19, effective March 2022 and enforced from September 2023, as administered by the National Data Management Office (NDMO).

9.1 Legal Basis for Processing

We process your personal data based on:

  • Contractual necessity: To fulfill our service obligations under your account agreement
  • Explicit consent: For marketing communications and optional features
  • Legal obligation: Where required by Saudi law
  • Legitimate interests: Service security, fraud prevention, and analytics (balanced against your rights)

9.2 Your PDPL Rights

  • Right to Access: Request disclosure of personal data we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements
  • Right to Data Portability: Receive your personal data in a structured, machine-readable format
  • Right to Withdraw Consent: Revoke consent at any time; withdrawal does not affect prior processing
  • Right to Object: Object to processing where based on legitimate interests
  • Right to Lodge a Complaint: File a complaint with the NDMO (ndmo.gov.sa)

9.3 Consent

Where consent is the legal basis, we obtain explicit, informed consent before processing. You may withdraw consent at any time by contacting [email protected] or adjusting your account settings.

9.4 Cross-Border Data Transfers

Where we transfer personal data outside the Kingdom of Saudi Arabia, we ensure adequate protections are in place in accordance with PDPL Article 29, including:

  • Transfers to countries with adequate protection as determined by NDMO
  • Contractual safeguards (data processing agreements with standard clauses)
  • We will not transfer data in a manner that prejudices Saudi national interests or violates PDPL requirements

9.5 Sensitive Personal Data

We do not intentionally collect sensitive personal data (as defined by PDPL) unless explicitly required and with your explicit consent.

To exercise your PDPL rights, email: [email protected]. We respond within 30 days.

10. International Data Transfers

The Ark AI Company Ltd. is headquartered in the Kingdom of Saudi Arabia. We operate global infrastructure to deliver the Service. When data is processed or stored outside Saudi Arabia:

  • EU/EEA transfers rely on Standard Contractual Clauses (SCCs)
  • All cross-border transfers comply with PDPL Article 29 requirements
  • We maintain data processing agreements with all sub-processors

11. Deletion Requests

To delete your account:

  • Go to Settings > Account > Delete Account, or
  • Email [email protected] with "Delete my account" in the subject line

We complete deletion within 30 days (billing records retained 7 years per legal requirement).

12. Children's Privacy

The Service is not directed to children under 13 (or under 16 in the EU). Contact [email protected] if you believe we have collected data from a child.

13. Governing Law

This Privacy Policy is governed by the laws of the Kingdom of Saudi Arabia, including the PDPL, the Anti-Cybercrime Law, and any applicable NDMO regulations.

14. Changes to This Policy

We will notify you of material changes via email or in-app notice at least 14 days before they take effect.

15. Contact

[email protected]

The Ark AI Company Ltd. | trizgpt.ai

Terms of ServiceRefund PolicyPricingContact Sales