1. Introduction
VASTSOFT ("Company", "we", "us", or "our") operates the VOrder platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service in compliance with the Kingdom of Saudi Arabia's Personal Data Protection Law (PDPL) as regulated by the Saudi Data & Artificial Intelligence Authority (SDAIA).
By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.
2. Definitions
- Platform: The VOrder software-as-a-service application and all related services provided by VASTSOFT.
- User: Any individual or entity that accesses or uses the Platform, including Subscribers and End Users.
- Personal Data: Any data relating to an identified or identifiable natural person, including but not limited to name, identification number, location data, and online identifiers.
- Processing: Any operation performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, and erasure.
- Data Controller: VASTSOFT, as the entity that determines the purposes and means of processing Personal Data within the Platform.
3. Data Collection
We collect information that you provide directly to us and information collected automatically through your use of the Service.
Types of Data Collected:
- Identity Data: Full name, username, business registration details
- Contact Data: Email address, telephone numbers, business address
- Business Data: Restaurant/cafe name, branch information, menu items, pricing
- Transaction Data: Order history, payment records, customer interactions
- Technical Data: IP address, device information, browser type, access times
- Usage Data: Platform interaction patterns, feature utilization, system logs
4. Legal Basis for Processing
In accordance with PDPL requirements, we process your Personal Data based on the following legal grounds:
- Your explicit consent for specific processing activities
- Performance of a contract to which you are a party
- Compliance with legal obligations under Saudi Arabian law
- Our legitimate business interests, provided they do not override your fundamental rights
5. Use of Your Information
We use the collected information for the following purposes:
- To provide, operate, and maintain the Service
- To manage your account and subscription
- To communicate with you regarding service updates, support, and marketing
- To improve and optimize the Platform's performance and user experience
- To analyze usage patterns and develop new features
- To comply with legal obligations and enforce our terms
6. Data Ownership & Proprietary Rights
Notwithstanding any provisions to the contrary and subject to the proprietary licensing arrangements governing the Platform infrastructure, all Data Assets (as hereinafter defined) generated, processed, stored, or otherwise created within the Platform ecosystem shall be deemed proprietary information of VASTSOFT and shall constitute Work Product under applicable intellectual property frameworks.
"Data Assets" shall include, without limitation: (i) all transactional records, (ii) aggregated analytics and derivative datasets, (iii) processed information resulting from algorithmic transformations, (iv) metadata and system-generated logs, (v) any compilations, modifications, or enhancements derived from User-provided inputs, and (vi) all database structures, schemas, and organizational frameworks containing such information.
The Subscriber hereby acknowledges and agrees that: (a) VASTSOFT retains exclusive ownership rights over the Platform infrastructure and all derivative Data Assets; (b) no data portability, export, or extraction rights are granted except as expressly provided in a separate written agreement executed by authorized representatives of VASTSOFT; (c) upon termination of services, VASTSOFT shall retain ownership of all Data Assets in accordance with its data retention policies and applicable regulatory requirements.
This provision shall survive the termination or expiration of any service agreement and shall remain in full force and effect indefinitely with respect to all Data Assets created during the term of service.
7. Data Retention
We retain Personal Data for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, accounting, or reporting requirements as mandated by Saudi Arabian regulations.
Following the termination of your account, we may retain certain information as required by law or for legitimate business purposes, including but not limited to audit trails, transaction records, and aggregated analytics data.
8. Data Sharing & Disclosure
We may share your information with third parties in the following circumstances:
- Service Providers: Third-party vendors who assist in operating our Platform
- Payment Processors: NeoLeap and affiliated banking partners for transaction processing
- Legal Requirements: When required by law, court order, or governmental authority
- Business Transfers: In connection with any merger, acquisition, or sale of company assets
9. Data Security
We implement appropriate technical and organizational measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction.
- End-to-end encryption for data transmission
- Role-based access controls and authentication protocols
- Continuous security monitoring and intrusion detection
- Regular security training for personnel with data access
10. Your Rights Under PDPL
Under the Saudi Personal Data Protection Law, you have the following rights:
- Right to Access: Request a copy of your Personal Data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your Personal Data under certain conditions
- Right to Restriction: Request limitation of processing activities
- Right to Object: Object to processing based on legitimate interests
Note: These rights are subject to certain limitations and conditions as prescribed by PDPL and do not extend to proprietary Data Assets as defined in Section 6 of this Policy.
11. SDAIA Compliance
This Privacy Policy is designed to comply with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia, as implemented and regulated by the Saudi Data & Artificial Intelligence Authority (SDAIA).
We maintain appropriate registrations and certifications as required by SDAIA and cooperate fully with regulatory authorities in matters concerning data protection and privacy.
12. Contact Us
For questions about this Privacy Policy or to exercise your data protection rights, please contact us:
13. Changes to This Policy
We reserve the right to update this Privacy Policy at any time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the Service after such modifications constitutes your acknowledgment and acceptance of the modified Policy.