Privacy Policy – eCopon

Effective date: 2017-07-17 | Last updated: 2025-08-27

This policy is intended to comply with the Saudi Personal Data Protection Law (PDPL) and its Implementing Regulations, as well as Google Play and App Store Connect requirements. It explains how we collect, use, share, and retain personal data and how you can exercise your rights.

Data Controller: Smart Link for Information Technology Co. (operating eCopon in the Kingdom of Saudi Arabia). Contact: cs@e-copon.com | +966 12 644 5557

1) Scope & Definitions

This Policy applies to the eCopon website and mobile app. Personal Data means any data that identifies a natural person directly or indirectly. Processing means any operation performed on personal data such as collection, recording, storage, use, transfer, or deletion.

2) Data We Collect

Identity & Contact: name, mobile number, email, national ID/iqama or commercial registration details when verification is required.
Account & Usage: username, passwords (hashed), preferences, sign-ins, in-app activity.
Device & Technical: IP address, device type/OS/browser, device identifiers (including advertising identifier where used), time zone, diagnostics and crash logs.
Location: when you enable the relevant permission or use features that rely on location.
Payments: basic billing/transaction data via a certified payment provider (we do not store full card details).
Content You Provide: requests, comments, attachments (e.g., images/files) where applicable.
Third Parties: data from payment providers or social networks when you choose to link your account.

3) Purposes & Legal Bases

We process your data for the following purposes under PDPL legal bases:

Providing the services, operating accounts, support, and performing our contract with you.
Security and fraud prevention, identity verification, and compliance with legal obligations.
Product improvement, analytics/measurement, debugging and fixing errors.
Direct marketing with your explicit consent and an easy opt‑out.

Legal bases may include: Explicit Consent Contract Necessity Legal Obligation Legitimate Interest (non‑sensitive), in line with the PDPL and its Regulations.

4) Device Permissions, Cookies & SDKs

Permissions: We may request access to location/camera/photos/notifications to enable specific features; you can control these in your device settings.
Cookies & Similar Tech + SDKs: We use cookies and similar technologies and/or third‑party SDKs (analytics/notifications/performance). You can control browser cookies via your browser settings.
Advertising ID (Android/iOS): May be used for measurement or compliant marketing. You can reset or limit ad tracking in your device settings.

5) Sharing

We do not sell your personal data. We share limited categories with:

Service providers (hosting/cloud, analytics, notifications, support, payment) under appropriate processor agreements.
Government and law enforcement when legally required.
Parties to a merger/acquisition, subject to safeguards and notice where required.

6) Cross‑Border Transfers

We prefer to store and process data in the KSA whenever feasible. Where a transfer outside the Kingdom is necessary, we will do so under the PDPL and Regulations, including use of Standard Contractual Clauses (SCCs) or Binding Corporate Rules, conducting risk/adequacy assessments, and obtaining approvals or consents where applicable.

7) Security & Retention

We implement reasonable technical and organizational measures to mitigate data‑breach risks.
We retain data only as long as necessary for the stated purposes and legal requirements, then delete or anonymize it safely.
If a breach materially affects you, we will notify the competent authority and, where required, notify you.

8) Your PDPL Rights & How to Exercise Them

Your rights include—subject to the Law and Regulations:

To be informed about the legal basis and purposes of processing.
To access your data and obtain a copy.
To request rectification or update.
To request deletion in the cases provided by law.
To request restriction of processing where accuracy or legality is contested.
To withdraw consent (without affecting prior processing).
To lodge a complaint with the competent authority (SDAIA).

To exercise your rights, contact cs@e-copon.com with a description of your request and proof of identity. We will respond within the statutory timelines.

9) Children’s Privacy

Our services are not directed to children below the applicable age threshold. Where parental consent is required and not obtained, we will delete the child’s data using appropriate procedures.

10) Third‑Party Links & Content

The app/website may contain links to or content from third‑party sites/apps with independent privacy policies. We recommend reviewing them.

11) Store Requirements Compliance

This policy is hosted on an active URL that is readable in a standard browser without plugins (and is non‑editable by visitors).
It will be linked on our store listing and within the app and updated when practices change.
We commit to accurate disclosure in the Google Play Data Safety form and App Store Privacy Labels, including practices of third‑party SDKs we integrate.

12) Changes to This Policy

We may update this Policy from time to time. We will display the effective date above and, where changes are material, notify you in‑app or by email.

13) Contact

For privacy inquiries or complaints: cs@e-copon.com | +966 12 644 5557 – Smart Link for Information Technology Co., Kingdom of Saudi Arabia.