Privacy Policy

Privacy Statement — SNDK.ai

Updated: 23 October 2025
Version: PP1.0

We view data privacy as fundamental to our services. This Privacy Statement explains what personal data we collect, how we use it, with whom we share it, how we secure it, and the choices available to you.

This Privacy Statement applies to www.sndk.ai and our communication channels (including WhatsApp Business), owned and operated by Adel  for Legal Digital Solutions (“SNDK”, “we”, “us”, “our”). For the purpose of this Privacy Statement, SNDK refers to the whole company group or each group entity, as applicable.

By using our services, you acknowledge this Privacy Statement.


1) Who we are (Data Controller)

  • Controller:Adel  for Legal Digital Solutions


  • Registered address: Ramallah, Palestine


  • Privacy contact: info@sndk.ai


  • DPO (if appointed): [Name / Email – placeholder]


  • EU/UK Representative (if required under GDPR/UK GDPR): [Entity / Contact – placeholder]

Where SNDK jointly determines purposes with a partner (e.g., a social login or ad platform), we will define responsibilities under Article 26 GDPR / applicable PDPL guidance and make the essence available on request.

2) Scope and legal framework

We process personal data in accordance with applicable laws, including:

  • Saudi Personal Data Protection Law (PDPL) and its implementing regulations (for data subjects in KSA or processing in KSA).
  • GDPR/UK GDPR where applicable (e.g., for EU/UK data subjects).
  • Other local laws where we operate or our partners operate.


3) Definitions

  • Personal Data: Information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data (collection, storage, use, disclosure, etc.).
  • Services: SNDK’s eligibility checker, legal assessment, AI-assisted document analysis, and handoff to certified partner lawyers for claim filing and representation.


4) What we collect

We only collect data necessary for specific, explicit, and legitimate purposes:

Identity & Contact
Name, mobile number (incl. WhatsApp), email, nationality, city, preferred language.

Employment & Case Data
Employment status, contract type/term, salary and benefits, termination reason/date, attendance/schedule info, employer name/sector/location, claim type, claim amounts.

Documents you upload
Employment contracts, payslips, bank statements, settlement agreements/clearances, letters/emails with employer, HR records, IDs (national ID/passport/Iqama), POAs.

Special categories (e.g., health data) are only processed if you voluntarily provide them and only when necessary for the claim and permitted by law.

Communications & Interactions
WhatsApp chat content and metadata, call notes, support tickets, meeting notes.

Technical Data
IP address, device and browser info, timestamps, pages/events, referral source, cookies/SDK identifiers, rough geo (city/country).

Marketing Preferences
WhatsApp opt-in/opt-out, campaign interactions.

Recruitment (if you apply to work with us)
CV, cover letter, identifiers, interview notes, and any other data you provide.

5) How we collect it

  • Directly from you (website forms, WhatsApp, file uploads).
  • From WhatsApp Business API conversations.
  • From your documents you provide.
  • From our certified partner lawyers (status updates, outcomes).
  • From analytics/advertising cookies/SDKs (see Cookies).
  • From publicly available sources where lawful and relevant to your claim.


6) Why we process your data (Purpose & Legal Basis)

Purpose | Examples | Legal basis
Accountless intake & eligibility | Capturing your answers on WhatsApp/website to assess inclusion/exclusion and potential claim | Contract necessity (pre-contractual), legitimate interests, consent where required
Document analysis & case preparation | AI-assisted extraction of contract terms, salary history, dates; organizing evidence | Contract necessity, legitimate interests, consent where required
Lawyer handoff & representation | Sharing your data with certified KSA partner lawyers who sign separate engagement letters with you | Contract necessity, legitimate interests, legal claims
Customer support | Responding to your requests via WhatsApp/email | Legitimate interests, contract necessity
Compliance & risk | KYC/identity checks where required, fraud/sanctions/PEP screening (if applicable) | Legal obligation, legitimate interests, consent for biometrics if used
Service improvement & QA | Quality assurance, error debugging, model evaluation using de-identified data where feasible | Legitimate interests
Security | Detecting/preventing misuse, intrusion detection, access controls, logs | Legitimate interests, legal obligation
Marketing (WhatsApp) | Sending updates/offers after opt-in consent; managing unsubscribes | Consent, right to object/withdraw
Recruitment | Processing applications, interviews, and selection | Legitimate interests, consent (for sensitive/recordings)

Where we rely on consent, you can withdraw it at any time. Withdrawal does not affect prior lawful processing.


7) AI usage & automated decisions

We use AI tools to classify and extract information from documents and chats and to triage cases more efficiently.

  • Providers may include OpenAI (model inference) and similar tools operated under our instructions.
  • We do not take decisions solely by automated means that produce legal or similarly significant effects on you. Human experts/lawyers review outcomes before representation or filing.

    Questions about AI processing: info@sndk.ai.

8) Cookies and tracking

We use cookies/SDKs to run and improve our site and measure marketing performance (e.g., Google Analytics/GA4, Google Ads, Meta). Categories include:

  • Strictly necessary (security, load balancing)
  • Functional (preferences)
  • Analytics (usage, performance)
  • Advertising (interest-based ads, retargeting)

You can manage cookies through your browser and relevant platform settings. See our Cookie Policy for details.

9) Sharing your data

We only share personal data when necessary and with appropriate safeguards:

  1. Certified partner lawyers in Saudi Arabia for consultation, filing with HRSD/Najiz, and representation (you sign a separate engagement letter with the lawyer).
  2. Technology/service providers (hosting, storage, security, analytics, communications, email/WhatsApp, identity verification, ticketing, logging/monitoring).
  3. Payment providers (if/when applicable).
  4. Public authorities/courts/arbitrators where legally required or to establish/exercise/defend legal claims.
  5. Merged/acquired entities in case of corporate transactions (subject to continuity of protections).

We do not sell your personal data. We do not allow third parties to market their products to you using your data without your explicit consent.

All processors act under contract and only access data needed to deliver their services. We apply due diligence and minimum-necessary disclosure.

10) International transfers

Some recipients may be located outside your country (e.g., cloud infrastructure, support vendors, analytics). We implement lawful transfer mechanisms, such as:

  • PDPL mechanisms (e.g., transfers aligned with PDPL implementing regulations and SDAIA guidance, with risk assessments and contractual safeguards).


  • GDPR mechanisms where applicable (e.g., Adequacy Decisions, EU Standard Contractual Clauses (SCCs), additional technical/organizational measures like encryption/pseudonymization).


Hosting region: [AWS region / hosting provider – placeholder]. If hosting occurs outside your jurisdiction, we apply the above safeguards.

11) Security

We apply appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls/least privilege, credential management, network segmentation, monitoring/logging, regular backups, vulnerability management, and staff confidentiality undertakings.

No method of transmission or storage is 100% secure; we continually improve controls and minimize data we keep.

Security questions: info@sndk.ai.

12) Data retention

We keep personal data only as long as necessary for the purposes described or as required by law. Typical periods (subject to change):

  • Active claims/cases: for the life of the matter and a reasonable period after closure to manage queries, appeals, audits, and legal obligations (e.g., 3–6 years depending on jurisdiction/limitation periods).
  • Prospects/intake without case: up to 24 months from last interaction unless you withdraw consent or object earlier.
  • Marketing consents: until you unsubscribe/withdraw, then kept on a suppression list.
  • Technical logs: typically 90–365 days unless needed longer for security/legal reasons.
  • Recruitment: 12 months (or as required/permitted), unless you consent to a longer talent-pool retention.

When retention ends, we delete or irreversibly anonymize data.

13) Your rights

Your rights depend on your location and applicable law (e.g., PDPL, GDPR/UK GDPR). They may include:

  • Access to your data and portability (copy in a structured, commonly used format).
  • Correction of inaccurate or incomplete data.
  • Deletion where no longer needed or if you withdraw consent (subject to legal obligations).
  • Restriction of processing in certain cases.
  • Objection to processing based on legitimate interests and opt-out of direct marketing at any time.
  • Withdraw consent where processing is based on consent.

To exercise rights: info@sndk.ai
 We’ll respond within legally mandated timelines.

Complaints:

  • KSA (PDPL): You may contact SDAIA.
  • EU/UK (GDPR/UK GDPR): You may contact your local supervisory authority (details available on EDPB/ICO websites).

14) Children

Our services are not directed to persons under 18. We do not knowingly process children’s data. If you believe a minor has provided data, contact info@sndk.ai for deletion.

15) Single sign-on & social platforms (if enabled)

If we enable SSO (e.g., Apple/Google/Microsoft) or interact via social media, those providers may receive/return limited data under their privacy policies. Your use is voluntary and subject to their terms

16) WhatsApp Business

When you contact us through WhatsApp Business, we process your phone number, message content, attachments, and metadata to handle your request. WhatsApp processes data under its own terms and may be a separate controller. Please review WhatsApp’s privacy policy. You can stop using WhatsApp at any time and contact us via info@sndk.ai.

17) Fraud prevention, identity/KYC (if applicable)

To protect users and our services, we may perform proportionate identity checks (e.g., verifying names/IDs/IBAN, screening against sanctions/PEP/watchlists if required by law or risk-based policy). We only process biometric data (e.g., face match) with your explicit consent and where lawful.

18) Marketing (WhatsApp)

We send marketing only with your opt-in consent. You can unsubscribe at any time by replying STOP or contacting info@sndk.ai. We may measure basic delivery/engagement to understand relevance. Your choice will not affect your access to our core Services.

19) Employment & recruiting

If you apply to work with us, we process your application data for selection and onboarding. Please avoid including sensitive data not required for evaluation. With your consent, interviews may be recorded or summarized using AI notetakers. You can opt out without affecting your candidacy.

20) Responsibility & accountability

Our leadership is responsible for privacy compliance. We maintain records of processing activities and conduct DPIAs where required (e.g., AI workflows, cross-border transfers, marketing). We also vet processors and partners and train staff.

Inquiries: info@sndk.ai

21) Changes to this Privacy Statement

We may update this Privacy Statement to reflect legal, technical, or business developments. If we make material changes, we will notify you (e.g., site notice or message) before they take effect. Please check this page periodically for the latest version.

Contact

Adel for Legal Digital Solutions
Ramallah, Palestine
Email: info@sndk.ai