Privacy Policy

Privacy Policy

Effective Date: February 25, 2025

Introduction

Awamer Alshabaka, Inc. (“Awamer Alshabaka,” “we,” or “us”) respects your privacy and is committed to protecting the personal information you share with us when you use the Number™ services (“Services”) or visit our website at https://aait.sa. This Privacy Policy describes how we collect, use, disclose, and protect your information, as well as your rights concerning your personal data.

By accessing or using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Information We Collect

Information You Provide

We collect information you provide directly to us, including when you create an account, contact support, or submit any data. Such information may include your name, email address, billing information, and any other data you choose to share.

Information We Collect Automatically

When you use our website or Services, we automatically collect certain information such as your IP address, browser type, device identifiers, operating system, and usage data through cookies and similar technologies. See our Cookie Policy for more details.

Information from Third Parties

We may receive information about you from third parties that helps us enhance, improve, or personalize our Services.

2. How We Use Your Information

We use the information we collect to:

  1. Provide, maintain, and improve the Services.
  2. Process transactions and send related information (e.g., invoices, payment confirmations).
  3. Personalize your experience and deliver relevant content.
  4. Respond to your questions, provide customer support, and communicate with you about our Services.
  5. Monitor and analyze usage, trends, and activities in connection with the Services.
  6. Detect, investigate, and prevent fraudulent transactions, unauthorized access, or other illegal activities.

3. How We Share Your Information

  1. With Service Providers: We share your information with trusted third-party vendors and service providers to perform functions on our behalf (e.g., payment processing, data hosting, analytics). They are contractually obligated to keep your information confidential and use it only for the services provided.
  2. Business Transfers: In the event of a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction.
  3. Legal Requirements: We may disclose your information if required by law, subpoena, or to protect our rights, users, or business.

4. Your Rights

Access and Correction: You may request to access or correct the personal data we hold about you.

Deletion: You may request deletion of your personal data, subject to certain legal exceptions.

Opt-out of Marketing: You can opt out of receiving promotional emails or messages at any time by clicking the “unsubscribe” link. If the email or message does not provide an unsubscribe link, you may opt out by emailing our support team at support@aait.sa.

For details on exercising your data subject rights under GDPR or CCPA, see the relevant sections below or contact us at support@aait.sa.

5. Data Retention

We retain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws. When we no longer need your personal data, we securely delete or anonymize it.

6. International Data Transfers

We process and store your personal information in the United States. If you access our Services from outside the U.S., your information may be transferred to, stored, and processed in the U.S. We rely on lawful transfer mechanisms, including Standard Contractual Clauses (SCCs) pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021, when transferring personal data from the EU and other jurisdictions.

7. CCPA Notice for California Residents

If you are a California resident, you have certain rights under the California Consumer Privacy Act (CCPA). These include the right to:

  1. Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
  2. Request deletion of your personal information.
  3. Be free from discrimination for exercising your rights.

We do not sell or rent your personal information to third parties. For more details on how to exercise your CCPA rights, please see the CCPA provisions provided below or contact us at support@aait.sa.

8. Security

We maintain security measures designed to protect your personal information. For more information, see our Information Security Policy.

9. Children’s Privacy

Our Services are not directed to children under 18 (or other age as required by local law), and we do not knowingly collect personal information from children.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on our website and indicate the effective date. Your continued use of the Services after the updated Privacy Policy takes effect constitutes your acceptance.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@aait.sa


Data Processing Addendum

Effective Date: February 25, 2025

This Data Processing Addendum (“DPA”) is incorporated into the Terms of Service between Awamer Alshabaka, Inc. (“Awamer Alshabaka,” “we,” “us,” or “our”) and the customer (“Customer” or “you”). This DPA reflects the parties’ agreement with respect to the Processing of Personal Data in connection with your use of the Services, including compliance with the EU General Data Protection Regulation (“GDPR”) and other applicable data protection laws.

1. Definitions

  1. “Controller,” “Processor,” “Data Subject,” “Processing,” and “Personal Data” have the meanings given in the GDPR.
  2. “Sub-processor” means any Processor engaged by Awamer Alshabaka to process Personal Data on behalf of the Customer.
  3. “Services” means the Number™ services provided by Awamer Alshabaka to Customer under the Terms of Service.

2. Roles and Scope

  1. Role of the Parties: For the purposes of the GDPR and similar laws, you are the Controller of your Personal Data, and we are the Processor processing such Personal Data on your behalf.
  2. Instructions: We will only process your Personal Data on your documented instructions (as set out in the Terms of Service and this DPA) and only as necessary to provide our Services to you. We will not process your Personal Data for any other purpose unless required by applicable law. If we are compelled by law to process your Personal Data beyond your instructions, we will inform you of that requirement beforehand (unless prohibited from doing so). By using our Services, you hereby instruct us to process Personal Data as needed to deliver the Services in accordance with the Agreement. If we believe an instruction violates any applicable data protection law, we will promptly inform you.

3. Obligations of Awamer Alshabaka

  1. Confidentiality: We ensure that all personnel authorized to process Personal Data are subject to confidentiality obligations.
  2. Security Measures: We implement and maintain appropriate technical and organizational measures to protect Personal Data. See our Information Security Policy for details.
  3. Sub-processors: We may engage Sub-processors to process Personal Data on your behalf. We will ensure Sub-processors are bound by contractual obligations that are substantially the same as those set out in this DPA. A list of current Sub-processors can be found in our Subprocessors List.
  4. Data Breach Notification: We will promptly notify you of a Personal Data Breach affecting your Personal Data of which we become aware and will assist you, at your request, with providing notices to regulatory authorities or affected Data Subjects, if legally required.
  5. Data Subject Requests: We will, to the extent legally permitted, promptly notify you if we receive a request from a Data Subject to exercise their rights of access, rectification, restriction, erasure, data portability, or objection. We will assist you, insofar as feasible, in responding to such requests.

4. International Data Transfers

  1. Transfers: Where we transfer Personal Data outside of the European Economic Area (EEA), the United Kingdom, or Switzerland, we will ensure that appropriate transfer mechanisms are in place, such as Standard Contractual Clauses (“SCCs”) pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021, to ensure the lawful transfer of Personal Data.
  2. SCCs: The parties agree to incorporate the SCCs (as set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021) into this DPA for any restricted transfers of Personal Data from the EEA, Switzerland, or the UK to a third country that does not ensure an adequate level of data protection.

5. Audit Rights

We will make available information necessary to demonstrate compliance with this DPA upon your reasonable request, subject to the confidentiality obligations herein. You may also request an audit or inspection of our processing activities once per year, in accordance with the provisions set out in the Terms of Service and subject to reasonable scheduling and scope limitations. While we generally accommodate reasonable audit requests, we reserve the right to decline them at our discretion, except where contractually obligated.

6. Return or Deletion of Data

Upon termination or expiration of the Services, we will delete or return all Personal Data in our possession or control as set forth in the Terms of Service, unless applicable law requires retention.

7. Liability

Each party’s liability for any breach of this DPA shall be subject to the limitations of liability set forth in the Terms of Service.

8. Governing Law

This DPA shall be governed by and construed in accordance with the laws of Delaware, USA, unless otherwise required by applicable data protection laws.

GDPR Compliance Statement

Effective Date: February 25, 2025

Awamer Alshabaka, Inc. (“Awamer Alshabaka,” “we,” “us,” or “our”) is committed to compliance with the General Data Protection Regulation (“GDPR”). Below is an overview of how we comply:

  1. Data Controller and Processor: Depending on the situation, we may act as a Data Controller (for personal data relating to our own personnel and business operations) or a Data Processor (for personal data that our customers submit via our Services).
  2. Lawful Basis: We collect and process personal data only when we have a lawful basis for doing so (e.g., consent, legitimate interest, contractual necessity).
  3. Data Subject Rights: We honor Data Subject rights under the GDPR (e.g., access, rectification, erasure, restriction, portability, and objection). Contact us at support@aait.sa to exercise your rights.
  4. Security Measures: We have implemented robust security measures aligned with industry standards to safeguard personal data. See our Information Security Policy for more information.
  5. International Data Transfers: We rely on Standard Contractual Clauses (SCCs) pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 and other lawful mechanisms for any cross-border transfers of personal data.
  6. Data Processing Addendum: Customers can enter into our Data Processing Addendum, which incorporates Standard Contractual Clauses (SCCs) pursuant to Commission Implementing Decision (EU) 2021/914 of 4 June 2021 and outlines our obligations as a Processor.

If you have any questions about our GDPR practices, please contact us at support@aait.sa.

List of Subprocessors

Effective Date: February 25, 2025

Awamer Alshabaka, Inc. engages the following third-party entities (“Subprocessors”) to assist in providing our Services. Each Subprocessor has its own Terms, Privacy Policy, and Data Processing Agreement (DPA) or GDPR compliance documentation.

1. Pusher Ltd.

  1. Terms of Service
  2. Privacy Policy
  3. Data Processing Addendum

2. MessageBird UK Limited

  1. Terms and Conditions
  2. Privacy Policy
  3. Data Processing Agreement

3. Amazon Web Services, Inc. (AWS)

  1. Customer Agreement (Terms)
  2. Privacy Notice
  3. GDPR Center
  4. AWS GDPR DPA (PDF)

4. Webaroo Inc. (Gupshup)

  1. Terms of Service
  2. Privacy Policy
  3. Data Processing / GDPR: Awamer Alshabaka has executed Standard Contractual Clauses (SCCs) directly with Webaroo Inc. (Gupshup) to ensure compliance with applicable data protection laws, including the GDPR.

5. OneSignal, Inc.

  1. Terms of Service
  2. Privacy Policy
  3. GDPR Page / Data Processing Addendum

6. June, Inc.

  1. Terms of Service
  2. Privacy Policy
  3. Data Processing Addendum

7. Plus Five Five, Inc. (Resend)

  1. Terms of Service
  2. Privacy Policy
  3. Data Processing Addendum

8. OpenAI, L.L.C.

  1. Terms of Use
  2. Privacy Policy
  3. GDPR / Data Protection Details: Incorporated in OpenAI’s Privacy Policy; separate DPA generally for enterprise customers.

9. WhatsApp L.L.C. and WhatsApp Ireland Limited (Business API)

  1. WhatsApp Business Terms of Service
  2. WhatsApp Privacy Policy
  3. WhatsApp Business Data Processing Terms
  4. WhatsApp Business Data Transfer Addendum
  5. WhatsApp GDPR Compliance (provided by Meta/Facebook)

10. Twilio Inc.

  1. Twilio Terms of Service
  2. Twilio Privacy Policy
  3. Twilio Data Protection Addendum

11. Stripe, Inc.

  1. Stripe Legal
  2. Stripe Privacy Policy
  3. Stripe Data Processing Agreement

12. Lemon Squeezy, Inc.

  1. Lemon Squeezy Terms
  2. Lemon Squeezy Privacy
  3. Lemon Squeezy Data Processing Addendum

13. Google APIs

  1. Google APIs Terms
  2. Google Privacy Policy
  3. Google Data Processing Terms
  4. Google API Services User Data Policy

14. Google Maps Platform

  1. Google Maps Platform Terms
  2. Google Privacy Policy
  3. Google Data Processing Terms

15. Functional Software, Inc. (Sentry)

  1. Sentry Terms of Service
  2. Sentry Privacy Policy
  3. Sentry Data Processing Addendum

16. Google Firebase (Crashlytics)

  1. Google Firebase Terms
  2. Google Privacy Policy
  3. Google Data Processing Terms

17. Google Analytics

  1. Google Analytics Terms of Service
  2. Google Privacy Policy
  3. Google Analytics Data Processing Terms

18. Zapier, Inc.

  1. Zapier Terms of Service
  2. Zapier Privacy Policy
  3. Data Processing / GDPR:

19. Attio Ltd.

  1. Attio Terms and Conditions
  2. Attio Privacy Policy
  3. Attio Cookie Policy

We may update this list from time to time. Continued use of the Services after any update constitutes your acceptance of the updated list of Subprocessors.

Information Security Policy

Effective Date: February 25, 2025

Overview

Awamer Alshabaka, Inc. (“Awamer Alshabaka,” “we,” “us,” or “our”) is committed to protecting the confidentiality, integrity, and availability of our data and systems. This Information Security Policy outlines the safeguards and practices we have in place to defend against unauthorized access, data breaches, and other security threats. All employees, contractors, and partners must adhere to these policies to ensure a secure environment for both company and customer information.

1. Access Control

Principle of Least Privilege

We enforce strict access controls to ensure only authorized individuals and services can access sensitive systems and data. Users and applications are assigned the minimum permissions required to perform their duties.

AWS Identity and Access Management (IAM)

We leverage AWS IAM for authentication and role-based authorization. Every engineer and service has unique IAM credentials; shared accounts are not allowed.

Multi-Factor Authentication (MFA)

MFA is mandatory for all privileged IAM accounts and AWS console access, adding an extra layer of security.

Application Access Control

  1. Customer Data Isolation: Each customer’s data is logically separated, so users can only access their own data.
  2. Limited Support Access: Support access to customer data is granted only as necessary, follows the principle of least privilege, and is monitored.

2. Database Security and Encryption

Non-Public, Isolated Databases

Production databases are isolated in a dedicated Amazon VPC. They are not publicly addressable and can only be reached by approved internal services.

Encrypted Connections (TLS)

All connections between application servers and databases use TLS to ensure data in transit is secure.

3. Monitoring and Auditing

Restricted Administrative Access

Administrative access to production systems is limited to authorized personnel. All actions are logged and require MFA.

Security Logging

We use AWS CloudTrail, AWS GuardDuty, and other logging services to track administrative actions, detect anomalies, and trigger alerts for unusual activities.

4. Physical Security

Our infrastructure is hosted in AWS data centers, which employ industry-leading physical security measures:

  1. AWS Data Center Controls: AWS data centers are protected by 24/7 surveillance, intrusion detection systems, and multiple compliance certifications (SOC 2, ISO 27001, etc.).
  2. Secure Access: Physical access is strictly controlled with multi-layer authentication and authorized personnel only.
  3. Compliance: For more details, visit https://aws.amazon.com/security/.

5. Office and Device Security

Device Management

All company-issued devices use strong authentication, encryption, and remote wipe capabilities.

Secure Disposal

End-of-life devices undergo secure data erasure and disposal by certified providers.

Network Security

Our office networks use WPA3 encryption, secure Wi-Fi configurations, and network segmentation to separate guest and corporate environments.

6. Intrusion Detection and Prevention

AWS GuardDuty

Continuously monitors AWS security logs (VPC Flow Logs, CloudTrail, DNS logs) to detect anomalies, malicious activity, or unauthorized access attempts.

Host-Based Security

Server instances have host intrusion detection agents monitoring system logs and file integrity.

AWS Web Application Firewall (WAF)

Protects against common web exploits, such as SQL injection and cross-site scripting (XSS).

7. Incident Response

We maintain a comprehensive Incident Response Plan (IRP):

  1. Detection and Analysis: Security alerts are monitored and investigated by our security team.
  2. Containment and Eradication: We isolate affected systems, remove threats, and patch vulnerabilities.
  3. Recovery: Systems are restored from clean backups, tested, and monitored for recurring threats.
  4. Lessons Learned: A post-incident review identifies process improvements and updates to security controls.

8. Breach Notification Policy

In the event of a confirmed data breach affecting customer data, we will:

  1. Notify affected customers without undue delay—our goal is within 72 hours in compliance with GDPR (or sooner if required by other regulations).
  2. Provide an incident summary, scope of impact, and immediate steps taken.
  3. Offer guidance to customers on further protective measures.

9. Audit Rights

Customers may request an audit of our security controls once per year, subject to prior written notice and scope limitations. We may provide relevant documentation (e.g., penetration test summaries) under a non-disclosure agreement. While we generally accommodate reasonable audit requests, we reserve the right to decline them at our discretion, except where contractually obligated.

Effective Date: February 25, 2025

This Cookie Policy explains how Awamer Alshabaka, Inc. (“Awamer Alshabaka,” “we,” “us,” or “our”) uses cookies and similar technologies to recognize you when you visit our websites (including https://aait.sa) and use our Services.

1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites function more efficiently and provide reporting information.

2. Why Do We Use Cookies?

We use cookies to:

  1. Ensure the proper functioning of our website and Services.
  2. Enhance your user experience by remembering your preferences.
  3. Analyze website traffic and usage patterns.
  4. Deliver advertising and measure the effectiveness of our marketing campaigns.

3. Types of Cookies We Use

Essential Website Cookies

Purpose: These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Vendor:

Pusher Ltd. (https://pusher.com/)

June Inc. (https://june.so)

How to Refuse: Because these cookies are strictly necessary, you cannot refuse them if you want to use our websites/Services.

Analytics and Customization Cookies

Purpose: Collect information used in aggregate form to help us understand how our websites are being used or to help us customize our websites for you.

Vendor:

Google Analytics (https://marketingplatform.google.com/about/analytics/)

Intercom (https://www.intercom.com/)

Plausible (https://plausible.io/)

How to Refuse: To refuse these cookies, follow the instructions below under “Managing Cookies.” Alternatively, click the relevant opt-out link below:

  1. Google Analytics Opt Out
  2. Intercom does not provide a direct opt-out link. For more information, see their documentation.
  3. Plausible Opt Out

Advertising Cookies

Purpose: These cookies are used to make advertising more relevant to you and to measure the effectiveness of advertising campaigns.

Vendor:

Microsoft/Bing

Google Double Click and AdWords

Facebook Pixel

Google AdWords

Twitter

LinkedIn Ads

How to Refuse: To refuse these cookies, follow the instructions below under “Managing Cookies.” Alternatively, click on the relevant opt-out link below:

  1. Microsoft Opt Out
  2. Facebook Opt Out
  3. Google Opt Out
  4. Perfect Audience Opt Out
  5. Twitter Opt Out
  6. LinkedIn Ads Opt Out

4. Managing Cookies

Most internet browsers allow you to erase cookies from your computer’s hard drive, block all cookies (or just third-party cookies), or warn you before a cookie is stored on your device. If you choose to block all cookies, our Services may not function as intended, and some features may not be available. If you have blocked all cookies and wish to use our features fully, you will need to enable cookies in your browser settings. Rather than blocking all cookies, you can choose to block only third-party cookies.

5. How We Respond to Do Not Track (DNT) Signals

Some browsers offer a “Do Not Track” (“DNT”) setting. Currently, our websites do not respond to DNT signals. We will revisit this as the industry standards for online tracking evolve.

6. Updates to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes to the cookies we use or for operational, legal, or regulatory reasons. The updated version will be posted on our website, and the “Effective Date” at the top will be revised accordingly.

7. Contact Us

If you have questions about our use of cookies or other technologies, please email us at support@aait.sa.

Awamer Alshabaka, Inc.


https://aait.sa | support@aait.sa

Additional CCPA Information

Your Data Protection Rights under the California Consumer Privacy Act (CCPA)

If you are a California resident, you are entitled to learn what data we collect about you, ask to delete your data and not to sell (share) it. To exercise your data protection rights, you can make certain requests and ask us:

  1. a) What personal information we have about you.
  2. If you make this request, we will return to you:
  3. The categories of personal information we have collected about you.
  4. The categories of sources from which we collect your personal information.
  5. The business or commercial purpose for collecting or selling your personal information.
  6. The categories of third parties with whom we share personal information.
  7. The specific pieces of personal information we have collected about you.
  8. A list of categories of personal information that we have sold, along with the category of any other company we sold it to. If we have not sold your personal information, we will inform you of that fact.
  9. A list of categories of personal information that we have disclosed for a business purpose, along with the category of any other company we shared it with.
  10. b) To delete your personal information.
  11. If you make this request, we will delete the personal information we hold about you as of the date of your request from our records and direct any service providers to do the same. In some cases, deletion may be accomplished through de-identification of the information. If you choose to delete your personal information, you may not be able to use certain functions that require your personal information to operate.
  12. c) To stop selling your personal information.
  13. We don't sell or rent your personal information to any third parties for any purpose. You are the only owner of your Personal Data and can request disclosure or deletion at any time.

Please note, if you ask us to delete or stop selling your data, it may impact your experience with us, and you may not be able to participate in certain programs or membership services which require the usage of your personal information to function. But in no circumstances will we discriminate against you for exercising your rights.

To exercise your California data protection rights described above, please send your request(s) by one of the following means:

By email: support@aait.sa

Your data protection rights, described above, are covered by the CCPA, short for the California Consumer Privacy Act. To find out more, visit the official California Legislative Information website. The CCPA took effect on 01/01/2020.