Loading...
Home GCC Focus Pricing About Contact
🕐 Last updated: March 2026

Privacy Policy

Commercely is committed to protecting your privacy and business data. This policy explains what we collect, why, and how we protect it — in plain language.

01

Who we are

Commercely is a business management platform operated by Commercely Technology Co., incorporated in the Kingdom of Saudi Arabia, with its registered office in Riyadh.

When this policy refers to 'Commercely', 'we', 'us', or 'our' it means Commercely Technology Co. 'You' or 'your' means the business or individual using our platform.

02

What data we collect

We collect data you provide directly, data generated by your use of the platform, and data from integrated third-party services you authorise.

Data you provide:

  • Account info: business name, VAT number, Commercial Registration, email, and phone.
  • Business data: products, inventory, orders, customers, suppliers, invoices, and financial records you enter.
  • Payment info: billing details for your subscription. Full card numbers are never stored — payments go through PCI-DSS certified providers.
  • Support messages: emails or chats when you contact our support team.

Data collected automatically:

  • Usage data: features used, pages visited, actions taken, and session duration.
  • Device and technical data: IP address, browser type, operating system, and device identifiers.
  • Log data: error logs, performance metrics, and API call records for troubleshooting and security.
03

How we use your data

We use your data only to provide, improve, and secure the Commercely platform. We do not sell your data or use your business data to train AI models without your explicit consent.

  • Delivering the platform: processing transactions, syncing integrations, generating ZATCA-compliant invoices, and running payroll.
  • Customer support: diagnosing issues and responding to your queries.
  • Security and fraud prevention: detecting unauthorised access and protecting your account.
  • Product improvement: analysing anonymised usage patterns to improve features and performance.
  • Legal compliance: meeting obligations under Saudi law, ZATCA requirements, and GCC regulations.
We do not sell your data. We do not share your business data with advertisers. Commercely products are completely ad-free.
04

Data sharing and third parties

We share data with third parties only in these circumstances:

  • Integrations you authorise: when you connect ZATCA, GOSI, Salla, Zid, Mada, or other services, we share only the minimum data needed for that integration.
  • Infrastructure providers: cloud, database, and CDN providers who process data on our behalf under strict data processing agreements.
  • Legal requirements: if required by Saudi law, a court order, or a government authority with legitimate jurisdiction.
  • Business transfer: if Commercely is acquired, your data may transfer. We will notify you in advance with deletion options.
05

Data storage and security

Your data is stored on servers in the Kingdom of Saudi Arabia and the UAE, in compliance with Saudi data localisation requirements.

  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Access to your data is restricted to Commercely employees who need it to deliver support.
  • Regular automated backups with a 30-day retention window.
  • Annual independent security audits and ISO 27001 alignment.
  • In the event of a data breach, affected customers will be notified within 72 hours per PDPL requirements.
06

Your rights

Under Saudi Arabia's Personal Data Protection Law (PDPL) you have the following rights:

  • Access: request a full export of all data we hold about you.
  • Correction: request that we correct inaccurate or incomplete data.
  • Deletion: request deletion of your account and data. Note: some data may be retained for ZATCA and Saudi tax law compliance.
  • Portability: export your data in machine-readable formats (CSV, JSON, PDF).
  • Object: opt out of non-essential data processing and marketing communications.

To exercise any of these rights, contact us at privacy@commercely.sa. We respond within 15 business days.

07

Cookies

Commercely uses cookies to keep you logged in, remember your preferences, and understand how the platform is used.

  • Essential cookies: required for login sessions, security tokens, and core functionality. Cannot be disabled.
  • Functional cookies: remember your language (Arabic/English), timezone, and display settings.
  • Analytics cookies: anonymised usage data to help us improve the product. Opt out via Settings > Privacy.
08

PDPL compliance (Saudi Arabia)

Commercely operates in full compliance with the Kingdom of Saudi Arabia's Personal Data Protection Law (PDPL), issued by Royal Decree M/19 and its implementing regulations.

Key PDPL commitments:

We have appointed a Data Protection Officer (DPO). Data is processed only on lawful bases: contract performance, legitimate interest, legal obligation, or explicit consent. We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities.
09

Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify you by email and display a banner in the Commercely dashboard at least 14 days before the changes take effect.

Continued use of Commercely after the effective date constitutes acceptance of the updated policy. You may close your account before the effective date if you disagree.

10

Contact us

For privacy-related questions, data requests, or concerns, contact our Data Protection Officer:

  • Email: privacy@commercely.sa
  • Post: Commercely Technology Co., King Fahd Road, Riyadh 12271, KSA
  • Response time: Within 15 business days

Have a privacy question?

Our team responds in Arabic and English within 15 business days.

Contact Us