Privacy and Data Protection Policy

Effective March 2026 | Version 3.1

CODE Communications and Information Technology Company

Quick Navigation

Article 1: Preamble and Scope

This Policy is issued by CODE Communications and Information Technology Company (the "Company"), the owner and operator of the SAVOXX Cloud Communications Platform, and shall apply to all clients and end users who interact with the Platform in any manner whatsoever.

The SAVOXX Platform now includes integrated omnichannel communication capabilities via third-party social media APIs, including but not limited to Meta platforms (Facebook Pages, Instagram Business Accounts, and WhatsApp Business Accounts). By integrating these channels, clients authorize the Company to facilitate API-mediated communications with such platforms in accordance with this Policy.

The Company is committed to compliance with the Personal Data Protection Law promulgated by Royal Decree No. M/19 of 1443 AH (the "Law") and its Implementing Regulations, as well as all related regulations issued by the Communications, Space and Technology Commission (CST) and the Human Rights Commission of the Kingdom of Saudi Arabia.

Your use of the SAVOXX Platform constitutes your express consent to the provisions of this Policy in their entirety. Should you object to any provision hereof, you must refrain from using the Platform and notify the Company in writing.

Article 2: Definitions

The following terms, as used in this Policy, shall have the meanings set forth opposite each:

Term Definition
The Company CODE Communications and Information Technology Company, Commercial Registration: 1010739970, Riyadh
SAVOXX The Cloud Communications Platform (VoIP / Cloud Call Center / Omnichannel Communications) operated by the Company
Client The entity or company that has entered into a contractual agreement with the Company for the provision of SAVOXX services
End User Employees of the Client and parties who interact with the Platform under the Client's authorization
Personal Data Any information that, by itself or in conjunction with other information, leads to the identification of a specific natural person
Communications Data Call records, call recordings, messaging data, and social media interactions exchanged through the Platform
Social Media Channels Integrated third-party communication platforms including Facebook Pages, Instagram Business Accounts, and WhatsApp Business Accounts, connected via APIs
Social Media Data Messages, interactions, and metadata exchanged through integrated Social Media Channels
Data Processing Any operation performed on Personal Data, including: collection, storage, modification, disclosure, and deletion
Competent Authority The Communications, Space and Technology Commission and the Personal Data Protection Authority in the Kingdom of Saudi Arabia

Article 3: Data We Collect

3.1 — Data Provided by the Client

The Company collects the following data voluntarily provided by the Client or required by virtue of the contractual relationship:

3.2 — Automatically Generated Data

The Platform automatically generates the following data upon use of the Service:

3.3 — Prohibited Data

The Company undertakes not to collect, and does not accept through its Platform, the following data. The Client shall not input or request the processing of:

Article 4: Purposes of Data Processing

The Company processes Personal Data exclusively for the following lawful purposes:

  1. Provision of Platform Services: subscription activation, DID number management, delivery of functional VoIP communications, and facilitation of omnichannel social media integration
  2. Contractual Relationship Management: issuance of invoices, payment follow-up, and operational communications with the Client
  3. Regulatory Compliance: fulfillment of the requirements of the Communications, Space and Technology Commission, the Zakat, Tax and Customs Authority, and other regulatory bodies
  4. Technical Support: diagnosis and resolution of faults and improvement of service performance across all integrated communication channels
  5. Security and Protection: detection of unauthorized use, fraud prevention, and protection of the communications infrastructure
  6. Development and Improvement: analysis of aggregated usage patterns to enhance the service experience — without identifying individuals

The Company does not use Personal Data for advertising purposes on behalf of third parties, nor does it sell or lease data to any party. The Company does not share Personal Data with Social Media Channels beyond what is necessary for the Client to facilitate its own communications through those channels via APIs.

Article 7: Data Retention Periods

The Company retains data for the periods set forth below, following which such data shall be securely deleted or anonymized in accordance with documented procedures:

Data Type Retention Period
Call Recordings 30 days from the date of recording (extendable by separate agreement)
Call Detail Records (CDR) One (1) year or as required by the CST — whichever is longer
Social Media Messages 30 days from the date of receipt (or as specified in the Client's service plan)
Billing and Contractual Data Ten (10) years in accordance with ZATCA requirements and Saudi commercial regulations
Account and User Data Duration of the contract plus one (1) year following termination
Security and Access Logs Two (2) years from the date of recording
Technical Usage Data (Aggregated) Three (3) years for development and analytical purposes

Article 14: Third-Party Platform Policies

The SAVOXX Platform integrates with third-party Social Media Channels. The Company does not control the data handling practices of these third-party platforms. Clients should review the privacy policies and terms of service of each Social Media Channel they choose to integrate:

The Company's responsibility is limited to securing the API connection and protecting data while it resides within the SAVOXX infrastructure. Once data is transmitted to or from integrated Social Media Channels, the respective third-party provider's privacy policies apply.

Article 16: Contact and Data Protection Office

For any inquiry or request relating to this Policy or the exercise of your rights, you may contact us through:

Data Protection Email privacy@savoxx.sa
Company CODE Communications and Information Technology Company
Address Riyadh, Kingdom of Saudi Arabia
Website www.savoxx.sa

Your request shall be processed within thirty (30) days of receipt. In complex cases, the period may be extended by no more than sixty (60) days, and you shall be notified accordingly.

Last Updated: March 2026
Version: 3.1 (Omnichannel Meta Integration)
Commercial Registration: 1010739970

This Policy constitutes a legal and ethical commitment by CODE Communications and Information Technology Company toward its clients and the users of the SAVOXX Platform. It forms an integral part of the SAVOXX Terms and Conditions and the SAVOXX Client Agreement.

Questions about our Privacy Policy?

Our Data Protection team is ready to help clarify any aspects of this policy.

Contact Data Protection Office