Effective March 2026 | Version 3.1
CODE Communications and Information Technology Company
This Policy is issued by CODE Communications and Information Technology Company (the "Company"), the owner and operator of the SAVOXX Cloud Communications Platform, and shall apply to all clients and end users who interact with the Platform in any manner whatsoever.
The SAVOXX Platform now includes integrated omnichannel communication capabilities via third-party social media APIs, including but not limited to Meta platforms (Facebook Pages, Instagram Business Accounts, and WhatsApp Business Accounts). By integrating these channels, clients authorize the Company to facilitate API-mediated communications with such platforms in accordance with this Policy.
The Company is committed to compliance with the Personal Data Protection Law promulgated by Royal Decree No. M/19 of 1443 AH (the "Law") and its Implementing Regulations, as well as all related regulations issued by the Communications, Space and Technology Commission (CST) and the Human Rights Commission of the Kingdom of Saudi Arabia.
Your use of the SAVOXX Platform constitutes your express consent to the provisions of this Policy in their entirety. Should you object to any provision hereof, you must refrain from using the Platform and notify the Company in writing.
The following terms, as used in this Policy, shall have the meanings set forth opposite each:
| Term | Definition |
|---|---|
| The Company | CODE Communications and Information Technology Company, Commercial Registration: 1010739970, Riyadh |
| SAVOXX | The Cloud Communications Platform (VoIP / Cloud Call Center / Omnichannel Communications) operated by the Company |
| Client | The entity or company that has entered into a contractual agreement with the Company for the provision of SAVOXX services |
| End User | Employees of the Client and parties who interact with the Platform under the Client's authorization |
| Personal Data | Any information that, by itself or in conjunction with other information, leads to the identification of a specific natural person |
| Communications Data | Call records, call recordings, messaging data, and social media interactions exchanged through the Platform |
| Social Media Channels | Integrated third-party communication platforms including Facebook Pages, Instagram Business Accounts, and WhatsApp Business Accounts, connected via APIs |
| Social Media Data | Messages, interactions, and metadata exchanged through integrated Social Media Channels |
| Data Processing | Any operation performed on Personal Data, including: collection, storage, modification, disclosure, and deletion |
| Competent Authority | The Communications, Space and Technology Commission and the Personal Data Protection Authority in the Kingdom of Saudi Arabia |
The Company collects the following data voluntarily provided by the Client or required by virtue of the contractual relationship:
The Platform automatically generates the following data upon use of the Service:
The Company undertakes not to collect, and does not accept through its Platform, the following data. The Client shall not input or request the processing of:
The Company processes Personal Data exclusively for the following lawful purposes:
The Company does not use Personal Data for advertising purposes on behalf of third parties, nor does it sell or lease data to any party. The Company does not share Personal Data with Social Media Channels beyond what is necessary for the Client to facilitate its own communications through those channels via APIs.
The Company retains data for the periods set forth below, following which such data shall be securely deleted or anonymized in accordance with documented procedures:
| Data Type | Retention Period |
|---|---|
| Call Recordings | 30 days from the date of recording (extendable by separate agreement) |
| Call Detail Records (CDR) | One (1) year or as required by the CST — whichever is longer |
| Social Media Messages | 30 days from the date of receipt (or as specified in the Client's service plan) |
| Billing and Contractual Data | Ten (10) years in accordance with ZATCA requirements and Saudi commercial regulations |
| Account and User Data | Duration of the contract plus one (1) year following termination |
| Security and Access Logs | Two (2) years from the date of recording |
| Technical Usage Data (Aggregated) | Three (3) years for development and analytical purposes |
The SAVOXX Platform integrates with third-party Social Media Channels. The Company does not control the data handling practices of these third-party platforms. Clients should review the privacy policies and terms of service of each Social Media Channel they choose to integrate:
The Company's responsibility is limited to securing the API connection and protecting data while it resides within the SAVOXX infrastructure. Once data is transmitted to or from integrated Social Media Channels, the respective third-party provider's privacy policies apply.
For any inquiry or request relating to this Policy or the exercise of your rights, you may contact us through:
| Data Protection Email | privacy@savoxx.sa |
| Company | CODE Communications and Information Technology Company |
| Address | Riyadh, Kingdom of Saudi Arabia |
| Website | www.savoxx.sa |
Your request shall be processed within thirty (30) days of receipt. In complex cases, the period may be extended by no more than sixty (60) days, and you shall be notified accordingly.
Last Updated: March 2026
Version: 3.1 (Omnichannel Meta Integration)
Commercial Registration: 1010739970
This Policy constitutes a legal and ethical commitment by CODE Communications and Information Technology Company toward its clients and the users of the SAVOXX Platform. It forms an integral part of the SAVOXX Terms and Conditions and the SAVOXX Client Agreement.
Our Data Protection team is ready to help clarify any aspects of this policy.
Contact Data Protection Office