Your Right to Data Deletion
Under Saudi PDPL, GDPR, and Canadian PIPEDA, you have the right to request deletion of personal data we hold about you. This page explains how to make that request and what to expect.
Important — Legal Retention: Some data (specifically e-invoices, VAT records, and ZATCA-mandated cryptographic records) cannot be deleted before 6 years, as required by Saudi tax law. We will delete everything else and securely retain only what the law requires.
Request Methods
Choose any of the following to submit your data deletion request:
What to Include in Your Request
To verify your identity and process your request, please provide:
- Your full name (as on the Saheeh account)
- Email address registered with Saheeh
- Business / CR number (if you're a Saheeh POS subscriber)
- Facebook / Instagram user ID (if you used "Login with Facebook" to access any Saheeh service)
- What you want deleted — entire account, or specific categories of data
Verification: For your security, we may ask for additional ID confirmation before processing deletion of sensitive data.
What We Will Delete
| Data Type | Deleted Within | Notes |
|---|---|---|
| Account profile (name, email, phone) | 30 days | Permanent |
| Customer order data (Saheeh Order app) | 30 days | Anonymized or deleted |
| Marketing contact lists | 7 days | Removed from all campaigns |
| Facebook/Instagram-linked profile data | 7 days | From our records only |
| Technical logs (IP, device) | 90 days | Auto-expires |
| E-invoices & VAT records | Retained 6 years | Saudi tax law requires |
For Facebook / Instagram Users
If you connected your Facebook or Instagram account to a Saheeh service (e.g. social-login or our "Saheeh POS Automation" app), here's what to know:
- You can also revoke access directly in Facebook: Settings → Apps and Websites → Active → "Saheeh POS Automation" → Remove
- Doing so removes our access to your FB data going forward, but doesn't delete data we've already stored.
- To delete data we've already stored, use the email/WhatsApp methods above.
- Meta requires us to delete this data within 30 days of your request.
Response Time
We will:
- Acknowledge your request within 48 hours
- Complete deletion (of eligible data) within 30 days
- Send you a written confirmation when complete, including a list of what was deleted and what (if anything) was legally required to be retained
If You're Unsatisfied
If you're not satisfied with our response, you may file a complaint with:
- Saudi Arabia: Saudi Data & Artificial Intelligence Authority (SDAIA) — sdaia.gov.sa
- Canada: Office of the Privacy Commissioner of Canada — priv.gc.ca
- EU/EEA: Your national data protection authority
Related Pages
- Privacy Policy — full details on data collection & use
- Terms of Service — subscription & contractual terms