This Privacy Policy explains how Business of Smart Things ("BOST", "we", "us") collects, uses, discloses, and protects personal data when you use the BOST website, the Mijhar diagnostic, and the BOST engine platform (the "Services"). We handle personal data in a manner aligned with the Personal Data Protection Law of the Kingdom of Saudi Arabia (issued by Royal Decree No. M/19 of 1443H) and its Implementing Regulations (the "PDPL"), overseen by the Saudi Data & AI Authority (SDAIA).
1. Data controller
BOST is the controller of the personal data described here and determines the purposes and means of its processing. For any privacy matter, or to reach the person responsible for data protection, contact info@bost.sa.
2. Personal data we collect
- Information you provide. Your name, work email, organisation, role, and the answers, problem statements, and context you submit through the Mijhar diagnostic or contact forms.
- Account data. For the engine platform, your login identifier and authentication data.
- Communications. Messages you send us, including the chat about your Bayyina and any email correspondence.
- Technical and usage data. Device, browser, and usage information collected automatically to operate and secure the Services.
Please do not submit sensitive personal data, or the personal data of third parties, unless you have a lawful basis and, where required, their consent to do so.
3. How and why we use personal data
We process personal data to: provide the Services and generate your Bayyina reading; respond to your enquiries and arrange working sessions; operate, secure, and improve the Services; and comply with legal obligations. Our legal bases under the PDPL include your consent, the performance of a contract or steps taken at your request before entering one, our legitimate interests where permitted, and legal compliance. You may withdraw consent at any time (see Section 8), without affecting processing already carried out.
4. AI processing
The Mijhar diagnostic and the chat use artificial-intelligence models to analyse the information you submit and produce your reading. To do this, the content you provide is transmitted to and processed by our AI model provider acting on our behalf as a processor, under contractual confidentiality and security obligations. Outputs are indicative and generated automatically; see our Terms of Use for their status.
5. Disclosure of personal data
We do not sell personal data. We disclose it only to: service providers and processors who support the Services (including AI model, hosting, email, and analytics providers) under appropriate agreements; professional advisers; and competent authorities where required by the laws of the Kingdom. Processors act on our documented instructions and are bound to protect the data.
6. Transfers outside the Kingdom
Some processors may process personal data outside the Kingdom of Saudi Arabia. Where this happens, we carry out such transfers in accordance with the PDPL's requirements for transferring personal data outside the Kingdom, including assessing the adequacy of protection and applying appropriate safeguards, and limiting the transfer to what is necessary for the stated purpose.
7. Retention
We keep personal data only for as long as necessary for the purposes described here, including to provide your reading, to maintain our client relationship, and to meet legal, accounting, or reporting requirements. When no longer needed, we securely delete or anonymise it.
8. Your rights under the PDPL
Subject to the conditions and exceptions in the PDPL, you have the right to: be informed of how your personal data is processed; access your personal data; obtain a copy of it in a readable format; request correction of inaccurate or incomplete data; and request its destruction where it is no longer needed. Where processing is based on consent, you may withdraw that consent at any time. To exercise any of these rights, contact info@bost.sa. We will respond within the period required by law. If you are not satisfied, you may lodge a complaint with the competent supervisory authority (SDAIA).
9. Security
We apply administrative, technical, and organisational measures appropriate to the risk to protect personal data against loss, misuse, and unauthorised access, disclosure, or alteration. No method of transmission or storage is completely secure, but we work to protect your data and to review our controls.
10. Children
The Services are intended for business use by adults and are not directed at children. We do not knowingly collect personal data from children.
11. Changes to this policy
We may update this Privacy Policy from time to time. The "last updated" date above shows the latest revision. Material changes will be notified through the Services where appropriate.
12. Contact
For questions or requests about this policy or your personal data, contact info@bost.sa. For the terms governing the Services, see our Terms of Use.
This policy is drafted to align with the Personal Data Protection Law of the Kingdom of Saudi Arabia and its Implementing Regulations. It should be reviewed by qualified legal counsel, and the controller and contact details confirmed, before being relied upon.
← Back to home