Essaly Privacy Policy

We started by rethinking the receipt, turning proof of purchase into searchable, useful data and real rewards. That foundation grew into a broader platform that helps retailers win loyalty, operate efficiently, and meet compliance with confidence.

Effective date: September 28, 2025

Applies to: Essaly and its Saudi entities and branches (“Essaly”, “we”, “us”, or “our”).

Essaly provides a platform that includes the Essaly mobile app (digital receipts & loyalty), Essaly POS, and optional Odoo services for business operations. This Privacy Policy explains what personal data we collect, how we use it, the choices and rights available to you, and how we protect your information in the Kingdom of Saudi Arabia.

If you are a merchant using Essaly POS or our Odoo services, please also see the “For Merchants” section below.
Essaly provides a platform that includes the Essaly mobile app (digital receipts & loyalty), Essaly POS, and optional Odoo services for business operations. This Privacy Policy explains what personal data we collect, how we use it, the choices and rights available to you, and how we protect your information in the Kingdom of Saudi Arabia.

1) Who we are (Controller)

Unless stated otherwise, the controller of your personal data is Essaly operating in Saudi Arabia, including our Saudi subsidiaries and branches. Contact details are in Section 15.

2) What we collect

We collect personal data directly from you, from your use of our services, and from permitted third parties. The categories include:

Identity & contact: name, mobile number, email, date of birth, national ID (where required), addresses.
Account & profile: preferences, reward balances, saved stores, settings.
Transaction data: purchases, returns, store/branch, date and time, amounts, payment method type (we do not store full card details in our systems).
Device & usage: app events, device identifiers, browser type, referral URLs, cookies.
Communications: messages to support, feedback, survey responses, and (if you share them) images/attachments.
Merchant data (B2B): store and branch identifiers, staff user accounts, catalog and pricing data, configuration and audit logs for POS/Odoo.

We may receive information from approved public sources and service providers (e.g., payment processors, identity/credit checks where legally permitted).

3) Why we use your data (purposes) & legal grounds

We process personal data for the following purposes, based on applicable legal grounds under Saudi law (e.g., consent, contract necessity, legal obligations, or legitimate interests):

Provide the service: create accounts, issue and store digital receipts, calculate & redeem loyalty, enable POS checkout, and deliver Odoo services.
Operate & secure: authentication, fraud prevention, troubleshooting, auditing, and service quality improvement.
Personalize & improve: recommendations, targeted offers, A/B testing, and analytics to understand usage and enhance features.
Compliance: tax/e-invoicing, accounting, reporting, and responding to lawful requests from regulators or courts.
Marketing with choice: send product updates, promotions, and surveys (you can opt out at any time).

4) Cookies & similar technologies

We use cookies and similar technologies to run our websites, remember preferences, keep you signed in, understand usage, and improve performance. You can manage most cookies in your browser settings; some cookies are essential for the site to function.

5) Who we share data with

We share personal data only as needed, under contracts that require recipients to protect it:

Service providers / processors: cloud hosting, SMS/email delivery, payments, fraud prevention, support tools, and analytics.
Essaly group companies in KSA for service delivery and support.
Regulators, authorities, and courts when legally required.
Financial partners (e.g., banks, payment networks) to process transactions and manage chargebacks.
Debt collection / credit information providers / insurers where permitted and relevant.

We do not sell your personal data.

6) Where we store and process data

By default, we retain and process personal data within the Kingdom of Saudi Arabia. If a specific service requires processing outside KSA, we will apply appropriate safeguards permitted under Saudi law and inform you where required.

7) How long we keep data (retention)

8) Security

We apply administrative, technical, and physical safeguards designed to protect personal data against loss, misuse, and unauthorized access or disclosure. Measures include encryption in transit, access controls, logging, and regular reviews of vendors and internal practices.

9) Your rights (Saudi PDPL–style rights)

Subject to applicable law, you may have the right to:

Know the purposes and categories of personal data we process;
Access and obtain a copy of your personal data;
Request correction or updating of inaccurate or incomplete data;
Request deletion where legal grounds apply;
Withdraw consent where processing is based on consent;
Object to direct marketing; and
Lodge a complaint with the competent authority.

To exercise your rights, see Section 15 (Contact us).

10) For Essaly App users (consumers)

Digital receipts & loyalty: we store your receipts, points, and redemptions so you can view history, manage warranties, and redeem rewards.
Recommendations & offers: we use purchase history and preferences to surface relevant promotions from participating merchants (you can manage notifications and marketing preferences in the app).
Location & device: if you allow permissions, we may use approximate location and device signals to improve app features (e.g., nearest store suggestions). You can change permissions in your OS settings.

11) For Merchants (Essaly POS & Odoo services)

Business data: catalog, prices, taxes, branches, staff users, and configuration you provide are processed to operate POS and—if you choose—Odoo modules (inventory, accounting, CRM, HR).
Receipts & customers: we generate compliant receipts and, where you activate loyalty, attribute points/redemptions to your customers. You are responsible for having a lawful basis to share customer data with Essaly for these features.
Staff data: we process staff identifiers and role-based access to enable cashier/manager functions and audit logs.
Reports & analytics: we provide dashboards and exports. You control what you download or share further.
Processor vs. controller: for many merchant workflows we act as your processor (operating under your instructions); for platform-wide features (e.g., app accounts, security, fraud prevention) we may act as controller. We’ll clarify roles in our merchant agreement and DPA.

12) Children’s data

Our services are not intended for children without appropriate guardian involvement. If you believe a child has provided personal data to us without consent, please contact us and we will take appropriate steps.

13) Marketing preferences & communications

We may contact you about features, offers, and surveys via SMS, email, in-app, or phone. You can opt out of marketing at any time (for example, by using the unsubscribe link in emails, toggling notifications in the app, or contacting support). Service and transactional messages (e.g., receipt delivery, security alerts) are necessary to provide the service.

14) Third-party links and services

Our websites or apps may link to third-party sites or services. Their privacy practices are governed by their own policies; we are not responsible for their content. We recommend reviewing each site’s privacy and security policy before using it.

15) Contact us

If you have questions or want to exercise your privacy rights, contact us via:

In-app support: Help → Support
Email: sales@essaly.com
Address: Al Mohammadiyyah, Riyadh
Phone: +1(323) 758-2740

We will respond in accordance with applicable Saudi regulations.

16) Changes to this policy

We may update this Privacy Policy from time to time. The effective date at the top tells you when we last revised it. If changes are material, we’ll take reasonable steps to notify you (for example, via the app or email). We encourage you to review this page periodically for updates.