Overview
This Privacy Policy explains how Nabdi (INETWORK) collects, uses, shares, and protects information about you when you use our platform. It applies to all customers, merchants and service providers.
Data we collect
Identity data (name, national ID, date of birth), contact data (email, phone, address), medical data (booked services, lab results, prescriptions), payment metadata (last 4 digits of card, gateway token), and technical data (IP, device, log activity).
How we use your data
To deliver bookings and orders, process payments, send appointment reminders, comply with regulatory obligations, and improve the platform. We never sell your data.
Sharing your data
Booked providers receive only the data they need to deliver the service. Payment gateways receive payment metadata only. Government bodies receive data only on lawful request.
Data retention
We retain data for as long as your account is active and for the periods required by Saudi law. Medical records are retained per the MoH minimum schedule. You can request deletion at any time.
Security
Sensitive data is encrypted at rest and in transit. We follow OWASP Top 10 controls, reduced-scope PCI-DSS, and audit logging on every sensitive action.
Your PDPL rights
Under Saudi PDPL Articles 17–22 you can access, correct, port, restrict, or delete your data. Email privacy@nabdi.sa to exercise any right — we'll confirm within 5 business days.
Children
Nabdi is intended for adults. A parent or guardian must book any service for a minor.
Changes to this policy
We may update this policy from time to time. Material changes are emailed to your registered address and posted on this page.
Contact
Questions? Email privacy@nabdi.sa or write to our registered office in Riyadh.