Consent & Privacy
PDPL, handled — and shown. This is exactly what SDAIA fines merchants for (up to SAR 5M). Consent, opt-outs, and data-subject requests are tracked with an audit trail you can hand to a regulator.
Why this matters
Under Saudi PDPL, mishandled personal data carries fines up to SAR 5,000,000. Tawwash makes compliance a default, not a project — every audience is consented, every withdrawal is honoured, every request is timed.
Consent capture rate
89%▲ 3pt
of checkout audience opted in this week
8-week trend
opt-in %W1
W2
W3
W4
W5
W6
W7
W8
Data Subject Requests · PDPL Art. 4
Access, erasure and portability — 30-day legal clock per request.ErasureNew
+9665••••3271
Dar Abaya · received Today 09:14 · due in 29 days
AccessIn progress
h•••r@outlook.com
Luxe Abaya · received Yesterday · due in 28 days
PortabilityNew
+9665••••4456
Dar Abaya · received 2 days ago · due in 27 days
AccessFulfilledDone
+9665••••9021
Dar Abaya · received 5 days ago · due in 24 days
Opt-out log · honoured automatically
+9665••••3271
WhatsApp · Dar Abaya
n•••a@gmail.com
Email · Luxe Abaya
+9665••••8804
SMS · Dar Abaya
+9665••••1190
WhatsApp · Dar Abaya
Suppressed across every channel within seconds — no manual list scrubbing.
Records of processing · ROPA
Marketing audiences (Meta/TikTok/Snap)Consent
Order & purchase historyContract
Win-back & abandoned cartConsent
Fraud & spend guardrailsLegitimate interest
Every purpose maps to a lawful basis — exportable on demand.
Privacy settings · enforced
Data residency
KSA only
Riyadh region · locked
Retention periodeditable
18 months
then auto-purged
PII hashing
SHA-256 · on
identifiers never sent in clear