Your privacy, protected by default. Encrypted in transit and at rest.
Qudra was built from the first line of code to comply with the Saudi Personal Data Protection Law (PDPL). What follows is what we actually do — not future aspirations.
EnabledEncryption in transit
EnabledEncryption at rest
EnabledAudit log on every data access
0Day retentionPublic chat without sign-up
Security & privacy
PDPL-aligned data protection
Your account database and its backups are hosted in Saudi Arabia, and your personal data is processed under the Saudi Personal Data Protection Law (PDPL). AI processing is performed by vetted sub-processors outside the Kingdom (in the United States) via Cloudflare AI Gateway, with sensitive personal data redacted before it is sent and governed by standard contractual clauses (SCCs). See the sub-processors page for the full list.
Safe AI
Transparency over silent bias
Full audit log
Encryption by default
Six security pillars
PDPL-aligned data protection
Your account database and its backups are hosted in Saudi Arabia, and your personal data is processed under the Saudi Personal Data Protection Law (PDPL). AI processing is performed by vetted sub-processors outside the Kingdom (in the United States) via Cloudflare AI Gateway, with sensitive personal data redacted before it is sent and governed by standard contractual clauses (SCCs). See the sub-processors page for the full list.
Encryption by default
Every connection is protected by encryption in transit, and data is encrypted at rest. Passwords are hashed with argon2id and an extra pepper. We don't store card numbers — payment goes directly through Moyasar.
Safe AI
Messages are sanitised of personal data (names, IDs, phone numbers, emails) before reaching AI providers. Every provider (Anthropic, OpenAI, Google) is bound to Zero-Retention and prohibited from training on your data. The full list is on the subprocessors page.
Transparency over silent bias
Every AI match score is shown with its inputs and the reason it was ranked. Any debiasing adjustment is named and visible to you — no silent corrections. And employers can override any AI score with one click.
Full audit log
Every read or write of your data is logged (who, when, why, from which IP). You can request a copy of the log at any time — a statutory right under PDPL.
Resilient infrastructure
The database is backed up daily at 03:30 Riyadh time. Backups are retained for 14 days and stay on the same Saudi-hosted server — they are never copied outside the Kingdom. Errors and performance are monitored continuously with alerting.
Disclosures and contacts
Subprocessors list:/subprocessors — updated with every change.
Privacy policy:/privacy — your rights and retention periods.
Vulnerability disclosure:security@qudrah.io — we reply within 24 hours. Responsible researchers will not be pursued legally.