Qudra
Qudra
العربية
Security & privacy

Your privacy, protected by default. Encrypted in transit and at rest.

Qudra was built from the first line of code to comply with the Saudi Personal Data Protection Law (PDPL). What follows is what we actually do — not future aspirations.

EnabledEncryption in transit
EnabledEncryption at rest
EnabledAudit log on every data access
0Day retentionPublic chat without sign-up
Security & privacy

PDPL-aligned data protection

Your account database and its backups are hosted in Saudi Arabia, and your personal data is processed under the Saudi Personal Data Protection Law (PDPL). AI processing is performed by vetted sub-processors outside the Kingdom (in the United States) via Cloudflare AI Gateway, with sensitive personal data redacted before it is sent and governed by standard contractual clauses (SCCs). See the sub-processors page for the full list.

  • Safe AI
  • Transparency over silent bias
  • Full audit log
  • Encryption by default

Six security pillars

PDPL-aligned data protection

Your account database and its backups are hosted in Saudi Arabia, and your personal data is processed under the Saudi Personal Data Protection Law (PDPL). AI processing is performed by vetted sub-processors outside the Kingdom (in the United States) via Cloudflare AI Gateway, with sensitive personal data redacted before it is sent and governed by standard contractual clauses (SCCs). See the sub-processors page for the full list.

Encryption by default

Every connection is protected by encryption in transit, and data is encrypted at rest. Passwords are hashed with argon2id and an extra pepper. We don't store card numbers — payment goes directly through Moyasar.

Safe AI

Messages are sanitised of personal data (names, IDs, phone numbers, emails) before reaching AI providers. Every provider (Anthropic, OpenAI, Google) is bound to Zero-Retention and prohibited from training on your data. The full list is on the subprocessors page.

Transparency over silent bias

Every AI match score is shown with its inputs and the reason it was ranked. Any debiasing adjustment is named and visible to you — no silent corrections. And employers can override any AI score with one click.

Full audit log

Every read or write of your data is logged (who, when, why, from which IP). You can request a copy of the log at any time — a statutory right under PDPL.

Resilient infrastructure

The database is backed up daily at 03:30 Riyadh time. Backups are retained for 14 days and stay on the same Saudi-hosted server — they are never copied outside the Kingdom. Errors and performance are monitored continuously with alerting.

Disclosures and contacts

  • Subprocessors list: /subprocessors — updated with every change.
  • Privacy policy: /privacy — your rights and retention periods.
  • Vulnerability disclosure: security@qudrah.io — we reply within 24 hours. Responsible researchers will not be pursued legally.
  • Data Protection Officer (DPO): dpo@qudrah.io.
  • Complaints: if we don't satisfy your request, you have the right to file with the Saudi Data and AI Authority (SDAIA).