Home / Privacy

Privacy Policy

How Birox Tech collects, uses, and protects your information. Written in plain English — no surprises.

Last updated: April 28, 2026 · Effective: April 28, 2026

1. Who we are

Birox Tech ("we", "us", "our") is a software development studio headquartered in Riyadh, Saudi Arabia. This Privacy Policy explains how we collect, use, store, and share your personal information when you visit biroxtech.com, contact us, or engage us for services.

If you have any questions, write to us at privacy@biroxtech.com.

2. Information we collect

2.1 Information you provide

  • Contact details — name, email, phone number, and company when you fill out a form or email us.
  • Project details — the description, budget range, and any documents you share when requesting a quote.
  • Account credentials — for clients with active engagements, we store project-specific access (Slack, GitHub, etc.) under encrypted vaults.

2.2 Information collected automatically

  • Usage data — pages viewed, referring URL, and approximate location (country/city level) via privacy-respecting analytics (Plausible).
  • Device data — browser type, screen size, operating system.
  • Cookies — see our Cookie Policy. We use only essential cookies; no advertising cookies, no third-party trackers.

3. How we use your information

We use your information to:

  • Respond to your enquiries and provide quotes;
  • Deliver and maintain services you have engaged us for;
  • Send transactional emails (project updates, invoices, support replies);
  • Improve our website and offerings (aggregated, anonymous analytics);
  • Comply with legal obligations and enforce our agreements.

We do not use your information for advertising, sell it to third parties, or share it with data brokers.

4. Legal bases (GDPR / similar laws)

We process your information based on:

  • Consent — for marketing emails (which you may opt out of any time).
  • Contract — to provide services you have engaged us for.
  • Legitimate interest — to operate our business, secure our systems, and respond to enquiries.
  • Legal obligation — to comply with tax, accounting, and regulatory requirements.

5. Sharing your information

We share your information only with:

  • Service providers we contract with to run our business (e.g. email delivery, cloud hosting, payment processing). All are bound by data-protection agreements.
  • Authorities when required by law or to protect rights.
  • Successors in the event of a merger or acquisition (we will notify you of any change of control).

Current sub-processors include: Netlify (hosting), Resend / Postmark (transactional email), Plausible (analytics), Stripe / Moyasar (payments). Full list available on request.

6. International transfers

Some of our service providers are based outside Saudi Arabia (primarily the EU and US). We rely on Standard Contractual Clauses or equivalent safeguards for transfers, and only work with providers committed to high data-protection standards.

7. Data retention

  • Enquiries — retained for 24 months from last contact, then deleted.
  • Active client records — retained for the duration of the engagement plus 7 years for tax and audit purposes.
  • Server logs — retained for 30 days, then automatically purged.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data;
  • Correct inaccurate data;
  • Request deletion ("right to be forgotten");
  • Restrict or object to processing;
  • Receive your data in a portable format;
  • Withdraw consent at any time;
  • Lodge a complaint with a supervisory authority.

To exercise any right, email privacy@biroxtech.com. We respond within 30 days.

9. Security

We protect your information using industry-standard measures: TLS 1.3 in transit, AES-256 at rest, role-based access, two-factor authentication for all team accounts, and regular security audits. No system is 100% secure, but we treat your data as we would treat our own.

10. Children

Our services are not directed to anyone under 18. We do not knowingly collect personal information from children. If we learn we have collected such data, we will delete it.

11. Changes to this policy

We may update this policy. The "last updated" date at the top reflects the most recent change. For material changes, we will notify active clients by email at least 30 days before they take effect.

12. Contact us

Privacy questions, requests, or complaints: