Privacy Policy
The Company complies with the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia and its Implementing Regulations. We collect and process only the minimum personal data necessary to provide our services. This policy applies to Kolwave App and all related services provided by the Company.
1. Data We Collect and How We Collect It
① Required Data (essential for service provision)
- Email address – for user registration, verification, and account management
- Username and nickname – for account identification and community display
- Profile photo – for profile representation
② Optional Data (processed only with explicit consent)
- Onboarding information: skin tone, skin type, scalp type, hairstyle – for personalized feed recommendations
- User-generated content (UGC): posts, photos, videos, comments, direct messages (DMs)
- Product-related links: cosmetic product information or purchase links attached to posts
③ Automatically Collected Data
- Device and usage information, access logs, app events (for error analysis and service improvement via Firebase Analytics)
④ Collection Methods
- Information entered directly by the user during registration or service use
- Automatic collection tools within the app (Firebase Analytics)
2. Purpose and Legal Basis of Processing
| Purpose of Processing | Legal Basis |
|---|---|
| User registration, verification, and account management | Explicit consent of the user |
| Core service functions (UGC posting, feed display, DM) | Performance of a contract |
| Personalized content recommendations | Explicit consent |
| Service improvement and error analysis (Firebase Analytics) | Explicit consent |
| Compliance with legal obligations and dispute resolution | Legal obligation |
3. Data Subject Rights
Users have the following rights under the PDPL:
- Request access to and a copy of personal data
- Request correction or deletion (where not legally required to retain)
- Request restriction of processing
- Withdraw consent or delete their account
- Exercise the right to data portability (where applicable)
To exercise these rights, please contact us via the email listed below. Requests will be processed within the timeframe prescribed by law.
3-1. User Control over Content and Interactions (Report/Block)
Users may use the in-app report or block functions to restrict exposure to inappropriate content or interactions. The Company promptly reviews such requests and may remove content or restrict accounts where necessary. These measures protect user privacy and ensure compliance with local social and religious values.
5. Retention and Deletion of Personal Data
- Personal data is retained only as long as necessary to fulfill the purpose of collection.
- Upon account deletion or fulfillment of the processing purpose, data is securely erased.
- If retention is required by applicable law, data will be kept for the legally prescribed period only.
6. Data Security Measures
- Encryption during transmission and storage; strict access control and authorization
- Physical and network security controls within AWS Bahrain Region
- Access log monitoring and anomaly detection
- Confidentiality agreements and privacy training for personnel
7. Personal Data Breach Response
In the event of a data breach, the Company will take immediate steps to mitigate harm, investigate the incident, and notify the competent authority (SDAIA) within 72 hours, as required by law. Affected users will be informed without undue delay.
8. Consent, Notice, and Withdrawal
- Users are clearly informed of this Privacy Policy and Terms of Service during registration and must provide explicit consent before using the service.
- Optional data (onboarding information, analytics) is processed only after additional consent, which can be withdrawn at any time.
- To withdraw consent, delete an account, or exercise rights, please contact us at support@kolwave.com. Requests will be handled manually until an in-app option is provided.
9. Compliance with Local Social and Religious Standards
The Company respects the cultural and religious values of the Kingdom of Saudi Arabia. Content that is obscene, blasphemous, violent, or otherwise unlawful is strictly prohibited and may be removed upon user report.
10. Children’s Data
This service is not directed to children. If minors access the service, additional consent and protection measures will be implemented in compliance with applicable law.
11. Data Protection Contact
| support@kolwave.com |
This contact point may request limited verification information to confirm the requester’s identity before processing any privacy-related request.
12. Updates to This Policy
We may update this Privacy Policy from time to time. In case of significant changes, users will be notified at least seven (7) days prior to the effective date via in-app notice or email.