Trust & Privacy
Buyu Marketplace operates under the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia and complies with ZATCA's electronic invoicing and 6-year retention requirements. This page summarises exactly how we collect, retain, minimise, and delete your data — and how you can exercise your rights.
1. Data Retention Tiers
Every entity in our system follows a documented lifecycle: HOT → COLD → PURGED. Hot rows live in our live database; cold rows are encrypted and offloaded to object storage; purged rows are deleted entirely. Thresholds below are the current live policy values and may be tightened (never extended) for individual tenants.
| Entity | Hot (days) | Cold (years) | Purge (years) |
|---|---|---|---|
| carrier_invoice | 730 days | 6 years | 7 years |
| order | 365 days | 6 years | 7 years |
| shipment | 365 days | 3 years | 4 years |
| pod_attachment | 365 days | 6 years | 7 years |
| customer_pii | 365 days | 1 years | 2 years |
Tax-bound entities (orders, invoices, PODs) follow ZATCA's 6-year floor. Operational data (shipments) and customer PII are minimised faster per PDPL Article 18.
2. Your Rights Under PDPL
Download a complete copy of your personal and commercial data — profile, orders, shipments, and POD photos — as a single ZIP archive.
Close your account at any time. We strip your name, email, and phone from active systems immediately. Commercial transaction records are retained for the 6-year ZATCA window per legal obligation.
Update incorrect personal data from your profile settings at any time. Tax-relevant edits are versioned so we can prove the historical record to auditors.
Opt out of marketing communications anytime from your notification preferences. Transactional emails tied to ZATCA-mandated invoices cannot be opted out of while you hold an active account.
3. Self-Serve Privacy Tools
Buyer/seller accounts can export their data and close their account directly — no support ticket required.
- • Export ZIP — profile, orders, shipments, POD photos
- • Close account — soft-close (PII stripped, sign-in revoked) with obligations pre-flight check
- • Auto-archive after 365-day inactivity, with email warnings at T-30 and T-7
4. ZATCA & Commercial Records
Buyu Marketplace LLC is a registered VAT taxpayer in the Kingdom of Saudi Arabia. ZATCA (the Zakat, Tax and Customs Authority) requires us to retain tax-relevant records for a minimum of 6 years from the date of the transaction. This includes:
- Tax invoices (B2B carrier-commission invoices, marketplace fees)
- Order records (line items, totals, VAT amounts)
- Proof-of-delivery attachments tied to a tax event
- Audit trails of FATOORA submissions to ZATCA Phase-2
When you close your account, your personal identifiers are removed but a masked record stays in our ledger so auditors can reconcile transactions to a known counterparty.
5. Security Posture
TLS 1.3 in transit; AES-256 at rest. PII fields hashed with SHA-256 when minimised.
Role-based access (RBAC) with super-admin / admin / platform-admin tiers. Optional MFA. Tenant predicates on every query.
All access, edits, archives, and purges land in append-only audit logs retained for 6 years.
6. Contact our DPO
We will respond to PDPL access / erasure / objection requests within 30 calendar days. You also have the right to file a complaint with SDAIA (the Saudi Data & AI Authority).