Privacy Policy
Draft pending legal review — not yet legally binding.
This Privacy Policy explains how Telvory handles personal data. This is an implementation-ready draft and not legal advice; a Saudi-qualified lawyer must review and approve the final English and Arabic text before publication.
1. Scope
This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you use Telvory, including our websites, SaaS portal, remote support sessions, agents, Android app, billing pages, documentation, APIs, and support channels.
If you are an End User receiving support from a Tenant, the Tenant may also be a controller of your personal data. Contact the Tenant for questions about its own use of the service.
2. Personal data we collect
| Category | Examples |
|---|---|
| Account data | name, email, phone, password hash, MFA status, role, tenant membership |
| Tenant data | legal name, billing contact, tax details, branding settings, domain settings |
| Device data | device name, OS, agent version, IP address, capabilities, heartbeat, diagnostics |
| Session data | session code, participants, timestamps, consent events, chat, notes, actions |
| Remote support content | screen stream during session, files transferred, recordings and command output if enabled |
| Android app data | screen-share consent state, device model, OS version, camera stream if enabled |
| Payment data | Moyasar references, invoice records, status, amount, currency, card brand where provided |
| Usage data | logs, browser type, pages viewed, feature usage, errors, performance metrics |
| Support data | tickets, emails, call notes, attachments shared with support |
| Documentation data | help searches, guide views, generated manual metadata, AI draft review records |
3. How we collect personal data
We collect data when you create an account or tenant; when a Tenant Administrator invites users; when you start or join a remote session; from installed agents and mobile apps; from payment and billing interactions; from support requests; from cookies and similar technologies; from integrations configured by your Tenant; and from automated security and service logs.
4. Purposes of processing
We process personal data to provide remote support and unattended access; authenticate users and protect accounts; manage tenants, devices, sessions, and policies; process payments, subscriptions, refunds, and invoices; provide customer support; generate documentation and help content; maintain audit logs and security records; detect abuse and prevent fraud; comply with legal, tax, security, and regulatory obligations; improve service reliability and product quality; and send service and billing notices.
5. Legal bases and consent
Depending on the context, processing may be based on contract performance, legitimate interests, legal obligation, consent, or other lawful bases recognized under applicable law. Certain remote support actions may require explicit consent or clear notice, including screen sharing, remote control, recording, file transfer, camera support, Android screen sharing, or accessibility-driven control.
6. Remote support sessions
During a session, Technicians may view or control a Device only according to Tenant policy, End User consent, and available platform permissions. The service records session metadata and audit events. Session recordings and files are stored only when enabled by Tenant policy and user action.
End Users should not share passwords, payment card details, or sensitive information during a session unless they trust the Tenant and the action is necessary and authorized.
7. AI-assisted documentation and assistant features
The service may use AI providers to draft user manuals, step-by-step guides, release notes, summaries, or support suggestions. By default, AI documentation should use product metadata and non-customer screenshots. Tenant-specific or customer-content AI processing requires Tenant configuration and may be disabled. We use controls such as redaction, access restriction, logging, and human review for AI-generated content. AI output may be inaccurate and should be reviewed for important decisions.
8. Payment processing
Payments are processed by Moyasar or another approved payment provider. We do not store raw card numbers or CVV. We store payment references, invoice data, payment state, amount, currency, and limited card and payment metadata returned by the payment provider where needed for billing, reconciliation, refunds, and legal records.
9. Cookies and similar technologies
We use cookies and similar technologies for authentication, security, preferences, analytics, and service performance. Details are provided in the Cookie Notice.
10. Sharing and subprocessors
We may share personal data with cloud hosting providers; payment processors; DNS, CDN, and WAF providers; email, SMS, and notification providers; AI providers if enabled; analytics and observability providers; professional advisors; authorities where required by law; and integration providers configured by the Tenant. We maintain a Subprocessor List with provider name, purpose, location, and data categories.
11. International transfers
Personal data may be processed in countries outside Saudi Arabia depending on selected region, cloud provider, support operations, subprocessors, and AI provider settings. We use contractual, technical, and organizational safeguards and document transfer purposes and risks as required by applicable law. Tenants with data residency requirements should choose an appropriate plan, region, and contract terms.
12. Retention
| Data type | Default retention | Notes |
|---|---|---|
| Account data | account life plus legal retention | delete or anonymize after closure where allowed |
| Tenant billing records | tax and accounting retention period | retain invoices and payment records as required |
| Session metadata | 12 months default | tenant configurable within policy and legal limits |
| Session recordings | off by default or tenant configured | storage quota and retention policy apply |
| Transferred files | short-lived by default | tenant configurable; malware and legal-hold exceptions |
| Audit logs | 1 to 7 years depending on plan and legal need | immutable archive for enterprise |
| Device heartbeat logs | 90 to 180 days | operational diagnostics |
| AI docs metadata | life of documentation version | tenant can delete custom docs |
| Support tickets | support retention period | legal hold may apply |
13. Security
We use administrative, technical, and organizational controls such as encryption, access controls, MFA, tenant isolation, audit logs, secure software development, signed agents, monitoring, incident response, and vulnerability management. No system is perfectly secure, and you must protect your account credentials and configure Tenant policies appropriately.
14. Your privacy rights
Depending on applicable law and your relationship with us or a Tenant, you may have rights to access, correct, delete, restrict, object to processing, withdraw consent, or request information about processing. Submit requests using the privacy contact published on the website. If your data is controlled by a Tenant, we may direct your request to that Tenant.
15. Breach notification
If we become aware of a personal data breach requiring notification, we will assess the incident, take containment measures, and notify affected parties and competent authorities where required by applicable law and contracts.
16. Children
The service is intended for business and professional support use. It is not directed to children. Tenants must not use the service to collect children's personal data unless they have appropriate authority and safeguards.
17. Changes to this Privacy Policy
We may update this Privacy Policy. Material changes will be notified through the service, email, or website. The updated version will show an effective date.
18. Contact
For privacy requests and legal notices, use the contact addresses published on the Telvory website.