📅 Last Updated: May 2025
⚠️ Language Authority Notice:
This English version is provided for convenience only. The Arabic version of this Privacy Policy is the sole official and legally binding version. In the event of any conflict or discrepancy between the two versions, the Arabic version shall prevail.
1 Introduction
This Privacy Policy explains how "Testing Waves" (referred to as "the Platform" or "we") collects, uses, protects, and shares personal data when you use our services. This policy applies to all Platform users, including Clients, Software Testers, and Bug Reviewers.
By using or accessing the Platform, you agree to the practices described in this policy. If you do not agree, please do not use the Platform.
Our Commitment to Your Privacy:
Testing Waves values your privacy and is committed to protecting your personal data in accordance with the Personal Data Protection Law of the Kingdom of Saudi Arabia.
2 Data We Collect
2.1 Data You Provide Directly
- Registration Data: Full name, email address, mobile number, password (encrypted), and account type (Client / Tester / Reviewer).
- Profile Data: Profile picture (optional), bio, technical skills, and years of experience.
- Client Data: Client or trade name, tax registration number, and contact details.
- Financial Data: Service Balance information, mobile number used to receive rewards via STC Bank, and transaction and invoice history.
- Report Content: Bug reports, screenshots, video recordings, and comments.
2.2 Automatically Collected Data
- Usage Data: Login logs, pages visited, and session duration.
- Device Data: Browser type, operating system, and IP address.
- Session Data: We temporarily retain login session data during your use of the Platform. This data is deleted upon logout.
3 How We Use Your Data
We use collected data for the following purposes:
- Service Delivery: Creating and managing accounts, processing testing waves, and distributing rewards.
- Identity Verification: Confirming user data accuracy and preventing fraud.
- Communication: Sending notifications about report statuses and important updates.
- Security: Protecting the Platform from harmful activities and monitoring suspicious usage.
- Legal Compliance: Meeting regulatory and legal requirements in the Kingdom of Saudi Arabia.
- Electronic Invoices: Issuing electronic invoices to document Service Balance top-ups and Platform transactions.
4 Legal Basis for Processing
We process your personal data on the following legal bases:
- Service Provision: Processing data necessary to enable your use of the Platform pursuant to the Terms of Use agreed upon at registration.
- Consent: When you provide explicit consent to process certain data.
- Legitimate Interest: To improve our services and ensure Platform security.
- Legal Obligation: When the law requires us to process your data.
5 Sharing Data with Third Parties
We do not sell your personal data. We share your data only in the following cases:
- Electronic Payment Gateway: To process Service Balance top-up payments (currently Mada debit cards only).
- STC Bank: To transfer reward amounts to Testers' and Reviewers' bank accounts.
- Mobile Verification Service: To verify mobile numbers during registration.
- Email & Hosting Services: To operate the Platform's infrastructure.
- Clients & Testers: Sharing data necessary for executing testing waves (e.g., the Tester's name in a report).
- Company Clients — Bug Reviewer Profile: The Reviewer's profile (name, picture, specializations, skills, and performance history) is displayed to Companies when selecting a Reviewer for testing waves. This constitutes an operational necessity consented to by the Reviewer upon registration.
- Government & Regulatory Authorities: Upon official request from competent authorities in accordance with the law.
Important Note:
All third parties we engage with are bound by strict confidentiality agreements and are not permitted to use your data for any other purposes.
6 Data Security
We implement security measures to protect your personal data, including:
- Sensitive Data Encryption: Personal data such as names, email addresses, and mobile numbers is encrypted using high-level encryption standards.
- Password Protection: Passwords are stored using secure hashing algorithms and are never stored in plain text.
- Encrypted Communication: All communications between your device and the Platform are secured using approved security protocols.
- Identity Verification: We verify user identities via email address and mobile number.
- Continuous Monitoring: We monitor suspicious activities to keep your account secure.
- Regular Backups: We maintain regular backups to ensure the integrity of your data.
7 Privacy & No Tracking
The Platform does not use any tracking, analytics, or marketing tools. We retain only the necessary login session information during your use of the Platform, which is automatically deleted upon logout.
No Ads. No Tracking:
The Platform is free of advertisements and tracking tools. Your data is used solely to deliver the service and never for any marketing purpose.
8 International Data Transfers
Some of your data may be processed on servers outside the Kingdom of Saudi Arabia due to the nature of certain service providers. In such cases:
- We ensure an appropriate level of data protection is maintained.
- We contract with service providers committed to high security standards.
- We use approved transfer mechanisms compliant with the Saudi Personal Data Protection Law.
9 Data Subject Rights
Under the Saudi Personal Data Protection Law, you have the right to:
- Right of Access: Obtain a copy of your personal data stored with us.
- Right of Correction: Correct any inaccurate or incomplete data in your account.
- Right of Deletion: Request deletion of your personal data where permitted by law.
- Right to Object: Object to the processing of your data for direct marketing purposes.
- Right to Withdraw Consent: Withdraw your consent to data processing at any time without affecting the lawfulness of prior processing.
- Right to Data Portability: Receive your data in a usable format for transfer to another party.
To exercise any of these rights, contact us at: support@testingwaves.com. We will respond to your request within 30 business days.
10 Data Retention
We retain your personal data for the duration of your active account in accordance with the following policies:
- Account Data: For the duration of your active subscription on the Platform.
- Financial Records & Invoices: For 10 years in accordance with Saudi tax requirements.
- Bug Reports & Attachments: For 3 years after wave closure or account deletion.
- Security Logs: For 1 year for security and auditing purposes.
- After Account Closure: Personal data is deleted after the applicable legal retention period expires.
11 Policy Amendments
We reserve the right to update this policy at any time. We will notify you of material changes through an in-Platform notification upon login or via your registered email address. Continued use of the Platform after amendments are published constitutes acceptance of the updated policy.
12 Regulatory Compliance & Contact
The Platform complies with the following regulations and standards:
- Saudi Personal Data Protection Law (PDPL).
- Saudi E-Commerce Law.
- Saudi Central Bank (SAMA) requirements for payment processing.