Legal

Privacy Policy

Effective Date: April 21, 2026  |  Last Updated: April 21, 2026

Contents

  1. Introduction
  2. Personal Data We Collect
  3. How We Use Your Personal Data
  4. Legal Basis for Processing (PDPL)
  5. Data Sharing and Disclosure
  6. Cross-Border Data Transfers
  7. Cookies and Tracking Technologies
  8. Data Retention
  9. Your Rights Under the PDPL
  10. Data Security
  11. Children's Privacy
  12. Contact Us
  13. Changes to This Privacy Policy

1. Introduction

This Privacy Policy explains how Jood ("we," "us," or "our"), a Limited Liability Company registered in Riyadh, Saudi Arabia, collects, uses, stores, and protects your personal data when you access or use our website, mobile application, Smart Saudi Coffee machines, subscription services, and any related services (collectively, the "Services").

We are committed to protecting your privacy and handling your personal data in accordance with the Personal Data Protection Law of Saudi Arabia (PDPL) issued by Royal Decree No. M/19 dated 9/2/1443H and its implementing regulations, as well as any other applicable Saudi laws and regulations.

By using our Services, you acknowledge that you have read and understood this Privacy Policy. References to "you" or "user" refer to any individual or legal entity accessing our Services.

2. Personal Data We Collect

We may collect and process the following categories of personal data:

2.1 Data You Provide Directly

  • Registration and account information: your name, email address, phone number, and password when you create an account on our website or mobile app.
  • Order and transaction details: billing address, delivery address, and payment information processed through our secure payment providers.
  • Subscription preferences: your chosen coffee blends, capsule frequency, and other subscription customization data.
  • Communications: records of correspondence when you contact our customer support team, submit feedback, or respond to surveys.
  • User-generated content: reviews, ratings, or testimonials you submit about our products.

2.2 Data Collected Automatically

  • Device and technical data: IP address, browser type, operating system, and device identifiers.
  • Usage data: pages visited, time spent on pages, links clicked, and search queries on our website.
  • Location data: approximate or precise geographic location when you use our mobile application, if you grant permission.
  • IoT machine data: usage patterns, brewing frequency, and capsule consumption data collected through your Smart Saudi Coffee machine.
  • Cookies and tracking technologies: data collected via cookies, web beacons, and similar technologies as described in Section 7 below.

2.3 Data from Third Parties

  • Social media login data: if you choose to register or log in using a social media platform (e.g., Google, Apple), we receive limited profile information from that platform, subject to your privacy settings.
  • Email addresses provided by third parties who have confirmed they hold your consent to share such information.
  • Analytics and advertising partners: aggregated or anonymized data to improve our marketing campaigns.

3. How We Use Your Personal Data

We process your personal data for the following purposes and legal bases, in accordance with the PDPL:

  • Order fulfillment and delivery: to process your orders, manage subscriptions, and coordinate delivery of coffee capsules and machines.
  • Account management: to create and maintain your account, authenticate your identity, and provide customer support.
  • Service improvement: to analyze usage patterns, conduct research, and enhance the functionality and personalization of our Services, including personalized coffee recommendations through our mobile app.
  • IoT and machine management: to remotely monitor, update, and improve the performance of your Smart Saudi Coffee machine.
  • Communications: to send you order confirmations, delivery updates, service notices, and — with your consent — marketing messages about new products, promotions, and limited-edition capsule blends.
  • Legal compliance: to comply with applicable Saudi laws and regulations, including tax, consumer protection, and e-commerce regulations.
  • Fraud prevention and security: to detect, investigate, and prevent fraudulent transactions and unauthorized access.
  • Loyalty and promotional programs: to administer rewards programs, competitions, and notify winners.
  • Location-based services: to provide delivery estimates, find nearby service centers, and show location-relevant content.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

  • Service providers and processors: logistics partners for order delivery, payment processors (operating under strict data processing agreements), IT and cloud service providers, and customer support platforms.
  • IoT and technology partners: third-party technology providers who support the operation of our Smart Saudi Coffee machines and mobile application.
  • Analytics and marketing platforms: to help us understand usage and deliver relevant communications, subject to anonymization or pseudonymization where possible.
  • Legal and regulatory authorities: government agencies, law enforcement, or courts when required by Saudi law or valid legal process.
  • Business transfers: in the event of a merger, acquisition, or sale of business assets, your data may be transferred to the relevant successor entity, with prior notice to you where required by law.

All third parties we share data with are required to handle your personal data in accordance with applicable laws and our data protection standards.

6. Cross-Border Data Transfers

Some of our service providers may be located outside Saudi Arabia. Any transfer of personal data outside the Kingdom will only take place where permitted under the PDPL and its implementing regulations, including where the recipient country provides an adequate level of data protection, or where appropriate contractual safeguards are in place.

We will not transfer your personal data outside Saudi Arabia in a manner that may harm your interests or violate the PDPL.

7. Cookies and Tracking Technologies

Our website and mobile application use cookies and similar tracking technologies (such as web beacons and pixel tags) to improve functionality, analyze usage, and deliver personalized experiences. You can manage your cookie preferences through your browser settings or the cookie consent tool on our website.

We use the following types of cookies:

  • Essential cookies: necessary for the website to function and cannot be disabled.
  • Analytics cookies: help us understand how visitors use our Services (e.g., Google Analytics).
  • Preference cookies: remember your settings and choices for a better experience.
  • Marketing cookies: used to deliver relevant advertisements and promotions, with your consent.

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting obligations. In general:

  • Account and transaction data is retained for a minimum of 10 years in accordance with Saudi e-commerce and commercial records regulations.
  • Marketing consent records are retained for as long as we rely on that consent.
  • IoT and usage data may be retained in aggregated, anonymized form indefinitely.

When data is no longer required, it will be securely deleted or anonymized. Where you update your personal data, we may retain the previous version of that data for compliance and record-keeping purposes.

9. Your Rights Under the PDPL

In accordance with the Saudi Personal Data Protection Law, you have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to correction: request that inaccurate or incomplete data be corrected.
  • Right to erasure: request deletion of your personal data where it is no longer necessary or where processing was based on consent that you have withdrawn, subject to our legal retention obligations.
  • Right to data portability: request your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interest, including for direct marketing purposes.
  • Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us using the details in Section 12. We will respond within the timeframes prescribed by the PDPL. You also have the right to file a complaint with the Saudi National Data Management Office (NDMO) if you believe your rights have been violated.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • SSL/TLS encryption for data transmitted to and from our website and mobile application.
  • Firewalls and intrusion detection systems to protect our servers.
  • Role-based access controls ensuring only authorized personnel access personal data.
  • Regular security assessments and vulnerability testing.
  • Secure storage practices for data at rest.

You are responsible for keeping your account password confidential and for logging out of shared devices after each session. Please note that no method of transmission over the internet is completely secure, and we cannot guarantee absolute security of data transmitted to our Services.

In the event of a personal data breach that poses a risk to your rights and interests, we will notify you and the NDMO in accordance with the PDPL notification requirements.

11. Children's Privacy

Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a person under 18 without appropriate consent, we will take steps to delete such data promptly. If you believe we have inadvertently collected data from a minor, please contact us immediately.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

Company: Jood Technology and Trading Co

Address: Riyadh, Saudi Arabia

Email: Support@jood.sa

Phone: +966 500 181 219

We will acknowledge and respond to your inquiry within the period prescribed by applicable Saudi law.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you via email or a prominent notice on our website or mobile application before the changes take effect. The "Last Updated" date at the top of this policy will always reflect the most recent revision.

Your continued use of our Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

© Jood. All rights reserved. Registered in Saudi Arabia.