Transparency on how Minthar Holdings protects data, ensures compliance, and maintains operational integrity.
Full compliance with the Kingdom's Personal Data Protection Law — including lawful basis documentation, data subject rights mechanisms, and cross-border transfer safeguards under Article 29.
Our cybersecurity practices align with the National Cybersecurity Authority's Essential Cybersecurity Controls framework.
All public-facing content is reviewed to ensure no unauthorized securities solicitation or financial promotion under Capital Market Authority regulations.
All data in transit is encrypted using TLS 1.2+. We do not store sensitive payment data — all payment processing is handled by PCI DSS-compliant third parties.
We use Plausible Analytics — cookie-free, no IP collection, no personal data stored. No Google Analytics or advertising trackers.
Clear retention periods enforced: 24 months for inquiries, 36 months for partnership applications, 7 years for orders (regulatory), 12 months for job applications.
| Processor | Purpose | Location |
|---|---|---|
| Resend | Transactional email delivery | United States |
| Plausible Analytics | Aggregate website analytics (no PII) | European Union |
| Netlify | Website hosting and CDN | United States |
In accordance with PDPL requirements, we maintain an incident response procedure with 72-hour breach notification capability to the relevant authorities.