Data Retention & Deletion Policy — Saudi Tradex

Effective date: May 18, 2026

1. Purpose

This policy explains how Saudi Tradex retains, archives, deletes, destroys, anonymizes, or restricts data.

2. Retention principles

We retain data only as needed for:

• platform operations;
• account management;
• RFQs, quotes, orders, invoices;
• supplier verification;
• disputes and reports;
• fraud/security prevention;
• audit logs;
• legal, accounting, regulatory, and contractual obligations.

3. Account closure

When a user self-closes an account:

• the account is marked closed/inactive;
• active email/phone identifiers may be released;
• original contact identifiers may be archived internally;
• sessions are invalidated;
• the account is terminal and may not be reactivated;
• related RFQs/orders/invoices/messages/audit logs may remain.

4. Admin deactivation

Admin-deactivated accounts may be reactivated where permitted, unless the account was self-closed.

5. Deletion requests

Users may request deletion/destruction of personal data. Saudi Tradex will assess the request against:

• legal retention obligations;
• ongoing disputes/orders/invoices;
• audit/security/fraud needs;
• technical feasibility;
• third-party processor retention constraints.

6. Archived identifiers

Archived identifiers are for internal audit/support/legal traceability and are not shown publicly.

7. Backups

Deleted or changed data may remain in encrypted or protected backups until backup rotation/expiry, unless immediate deletion is technically and legally required.

8. Retention schedule draft

Final periods must be confirmed by legal/accounting review.

Contact: [email protected]