Privacy Policy

BetterCloudz ("we," "our," or "us") is committed to protecting your privacy and complying with applicable data protection laws, including the Kingdom of Saudi Arabia Personal Data Protection Law (PDPL), UAE PDPL, and other Gulf Cooperation Council (GCC) regulations. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website bettercloudz.com and use our Acronis Cyber Protection services.

Company Information:

BetterCloudz (السحابة الأفضل)

Authorized Acronis Partner

Website: bettercloudz.com

1. Information We Collect

1.1 Business Contact Information

We collect business-related personal information that you voluntarily provide when you:

  • Request a demo, consultation, or free trial
  • Submit a contact form or inquiry
  • Place an order for our cyber protection services
  • Create a service account
  • Subscribe to our business communications
  • Communicate with us via email, phone, or WhatsApp Business
  • Attend our events, webinars, or training sessions

This information may include:

  • Full name and professional title
  • Business email address
  • Business phone number (mobile and office)
  • Company name and industry sector
  • Job title and department
  • Company size and IT infrastructure details
  • Business requirements, preferences, and technical specifications
  • Billing and payment information

Note: We primarily process business contact information for B2B purposes. We do not intentionally collect sensitive personal data as defined under Saudi PDPL (such as health data, biometric data, or personal identification numbers) unless explicitly required for service delivery and with your express consent.

1.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device and browsing behavior, including:

  • IP address
  • Browser type and version
  • Operating system
  • Referring website URLs
  • Pages viewed and time spent on pages
  • Click patterns and navigation paths
  • Geographic location (country/city level)

1.3 Service Usage Data

When you use our cyber protection services, we collect:

  • Backup and recovery activity logs
  • System performance metrics
  • Security incident and threat detection data
  • Service configuration and settings
  • Support ticket information and communications

1.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. In compliance with Saudi PDPL and CITC regulations, we obtain your consent before placing non-essential cookies:

  • Essential Cookies: Required for website functionality, security, and authentication (no consent required)
  • Google Analytics (GA4): Analytics to understand visitor behavior, page views, session duration, and demographics (requires consent)
  • Google Ads: Conversion tracking to measure advertising effectiveness (requires consent)
  • Google reCAPTCHA: Protection against spam and automated abuse
  • Cloudflare: Security services, performance optimization, and DDoS protection

You can manage your cookie preferences through our cookie consent banner or your browser settings. Note that disabling certain cookies may affect website functionality.

2. How We Use Your Information

In accordance with Saudi PDPL Article 5 (Purpose Limitation), we process your personal data only for specific, explicit, and legitimate purposes:

2.1 Service Delivery and Operations

  • Provide, operate, and maintain our Acronis Cyber Protection services
  • Process demo requests, trials, and service provisioning
  • Deliver backup, recovery, and cybersecurity services
  • Monitor system performance and service availability
  • Provide technical support and troubleshooting

2.2 Customer Communications

  • Respond to your inquiries and requests
  • Send service-related notifications and updates
  • Provide security alerts and system notifications
  • Deliver training and onboarding materials
  • Process customer support tickets

2.3 Business Operations

  • Process orders, invoices, and payment transactions
  • Manage accounts and subscriptions
  • Conduct business analysis and improve services
  • Analyze website traffic and usage patterns
  • Detect, prevent, and address security threats and fraud

2.4 Marketing and Business Development (Consent-Based)

  • Send marketing communications about our services (with your explicit consent)
  • Provide information about new features and offerings
  • Invite you to events, webinars, and training sessions
  • Conduct customer satisfaction surveys

Note: You can withdraw consent for marketing communications at any time by clicking the unsubscribe link in our emails or contacting us at [email protected].

2.5 Legal and Regulatory Compliance

  • Comply with Saudi Arabian laws and CITC regulations
  • Respond to lawful requests from authorities
  • Enforce our terms of service and policies
  • Protect our legal rights and interests

3. Legal Basis for Processing

Under Saudi PDPL, UAE PDPL, and international data protection standards, we process your personal data based on the following legal grounds:

3.1 For Saudi Arabia and GCC Residents

  • Contractual Necessity: Processing necessary to fulfill our service agreement with you or your organization
  • Consent: You have provided explicit, informed consent for specific processing activities (e.g., marketing communications)
  • Legitimate Business Interests: Processing necessary for our legitimate business operations, provided your rights and interests are not overridden
  • Legal Obligation: Processing required to comply with Saudi law, CITC regulations, or other applicable legal requirements
  • Vital Interests: Processing necessary to protect life or physical safety (in exceptional circumstances)

3.2 For Other Jurisdictions

For individuals in the EU/EEA, UK, or other jurisdictions with similar regulations, we comply with GDPR and equivalent data protection frameworks using the same legal bases outlined above.

4. How We Share Your Information

In accordance with Saudi PDPL principles of data minimization and purpose limitation, we do not sell, rent, or trade your personal information. We only share data with trusted third parties as described below:

4.1 Technology and Service Partners

  • Acronis International GmbH: Our authorized technology partner providing backup and cyber protection infrastructure. Data is shared to deliver core services.
  • Cloudflare Inc.: Website security, DDoS protection, and performance optimization services
  • Google LLC: Analytics, advertising measurement, and spam protection (Google Analytics, Google Ads, reCAPTCHA)
  • Payment Processors: Secure processing of billing and payment transactions
  • Email Service Providers: Delivery of business communications and service notifications

All service providers are contractually bound to protect your data and use it only for specified purposes.

4.2 Legal and Regulatory Requirements

We may disclose your information when required by law or to comply with legal processes, including:

  • Responding to valid court orders, subpoenas, or legal requests from Saudi Arabian authorities or other competent jurisdictions
  • Complying with CITC (Communications and Information Technology Commission) regulations and investigations
  • Protecting our legal rights, property, and safety or that of our users
  • Preventing, detecting, or investigating fraud, security breaches, or illegal activities
  • Enforcing our Terms of Service and other agreements

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the successor entity. We will notify you via email and/or website notice before your data is transferred and becomes subject to different privacy practices.

4.4 With Your Consent

We may share your information for purposes not described in this policy with your explicit consent or at your direction.

5. International Data Transfers

Cross-Border Data Transfer Notice (Saudi PDPL Compliance):

5.1 Transfer Mechanisms

As a provider of cloud-based services, your personal data may be transferred to and processed in countries outside the Kingdom of Saudi Arabia, including the United States, European Union member states, and other jurisdictions where our service providers operate.

5.2 Safeguards for International Transfers

When transferring personal data internationally, we implement appropriate safeguards in compliance with Saudi PDPL Article 22:

  • Adequacy Decisions: Transfers to countries recognized by Saudi authorities as providing adequate data protection
  • Standard Contractual Clauses: Use of approved data transfer agreements with service providers
  • Binding Corporate Rules: Reliance on certified internal data protection policies of multinational service providers
  • Certification Mechanisms: Transfers under recognized privacy frameworks and certifications
  • Encryption and Security: Technical measures including encryption in transit and at rest

5.3 Your Rights Regarding International Transfers

You have the right to obtain information about the safeguards we have in place for international data transfers. Contact us at [email protected] for more details.

6. Data Retention and Deletion

In compliance with Saudi PDPL Article 9 (Storage Limitation), we retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law.

6.1 Retention Purposes

We retain your personal information to:

  • Provide ongoing services and support
  • Comply with Saudi Arabian legal, tax, and accounting requirements
  • Resolve disputes and enforce our agreements
  • Maintain business records and audit trails
  • Protect against fraud and security incidents

6.2 Retention Periods

We apply the following retention schedules:

  • Prospective Customer Data: Inquiry and demo requests retained for 3 years from last contact
  • Active Customer Account Data: Retained for duration of business relationship
  • Former Customer Data: Retained for 7 years after contract termination (Saudi commercial records requirements)
  • Financial and Tax Records: 10 years (Saudi Zakat, Tax and Customs Authority requirements)
  • Marketing Consent Records: Retained until consent is withdrawn, then archived for 1 year
  • Service Usage Logs: 12 months for operational purposes, 7 years for security incident investigation
  • Website Analytics Data: 26 months (Google Analytics default retention)
  • Support Communications: 5 years from last interaction

6.3 Secure Deletion

Upon expiration of retention periods, we securely delete or anonymize personal data using industry-standard methods to prevent reconstruction or recovery.

7. Your Privacy Rights

Data Subject Rights under Saudi PDPL and GCC Regulations:

7.1 Rights for Saudi Arabia and GCC Residents

Under the Saudi Personal Data Protection Law (PDPL) and similar GCC regulations, you have the following rights:

Right to Access (Article 14)

  • Request confirmation of whether we process your personal data
  • Obtain a copy of your personal data in an accessible format
  • Receive information about processing purposes, categories, and recipients

Right to Rectification (Article 15)

  • Request correction of inaccurate or incomplete personal data
  • Update your contact information and business details

Right to Erasure/Deletion (Article 16)

  • Request deletion of your personal data when no longer necessary
  • Have data erased if consent is withdrawn and no other legal basis exists
  • Request deletion if processing is unlawful

Note: This right may be limited by legal obligations to retain certain records (e.g., tax, commercial, or regulatory requirements).

Right to Restriction of Processing (Article 17)

  • Limit how we process your data while verifying accuracy
  • Restrict processing instead of deletion in certain circumstances

Right to Data Portability (Article 18)

  • Receive your data in a structured, commonly used, machine-readable format
  • Transmit your data to another service provider (where technically feasible)

Right to Object (Article 19)

  • Object to processing based on legitimate interests
  • Object to direct marketing at any time (we will immediately cease)
  • Object to automated decision-making and profiling

Right to Withdraw Consent (Article 13)

  • Withdraw consent at any time for consent-based processing
  • Withdrawal does not affect lawfulness of processing before withdrawal

Right to Lodge a Complaint

  • File a complaint with the Saudi Data Protection Authority (SDPA)
  • Contact relevant GCC data protection authorities in your jurisdiction

7.2 Additional Rights for All Users

  • Marketing Opt-Out: Unsubscribe from marketing emails via the link in each message or contact us directly
  • Cookie Management: Control cookie preferences through our consent banner or browser settings
  • Account Closure: Request account deletion and data removal

7.3 How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer:

  • Email: [email protected]
  • Subject Line: "Privacy Rights Request - [Your Name]"
  • Include: Your full name, contact details, and specific request

7.4 Response Timeline

We will respond to your request within:

  • Saudi PDPL: 30 days from receipt of valid request
  • Complex requests: Up to 60 days with notification of extension
  • Verification: We may request additional information to verify your identity before processing requests

7.5 No Fee for Requests

Exercising your privacy rights is free of charge. However, we may charge a reasonable fee or refuse requests that are manifestly unfounded, excessive, or repetitive.

8. Data Security Measures

In compliance with Saudi PDPL Article 12 (Security of Processing), we implement comprehensive technical and organizational security measures to protect your personal data against unauthorized access, loss, destruction, or alteration:

8.1 Technical Security Measures

  • Encryption: AES-256 encryption at rest and TLS 1.3 encryption for data in transit
  • Network Security: Firewall protection, DDoS mitigation, and intrusion detection systems via Cloudflare
  • Access Controls: Multi-factor authentication (MFA) and role-based access control (RBAC)
  • Secure Infrastructure: Acronis Cyber Protect Cloud security architecture with built-in anti-malware and ransomware protection
  • Data Backup: Regular encrypted backups with geographic redundancy
  • Vulnerability Management: Regular security assessments, penetration testing, and patch management

8.2 Organizational Security Measures

  • Employee Training: Regular data protection and security awareness training
  • Access Limitation: Restricted access to personal data on a need-to-know basis
  • Confidentiality Agreements: All employees and contractors bound by confidentiality obligations
  • Incident Response: Documented procedures for detecting, reporting, and responding to security breaches
  • Vendor Management: Security requirements for all third-party service providers

8.3 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Saudi Data Protection Authority (SDPA) within 72 hours of becoming aware of the breach
  • Inform affected data subjects without undue delay if the breach poses a high risk
  • Provide information about the nature of the breach, potential consequences, and remedial measures

8.4 Security Limitations

While we implement industry-leading security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but commit to maintaining commercially reasonable safeguards and promptly addressing any identified vulnerabilities.

9. Children's Privacy

Our B2B services are intended exclusively for businesses and professional use. We do not knowingly collect personal information from individuals under 18 years of age. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected], and we will promptly delete such information.

10. Third-Party Websites and Services

Our website may contain links to third-party websites, services, or platforms (including Acronis resources, partner sites, and social media). We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party services you access through our website.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, legal requirements, or regulatory guidance.

11.1 Notification of Changes

We will notify you of material changes through:

  • Updating the "Effective Date" at the top of this policy
  • Posting a prominent notice on our website homepage
  • Sending email notification to registered users (for significant changes)
  • In-service notifications for active customers

11.2 Consent to Changes

Your continued use of our services after the effective date of changes constitutes acceptance of the updated Privacy Policy. If you do not agree to changes, please discontinue use of our services and contact us to close your account.

11.3 Archive of Previous Versions

Previous versions of this Privacy Policy are maintained in our records and available upon request for transparency and compliance purposes.

12. Contact Information and Data Protection Officer

For any questions, concerns, requests, or complaints regarding this Privacy Policy or our data processing practices, please contact us:

BetterCloudz (السحابة الأفضل)

Data Protection Contact:

Email: [email protected]


General Business Inquiries:

Sales: [email protected]

Support: [email protected]


Website: bettercloudz.com

Response Commitment: We aim to respond to all privacy inquiries within 5 business days and will provide a full response within the timeframes required by applicable law (typically 30 days under Saudi PDPL).

13. Jurisdiction-Specific Information

13.1 Kingdom of Saudi Arabia (Primary Jurisdiction)

Applicable Law: Saudi Personal Data Protection Law (PDPL) issued by Royal Decree No. M/19 dated 9/2/1443H

Regulatory Authority: Saudi Data and Artificial Intelligence Authority (SDAIA)

Key Compliance Points:

  • We process personal data in accordance with Saudi PDPL principles of lawfulness, fairness, and transparency
  • We obtain explicit consent for marketing communications and non-essential data processing
  • We implement appropriate safeguards for cross-border data transfers as required by Article 22
  • We maintain records of processing activities as required by Article 24
  • We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing

CITC Compliance: We comply with Communications and Information Technology Commission (CITC) regulations regarding electronic communications and cybersecurity.

13.2 United Arab Emirates

Applicable Law: UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data

UAE residents have rights under the UAE PDPL similar to those outlined in Section 7 of this policy, including rights to access, rectification, erasure, and data portability.

13.3 Other GCC Countries

For residents of Qatar, Kuwait, Bahrain, and Oman, we comply with applicable national data protection laws and regulations. Please contact us for jurisdiction-specific information.

13.4 European Union/EEA and United Kingdom

For individuals in the EU/EEA or UK, we comply with the General Data Protection Regulation (GDPR) and UK GDPR. You have the rights outlined in Section 7, and you may lodge complaints with your national supervisory authority.

13.5 Other International Jurisdictions

We respect privacy rights under applicable laws in all jurisdictions where we operate or provide services.