Skip to main content
Osool360

Privacy & Confidentiality Policy

Effective date
June 12, 2026
Last updated
June 12, 2026
Version
v2.0 — Production Ready
Geographic scope
Kingdom of Saudi Arabia
System type
Internal Workforce System — Managed Access
Regulatory framework
PDPL (SDAIA) • Apple App Store • Google Play

Section 1

Osool360 is committed to protecting the data and information of authorized users. The application is an internal, unified workforce system for facility management and field assessments. It is not available for public registration or self-service account creation.

Access is granted exclusively to approved employees and inspectors through pre-provisioned, centrally managed login credentials (Managed Accounts — Email + Password), issued by the operating organization and governed by role-based access control (RBAC).

Notice: This application does not support self-registration. All accounts are created and managed centrally by the Information Technology team of the operating organization.

Section 2

A) Pre-issued Professional Identity Data

  • Full name of the inspector or consultant
  • Institutional email address assigned by the operating organization
  • Job title and access permissions granted under the assigned RBAC role

B) Field Assessment Data (Assessments & Responses)

  • Digital form responses, multi-select answers, and completion percentages
  • Technical notes and numeric ratings linked to the inspected facility

C) Media & Technical Attachments

  • Photographs and field reports submitted to document quality standards and non-conformance cases

Upload mechanism: Files are uploaded through a dedicated, separated File Upload API, stored in an isolated cloud environment, and linked to assessment records using globally unique identifiers (UUIDs) only — ensuring data isolation and preventing unauthorized access.

D) Technical & Security Data

  • IP address for security monitoring and field inspection quality assurance
  • Operating system type (Android / iOS)
  • Crash logs to improve application stability and performance

Section 3

Personal data is processed in accordance with the Saudi Personal Data Protection Law (PDPL), issued by the Saudi Data & AI Authority (SDAIA), and for the following defined operational purposes:

  • Executing operational tasks and field inspection rounds assigned to approved employees and inspectors
  • Documenting the real-time technical and engineering status of buildings and facilities (capacity, area, number of classrooms, and related attributes)
  • Compliance with contracts and internal policies of operating and beneficiary organizations, including the Ministry of Education and Tatweer Buildings Company (TBC)
  • Digital security assurance and verification of authorized use through GPS coordinate validation during assessments

Section 4

Commercial Processing Prohibition

User data is never sold, rented, or shared with any commercial or marketing entity under any circumstances.

National Cloud Hosting

All data is hosted and stored within secure cloud environments that comply with national data sovereignty requirements inside the Kingdom of Saudi Arabia.

Technical Safeguards

  • End-to-end encryption in transit via TLS / HTTPS
  • Encryption of data at rest in databases and cloud storage systems
  • Comprehensive audit logs to track field operations and system access
  • Granular RBAC — each user can access only the facilities assigned to their role

Limited Legal Sharing

Data is shared with external parties only in the following cases:

  • Officially approved beneficiary organizations (Ministry of Education, Tatweer Buildings Company — TBC) under signed operating contracts
  • Licensed cloud service providers operating within the Kingdom of Saudi Arabia
  • Judicial or government authorities when required by a binding legal order

Section 5

Because accounts are centrally managed by the operating organization, employee rights under PDPL (access, correction, and data updates) are exercised by contacting the Information Technology department directly — not through self-service modification within the application.

Data is retained while operational accounts remain active or as required by applicable contracts and regulations. Upon service termination or end of the contractual relationship, personal data is permanently and securely deleted within the legally prescribed timeframe.

Legal RightDetails & Mechanism
Right to Be InformedTo know the legal basis for data collection and how data is processed
Right of AccessTo view stored personal data and obtain a copy
Right to RectificationTo request correction of inaccurate data (job title, email address, etc.)
Right to ErasureTo request deletion when the operational purpose ends or the employment relationship ends, unless retention is required by contract

Section 6

We reserve the right to update this policy to reflect technical changes or legislative amendments issued by SDAIA and other regulatory authorities. In the event of a material change, authorized users will be notified through an in-app notice on the main interface or via their registered institutional email address.

Section 7

For technical or regulatory inquiries regarding privacy and security, or to exercise any legal rights:

  • Official email: osool@omranconsult.com
  • Support channel: Internal ticketing system / IT department of the operating organization

This document is effective as of June 12, 2026 and represents the official approved version (v2.0) for publishing the Osool360 application on the Apple App Store and Google Play, and for regulatory bodies and operating partners in the Kingdom of Saudi Arabia.