SM‑SOS Legal Center
The unified legal, compliance, and security framework governing the SM‑SOS Smart Maritime Operating System. This Legal Center includes our Privacy Policy, Terms of Service, Cookies Policy, Data Processing Agreement, Service Level Agreement, Security Statement, and Compliance Overview.
Privacy Policy
This Privacy Policy describes how Sadeed Arabia (“we”, “our”, “us”) collects, processes, stores, and protects personal and operational data within the SM‑SOS Smart Maritime Operating System.
1. Compliance Framework
- Saudi PDPL (Personal Data Protection Law)
- GDPR (General Data Protection Regulation)
- CCPA (California Consumer Privacy Act)
- ISO 27001 Information Security Standard
- SOC 2 Type II Controls
- NIST Cybersecurity Framework
2. Data We Collect
- Identity Data (name, email, phone, organization)
- Authentication Data (hashed passwords, MFA tokens)
- Operational Data (diagnostics, field logs, incidents, maintenance)
- Technical Data (IP, device, OS, browser, timestamps)
- Usage Analytics (feature usage, navigation patterns)
- Cookies (session, security, preferences)
3. Security Controls
- TLS 1.3 encryption
- AES‑256 encrypted storage
- Zero‑Trust Architecture
- RBAC (Role‑Based Access Control)
- MFA for internal systems
- Continuous monitoring & intrusion detection
4. User Rights
- Access, correction, deletion
- Data portability
- Withdraw consent
- Submit complaints to SDAIA
Terms of Service (TOS)
1. Acceptance of Terms
By accessing SM‑SOS, you agree to these Terms of Service and all related policies.
2. Use of the Platform
- SM‑SOS is provided for operational, diagnostic, and analytical purposes.
- Users must not misuse, reverse engineer, or disrupt platform functionality.
- Enterprise clients must ensure authorized access only.
3. Intellectual Property
All SM‑SOS modules, workflows, digital models, and system logic are proprietary to Sadeed Arabia.
4. Limitation of Liability
SM‑SOS is provided “as‑is” without warranties. Sadeed Arabia is not liable for operational misuse or third‑party integrations.
Data Processing Agreement (DPA)
1. Roles
- Controller: The client organization
- Processor: Sadeed Arabia (SM‑SOS)
2. Processor Obligations
- Process data only under documented instructions
- Implement industry‑grade security controls
- Ensure confidentiality of personnel
- Support audits and compliance checks
3. Sub‑Processors
Only ISO‑certified and PDPL‑compliant providers are used.
Service Level Agreement (SLA)
1. Uptime Commitment
99.5% monthly uptime for SM‑SOS core services.
2. Support Response Times
- Critical issues: under 2 hours
- High priority: under 6 hours
- Standard issues: under 24 hours
3. Maintenance Windows
Scheduled maintenance will be announced 48 hours in advance.
Security Statement
SM‑SOS follows a Zero‑Trust security model and implements:
- Encryption in transit & at rest
- Network segmentation
- Threat detection & SIEM monitoring
- Regular penetration testing
- Secure SDLC development practices
Compliance & Certifications
- Saudi PDPL
- GDPR
- ISO 27001
- SOC 2 Type II
- NIST CSF
- OWASP Secure Coding
Data Governance & Retention
- Operational data retained indefinitely unless deletion is requested
- User accounts retained until removal request
- System logs retained for compliance
- Backups encrypted and rotated regularly