← Home
Data Protection PDPL Compliant

Privacy Policy — OneCare

We are committed to protecting your privacy and personal data in accordance with the highest international standards and Saudi Arabia's Personal Data Protection Law (PDPL).

Effective Date: February 1, 2026
Jurisdiction: Saudi Arabia
Compliance: PDPL + ISO 27001

1) Overview

OneCare respects your privacy and is committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information when using:

  • OneCare App (iOS and Android)
  • Our website onecare.sa and official platforms
  • OneCare devices (wearable, scale, measurement tape)
  • Our support and notification services
Our Core Principle: We collect only necessary data to provide our service, handle it with the highest confidentiality and security standards, and never sell it to third parties.

2) Data We Collect

A) Account Information (Required)

When you create an account, you provide:

  • Full name and email address
  • Phone number (optional)
  • Geographic location (if permitted)
  • Password (encrypted)

B) Device and Health Readings (As You Use Our Service)

  • Wearable data: heart rate, steps, activity, sleep quality
  • Scale data: weight, BMI, body fat percentage, water percentage
  • Tape measurements: body circumferences
  • Health goals and progress tracking

C) Usage and Activity Data

  • Login history and app access times
  • Devices and applications used
  • Feature preferences and usage patterns
  • Support messages and inquiries

D) Technical Data

  • Your IP address
  • Browser type and operating system
  • Unique device identifier
  • Click and interaction logs
Note: We don't directly request sensitive medical data, but device readings may indicate health information. We recommend consulting healthcare professionals for any medical decisions.

3) How We Use Your Data

Primary Purposes:

  • Service Delivery: Creating your account, syncing devices, displaying readings and reports
  • Performance Improvement: Understanding user needs, enhancing reading accuracy
  • Communication: Sending updates, notifications (if you consent), and support
  • Security & Compliance: Preventing harmful activities, complying with regulations
  • Analytics & Research: Analyzing anonymized data to improve our product

We Do NOT Use Data For:

  • Selling to third parties for marketing purposes
  • Credit assessment or lending (without explicit consent)
  • Official medical reporting (data is for personal monitoring only)

4) Sharing Your Data with Third Parties

We share data only in the following cases:

A) Service Providers (Data Processors):

  • Hosting & Storage: Amazon Web Services, Microsoft Azure
  • Payment Processing: Local and international payment gateways (Amazon Pay, STC Pay, etc.)
  • Email Services: SendGrid, Mailgun
  • Analytics: Google Analytics (with privacy protections)
  • Support Platforms: Ticketing and support management systems

All service providers are bound by Data Processing Agreements (DPA) to protect your data.

B) Legal Requirements:

  • When requested by local authorities (Ministry of Interior, regulatory bodies)
  • To prevent illegal or harmful activities
  • To protect OneCare's rights and other users' rights

C) Integrations (With Your Consent):

  • Third-party fitness apps (e.g., Google Fit, Apple Health)
  • Health and wellness applications (may require additional consent)

5) Data Storage & Security

Storage Location:

  • Middle East Region: Most data is stored in the Middle East and North Africa (MENA) region in compliance with PDPL requirements.
  • Backups: Limited backups may be maintained outside the region for business continuity purposes.

Security Standards:

  • Encryption: Data in transit (TLS 1.3) and at rest (AES-256)
  • Authentication: Encrypted passwords (bcrypt), multi-factor authentication available
  • Access Control: Only authorized personnel with limited and monitored access
  • Monitoring: Detailed audit logs and activity tracking
  • Testing: Regular penetration tests and security audits
Compliance Certifications
• Full compliance with Saudi Arabia's Personal Data Protection Law (PDPL)
• International security standards (ISO 27001 in progress)
• Regular independent security audits

6) Data Retention Period

  • Account Data: As long as account is active, then 30 days after deletion/closure
  • Health Readings: Retained while you use the service, with option to delete completely
  • Login Records: Last 90 days
  • Support & Messages: 12 months after resolution (or as legally required)
  • System Logs: 30 days (for security and audit purposes)
  • Anonymized Data: May be retained indefinitely for analytics and research

Your Right to Deletion: You can request data deletion at any time. We will delete it from active systems within 30 days (may take longer due to technical and legal requirements).

7) Your Rights Under PDPL

You have the following rights (according to Saudi PDPL):

1. Right of Access
Request a copy of your personal data by contacting: privacy@onecare.sa
2. Right to Correction
Correct inaccurate or outdated information (you can often update directly in the app)
3. Right to Deletion ("Right to be Forgotten")
Request deletion of your data (subject to legal and technical obligations)
4. Right to Withdraw Consent
If you gave us consent, you can withdraw it at any time (this doesn't affect lawful processing before withdrawal)
5. Right to Object
Object to specific data processing (e.g., marketing emails)
6. Right to Data Portability
Receive your data in a portable format (e.g., CSV) and transfer to another service

How to Exercise Your Rights:

Send a written request (via email) including:

  • Specify which right you wish to exercise
  • Verification details (email, account number)
  • Help us locate your data accurately

Timeline: We typically respond within 30 days. Complex cases may extend to 60 days.

8) Cookies & Tracking

How We Use Cookies:

We use secure cookies for:

  • Session management (so you don't repeatedly log in)
  • Improving experience (remembering your preferences)
  • Security (preventing unauthorized access)
  • Analytics (understanding how you use our site)

Types of Cookies:

  • Essential: Required for login and security (cannot be disabled)
  • Analytics: Understanding usage (can be disabled)
  • Marketing: Targeted advertisements (can be rejected)

Your Options:

  • You can manage cookies through your browser settings
  • In the app, you can disable analytics from settings
  • Disabling certain essential cookies may reduce functionality

9) Changes to This Policy

We may update this policy from time to time to reflect technological or legislative developments. When we do:

  • We will post the changes on this page
  • We will email active users about major changes
  • We will request your consent if changes significantly affect your rights

Last Updated: February 1, 2026

10) Contact & Complaints

Privacy Questions or Requests:

Privacy Team
Email: privacy@onecare.sa
Phone: +966506434271
Hours: Saturday - Thursday, 9:00 AM - 6:00 PM (Saudi Time)

Filing a Complaint:

If you believe we have not complied with your PDPL rights, you can:

  • Contact our Privacy Team first for clarification
  • File a complaint with the relevant data protection authority

Company Information:

OneCare
Commercial Registration: 1010735143
Location: Riyadh, Saudi Arabia
General Email: info@onecare.sa