Privacy Policy
Last updated: June 1, 2026
At Golden Card, we are committed to protecting your personal data in accordance with the Saudi Personal Data Protection Law (PDPL) and international best practices. This policy explains what data we collect, how we use it, who we share it with, and your rights regarding it.
1. Information We Collect
We collect: (a) basic identity data — name, email address, mobile number; (b) delivery data — national shipping address; (c) order data — selected products, payment method, order date; (d) technical data — IP address, browser and device type, session cookies. We do not collect passwords — our sign-in system is based on a one-time code sent to your email.
2. How We Use Data
We use your data only for: (a) fulfilling your order and delivering the SIM; (b) sending order confirmations, invoices, and status notifications; (c) verifying your identity at SIM activation in partnership with Nafath; (d) improving our service and analyzing anonymized usage patterns; (e) responding to your inquiries and providing support. We do not use your data for marketing without your explicit opt-in.
3. Third Parties
We never sell your data. We share it with: (a) the selected telecom operator (STC, Mobily, Zain, etc.) to complete SIM activation; (b) couriers to deliver your order; (c) payment service providers; (d) email service providers to send verification codes and notifications; (e) official authorities only upon valid legal request (e.g., CST or judicial). All our partners are bound by PDPL requirements.
4. Cookies
We use essential cookies to operate the site (session, cart, preferred language) which do not require your consent. We do not currently use third-party advertising cookies. You can manage cookies from your browser settings.
5. Security
We apply technical and organizational security controls to protect your data: TLS encryption on all traffic, secure hashing of all login codes (SHA-256), session storage in HttpOnly + SameSite cookies, and rate-limiting of failed sign-in attempts to prevent automated attacks. However, no method of transmission or storage over the internet is 100% secure in theory.
6. Your Rights
Under the Saudi PDPL, you have the right to: (a) know what data we hold about you; (b) request correction of any inaccurate data; (c) request deletion of your data unless this conflicts with a legal obligation (e.g., tax invoices); (d) withdraw your consent to processing at any time; (e) file a complaint with the Saudi Data & AI Authority (SDAIA) if you believe your rights have been violated.
7. Retention
We retain your data for the period required to fulfill the order and meet Saudi tax requirements (10 years for invoices). You may request deletion of your account and non-legally-required data at any time via the customer support page.
8. Children
The Store does not target children under 18, and we do not knowingly collect their data. If we discover that data from a minor has been inadvertently collected, we will delete it immediately. Parents are asked to report via the support page.
9. Contact
For any inquiry about this policy or to exercise your rights, reach us via the support page on the Store, by email at support@goldencard.tech, or visit our branches in Dammam.
10. Changes
We may update this policy from time to time. The "last updated" date will appear at the top. We recommend reviewing it periodically. Material changes will be announced via an in-store notice and/or an email to registered users.