Privacy Policy
آخر تحديث · 2026-06-17
Preamble
At Sarhny, privacy isn't a marketing slogan — it's an architectural constraint built into the system. This page explains, in plain language rather than ambiguous legalese, what data we touch, why, how long we keep it, how we protect it, and what rights are guaranteed to you under Saudi Arabia's Personal Data Protection Law (PDPL) and the EU's General Data Protection Regulation (GDPR). The philosophical foundation: the platform cannot technically reveal the identity of an anonymous message sender to the account holder — not by a revocable promise, but through a data structure that never stores the link in the first place.
1. What data we collect
a. Account data: display name, email address, username, password (hashed via bcrypt — we never see it), profile picture if you uploaded one, voluntarily declared country. b. Content you publish: text posts, images, voice notes, your answers to anonymous messages, mirror questions, comments, likes. c. Necessary technical data: IP address (hashed to SHA-256 with a salt key that can't be reversed), device kind and OS, app version, geographic time zone from the Cloudflare-IPCountry header, language code from your browser. d. What we DON'T collect: we don't track your precise GPS location, we don't use browser fingerprinting, we don't read your contacts, we don't share your data with advertising networks.
2. How we protect anonymous sender identity
When someone sends an anonymous message via your link: · Their username is not linked to the message in the recipient's table · The sender's original IP is immediately hashed via SHA-256 with a secret salt key, and the original value is destroyed — never logged anywhere · The resulting hash is mathematically insufficient to recover the original IP, but sufficient to block the same sender from sending 200 messages in a minute · The recipient cannot, nor can any Sarhny employee, nor any engineer, query "who is this sender?" — the architecture does not permit it. This is the fundamental difference between us and anonymous messaging platforms being sued for hiding their technical capability to deanonymize: we have a mathematical constraint, not a marketing promise.
3. When we disclose trace data
As a general rule: we don't. The three exceptions: 1. Documented legal request from a competent judicial authority in Saudi Arabia, via a fully-formed digital search warrant. 2. Protecting someone's safety: a death threat, a threat to harm a minor, an imminent suicide risk. In these cases we cooperate with authorities within the narrowest bounds. 3. Defending ourselves legally: if we face a direct lawsuit as platform operator, we have the right to present the data we hold (which is limited by design) in self-defense. In every disclosure case, we keep a transparent log made available to the affected user once any legal gag expires — what is known as a Warrant Canary policy.
4. Retention period for each data type
Account data: throughout your activity on the platform + 30 days after a deletion request (recovery window in case of regret). Published content: crystallized content stays forever (the crystallization philosophy). Content that decays after 24 hours is physically deleted from our databases, not merely hidden. Trace data (IP hash + sessions): 90 days then automatically purged by a nightly cron job. Security activity logs (suspicious login attempts, reports): 180 days then purged. Statistical analytics (aggregate non-identifying numbers): permanent, but fully anonymized. AI logs (Personality feature inputs/outputs): not retained after generation. The model does not train on your data.
5. Your rights under Saudi PDPL and GDPR
Regardless of where you reside, you have all of the following rights free of charge: · Right of access: request a complete copy of all data we hold about you (delivered within 30 days as a JSON file). · Right to rectification: correct any inaccurate data from your account settings directly, or via request to privacy@sarhny.com. · Right to erasure ("right to be forgotten"): delete your account and all its content immediately from account settings, completed within 30 days at most. · Right to data portability: portable JSON file containing your account, crystallized posts, and mirror questions. · Right to object to processing: in limited cases (e.g., targeted advertising — though we don't practice it). · Right to lodge a complaint: with the Saudi Data and AI Authority (SDAIA) if you reside in Saudi Arabia, or with any national data protection authority in EU countries. Contact to exercise these rights: privacy@sarhny.com (response within 30 days maximum).
6. Cookies and local storage
We use only one cookie — a functional necessity, not a tracking tool: · sarhny_refresh — keeps you signed in between visits. Properties: HttpOnly (JavaScript can't read it), Secure (only sent over HTTPS), SameSite=Lax (not sent to other sites), one-year lifetime. · Local storage: your language preference, dark mode, last filter used. Not transmitted to our servers. · We use NO third-party cookies, NO Google Analytics, NO Facebook Pixel, NO advertising tracking script. Zero.
7. Artificial intelligence and the "Personality" feature
Sarhny offers a "Personality" feature: a personal article generated by AI from your real answers to anonymous messages you received (not from your profile or account data). When you request article generation: · We take your last 40 publicly written answers · Send them as raw text to the Gemini model with constrained instructions · Receive the suggested text and save it as a draft in your account · The text is NOT published publicly until you explicitly press "publish" · You may edit or delete the text at any time from your account settings The original text and model instructions are not used to train any model. The AI provider (Google Gemini) does not retain our inputs after the request completes per Gemini API policy. No third party may access the answers sent to the model.
8. Child safety and minor protection
Sarhny is a platform for adults 18+. Registration is not available to anyone younger. Our policy toward minors: · We immediately close any account discovered to belong to a minor, and delete all its content · We cooperate with PhotoDNA (Microsoft) to detect exploitation images · We report to the National Center for Missing and Exploited Children (NCMEC) upon discovery · We cooperate immediately with Saudi security authorities in cases of child sexual exploitation If you discover content involving a minor, report it immediately via the report button, or to safety@sarhny.com (we review within two hours).
9. Cybersecurity and data protection
Security infrastructure: · In-transit encryption: TLS 1.3 for every connection, Cloudflare certificate · At-rest encryption: database encrypted with AES-256 on disk · Database isolation: not exposed to the public internet, access only via internal service · AI keys encrypted with Fernet AES-GCM using a KEK outside the database · Password hashing via bcrypt cost=12 (we never store the password itself) · Daily encrypted backups in a separate geographic location · Open-source code review for critical sections If you discover a security vulnerability, report immediately to security@sarhny.com with a 90-day disclosure commitment, and we'll respond within 48 hours.
10. Service providers we rely on
We choose our providers on two criteria: serious security and compliance with data protection regulations. · Hosting: Contabo Cloud VPS (Germany), servers in the EU, GDPR-compliant · CDN and DDoS protection: Cloudflare · Promotional email and notifications: internal SMTP on our server (we don't route through SendGrid or Mailchimp) · Mobile push notifications: Firebase Cloud Messaging (Google) — only username and notification type reach Google, never content · AI model: Google Gemini API (does not retain our inputs) · App stores: Apple App Store, Google Play (download statistics only) We never share your data with any advertising network.
11. International data transfer
Our servers are in Germany. If you visit the site from outside the EU, your data is transmitted to Germany via encrypted connection. Germany has an adequacy decision under GDPR and adheres to the world's highest data protection standards. If you're in Saudi Arabia, the transfer to Germany is considered a "cross-border transfer" under PDPL, completed in compliance with Article 29 of the law (a provider committed to a similar or higher protection standard).
12. Policy changes
We may update this policy from time to time — for example, when adding a new feature, when legislation requires modification, or when a security development warrants documentation. Any material change: · We announce it in a clear notice at the top of the settings page for 30 days · We send it to the registered email of each user · We update the "Last updated" date at the top of this page · We retain historical versions of the policy accessible to users who request them
13. Contact and complaints
For privacy inquiries and exercising your rights: privacy@sarhny.com To report a security breach: security@sarhny.com For minor safety or emergencies: safety@sarhny.com For general legal inquiries: legal@sarhny.com Binding response time: 30 days maximum, we aim to reply within 5 business days. If you're not satisfied with our response, you may file a formal complaint with the Saudi Data and AI Authority (SDAIA) at sdaia.gov.sa.