Privacy Policy

Esnad (“we”, “our”) operates the Esnad API and related services. This policy describes how we collect, use, and protect your information when you use our services.

Information we collect

We collect information you provide when signing up (email, company name, VAT number), usage data (API requests, invoice metadata), and technical data (IP, user agent) for security and operations. We do not store your customers’ personal data beyond what is required for ZATCA-compliant invoice content (e.g. buyer name on B2B invoices).

How we use it

We use your information to provide and improve the API, process invoices, send compliance and certificate expiry alerts, and communicate with you. We use analytics (e.g. Plausible) with minimal data and optional cookie consent where required.

Data residency

Invoice data and signed XML are stored in AWS Middle East (me-south-1, me-central-1). We do not transfer your data outside the GCC for processing. See our Data Residency page for details.

Your rights

You can request access, correction, or deletion of your data by contacting privacy@esnadapi.com. We retain signed XML for 6 years per ZATCA requirements regardless of account status.