Last updated:
1. Who we are
Modir (“Modir”, “we”, “us”) is the controller of personal data collected through this website. Our headquarters are in Riyadh, Saudi Arabia, with offices in Dubai, Tehran, London, and New York. For data-protection inquiries, write to privacy@modir.org. Our European representative under GDPR Article 27 is identified at eu-rep@modir.org.
2. Scope
This notice describes how we process personal data when you visit this website, contact us, request a demo, or download our brochure. It does not describe how Modir Wealth OS processes your end-customer data — that is governed by the data-processing agreement (DPA) between Modir and the contracting institution.
3. What we collect
When you contact us through this website, we collect: your name, work email, company, role (optional), area of interest, and the message you submit. When you download materials, we collect those same fields plus the materials downloaded. When you visit any page on this site, our hosting provider records your IP address, the URL requested, the referrer, and the user-agent. We do not run third-party advertising trackers.
4. Why we collect it
We process your contact information to respond to your request (legitimate interest in commercial communication where you initiated the contact). We process server logs for security, abuse detection, and operational reliability (legitimate interest). We do not process your personal data for advertising or for sale to third parties. We do not use automated decision-making in any way that produces legal or similarly significant effects on you.
5. How long we keep it
Inbound contact-form submissions are retained for thirty-six months from receipt and are then deleted unless a commercial relationship has begun, in which case the retention term in our standard customer agreement applies. Server logs are retained for ninety days hot and one year cold. Marketing analytics data, where collected, is retained for twenty-six months.
6. Who we share it with
We share personal data with our infrastructure providers (cloud hosting, email delivery, monitoring). Each provider is bound by a data-processing agreement and is selected for compliance with our governing jurisdictions. We do not sell personal data. We do not share personal data with advertising networks. Where we use sub-processors, the current list is available at wealthos.modir.org/sub-processors (placeholder URL).
7. Where we process it
By default, marketing-website data is processed in the European Union (Frankfurt). Customer-tenant data within Modir Wealth OS is region-pinned per tenant — KSA stays in KSA, EU stays in EU, US stays in US, and Iran is on-premise. We do not transfer customer-tenant data across jurisdictions without explicit, written customer instruction.
8. Your rights
Depending on your jurisdiction, you may have the right to access, rectify, or delete the personal data we hold about you; the right to restrict or object to processing; the right to data portability; and the right to lodge a complaint with a supervisory authority. To exercise any of these rights, write to privacy@modir.org. We will respond within thirty days, or such shorter period as your governing law requires.
9. Cookies
This site uses strictly necessary cookies only — no analytics, no advertising, no third-party tracking. See the Cookies notice for the complete list.
10. Children
This website is intended for business audiences. We do not knowingly collect personal data from children. If you believe a child has submitted personal data through this site, write to privacy@modir.org and we will delete it promptly.
11. Security
We protect personal data with technical and organizational measures aligned with ISO 27001 and SOC 2 Type II controls (both in progress; we do not claim certification at this time). Specific commitments include encryption in transit (TLS 1.2+), encryption at rest, role-based access controls, and incident response procedures. Suspected security issues should be reported to security@modir.org.
12. Changes to this notice
We may update this notice as our practices evolve. The “last updated” date at the top reflects the most recent change. Material changes are notified via the email on file (where we have one) or via a banner on this site for thirty days following the change.
13. Jurisdictional addenda
EU / UK (GDPR). The legal bases identified above (legitimate interest, contractual necessity, consent where applicable) apply per Article 6. We do not rely on Article 9 special-category data through this site. International transfers, where applicable, use the EU Standard Contractual Clauses with supplementary measures.
KSA (PDPL). Data subjects in the Kingdom of Saudi Arabia may exercise their rights under the Personal Data Protection Law and its executive regulations, including the right to access, correction, and erasure. Cross-border transfers occur only with explicit written consent.
UAE (PDPL). Data subjects in the UAE may exercise rights under Federal Decree-Law No. 45 of 2021. Our UAE establishment in DIFC operates under the DIFC Data Protection Law for activities conducted within the centre.
US (state laws). California residents have rights under CCPA/CPRA including the right to know, delete, correct, and opt out of “sale” or “sharing” (we do not sell or share personal information). Virginia, Colorado, Connecticut, and Utah residents have analogous rights under their respective laws.
Iran. For deployments in the Islamic Republic of Iran, customer-tenant data is processed exclusively on-premise within customer infrastructure; this notice covers only marketing-website interactions.
14. Contact
For all privacy inquiries: privacy@modir.org. Postal address: Modir, Tower 4, KAFD, Riyadh 13519, Saudi Arabia.