Privacy Policy

Last updated: June 1, 2026

At Highlit, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our in-app stories platform. By using Highlit, you agree to the terms of this policy.

1. Introduction

Highlit is an in-app stories platform built for the Gulf market. This Privacy Policy applies to all users of our services, including the Highlit Dashboard, SDK integrations, and the marketing website at highlit.io.

We are committed to protecting your privacy in accordance with applicable data protection laws, including Saudi Arabia’s Personal Data Protection Law (PDPL) and the data protection regulations of other GCC jurisdictions.

2. Information We Collect

We collect information in three ways: information you provide directly, information collected automatically through our SDK and dashboard, and information from third-party sources.

When you create a Highlit account or contact us, we may collect your name, email address, phone number, company information, billing details, account credentials, and any communications you send to our support or sales teams.

We automatically collect information about how you and your end-users interact with Highlit, including story impressions, taps, completion rates, engagement metrics, device and browser information, IP address and approximate geographic location, referrer URLs, and timestamps.

Highlit uses cookies and similar tracking technologies on our dashboard and marketing website to enhance functionality, analyze usage, and personalize content. You can control cookies through your browser settings. Our SDK does not use cookies on your customers’ devices — it relies on platform-native identifiers as permitted by the relevant operating system’s privacy framework.

3. How We Use Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our services, including SDK functionality, analytics dashboards, and customer support
  • To process transactions, manage subscriptions, and send billing-related communications
  • To communicate with you about product updates, security advisories, and other service-related matters
  • To analyze platform performance, troubleshoot issues, and develop new features
  • To comply with legal obligations and protect our rights and the rights of our customers

4. Sharing & Disclosure

We do not sell your personal data. We share information only in limited circumstances:

  • With service providers who help us operate our platform (cloud hosting, payment processing, customer support), under strict data protection agreements
  • When required by law or to respond to lawful requests from public authorities
  • In connection with a business transfer (merger, acquisition, or sale of assets), where we will notify affected users
  • With your explicit consent, for any other purpose disclosed at the time of collection

5. Your Rights

Under PDPL and other applicable laws, you have the following rights with respect to your personal data:

To exercise any of these rights, contact us at privacy@highlit.io. We will respond within 30 days.

  • Right to access — Request a copy of the personal data we hold about you
  • Right to correction — Request that we update inaccurate or incomplete data
  • Right to erasure — Request that we delete your personal data (subject to legal retention requirements)
  • Right to object — Object to certain processing activities
  • Right to portability — Receive your data in a structured, machine-readable format
  • Right to withdraw consent — Withdraw consent for processing based on consent

6. Data Security & PDPL

We implement industry-standard security measures to protect your data, including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, and regular security audits. While we strive to protect your data, no method of transmission or storage is completely secure. We continuously monitor for vulnerabilities and update our practices accordingly.

Highlit complies with Saudi Arabia’s Personal Data Protection Law (PDPL) issued by Royal Decree M/19 of 2021 and amended in 2023. We have appointed a Data Protection Officer to oversee our compliance program. For PDPL-specific inquiries, contact our DPO at dpo@highlit.io.

We maintain records of processing activities, conduct privacy impact assessments for new features, and report data breaches to the relevant authorities and affected individuals as required by law.

7. Retention & Transfers

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Account data is retained for the duration of your subscription and for up to 90 days after termination, after which it is securely deleted unless legal retention obligations apply. Analytics and usage data are retained in aggregated form for service improvement.

Highlit’s primary data infrastructure is hosted in the Gulf region (KSA and UAE) to comply with regional data residency requirements. Where data is transferred outside the Gulf for specific service functions (e.g., global CDN delivery), we use appropriate safeguards including standard contractual clauses and ensure the destination provides an adequate level of data protection.

Highlit is a B2B service and is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will take steps to delete that information.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (for registered users) and post a notice on this page with the updated date at the top.

8. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

General privacy inquiries: privacy@highlit.io

Data Protection Officer (PDPL matters): dpo@highlit.io

Privacy Policy | Highlit — PDPL-Compliant Data Protection