Compliance & Governance

Our commitment to Saudi regulatory frameworks in data protection, cybersecurity, and intellectual property

SDAIA — Personal Data Protection Law (PDPL)

JSA Craziness complies with the Personal Data Protection Law (PDPL) issued by the Saudi Data & AI Authority (SDAIA):

  • Explicit Consent: We obtain clear, specific consent before collecting or processing any personal data.
  • Data Minimization: We collect only data necessary to deliver the requested service.
  • Transparency: We provide clear notices about how data is used and processed.
  • Data Subject Rights: We support rights of access, rectification, erasure, and data portability.
  • Data Localization: We strive to store personal data within Saudi Arabia.
  • Data Protection Officer: A DPO registered with the National Data Governance Platform has been appointed.
  • Impact Assessment: We conduct Data Protection Impact Assessments (DPIA) for high-risk processing.

National Cybersecurity Authority (NCA)

We comply with controls and standards issued by the National Cybersecurity Authority:

Encryption

TLS 1.3 encryption for all data in transit, AES-256 encryption for stored data.

Access Management

Multi-factor authentication (MFA), principle of least privilege, periodic access reviews.

Penetration Testing

Quarterly penetration tests by certified parties, monthly vulnerability scanning.

Incident Response

Comprehensive response plan with NCA notification within 72 hours of any cyber incident.

Saudi Authority for Intellectual Property (SAIP)

We protect intellectual property rights in accordance with SAIP regulations:

  • Copyright: Platform source code and design are protected under the Copyright Protection Law.
  • Trademarks: "JSA Craziness" brand and logo are registered and protected.
  • Trade Secrets: Custom AI algorithms are protected as trade secrets.
  • Generated Content: We respect third-party IP rights and provide a mechanism for reporting violations.
  • Patents: Technical innovations are protected under the Patent Law.

Data Security Measures

Infrastructure

  • • Secure cloud hosting with daily backups
  • • Advanced firewalls and intrusion detection systems
  • • Network isolation and data segmentation

Applications

  • • Source code security reviews
  • • Protection against OWASP Top 10 attacks
  • • Regular security updates

Operations

  • • Comprehensive audit logs
  • • 24/7 security monitoring
  • • Employee information security training

Compliance

  • • Annual security assessments
  • • Periodic compliance reports
  • • Certified security certifications

AI Ethics

We adhere to AI ethics principles approved by SDAIA:

  • Fairness: We strive to ensure no bias in the AI models used.
  • Transparency: We explain to users how AI tools work and their limitations.
  • Accountability: We take responsibility for the performance of AI systems on the Platform.
  • Privacy: We protect user data used in training or operating models.
  • Safety: We ensure AI tools do not produce harmful or misleading content.

For compliance and governance inquiries:

[email protected]

Last reviewed: September 2024