Data Protection and Security Policy

QUICKTECH Comprehensive Policy Overview

1. Introduction

QUICKTECH is a leading cloud-based e-learning platform, designed to provide robust educational solutions while ensuring the protection of personal data and adherence to Saudi regulations. Our platform is built to comply with the National E-Learning Center (NELC) and Saudi Data and Artificial Intelligence Authority (SDAIA) standards. This policy outlines our commitment to safeguarding data, maintaining service continuity, and upholding the highest security standards.

2. Definitions

• Personal Data: Refers to any information relating to an identified or identifiable individual, including but not limited to names, contact information, educational records, and payment details.

• Confidential Data: Sensitive data that, if disclosed without authorization, could cause significant harm to individuals or QUICKTECH, including financial records and intellectual property.

• Data Controller: The entity responsible for determining the purposes and means of processing personal data within QUICKTECH.

• Data Processor: Any entity that processes data on behalf of the Data Controller.

• User: Any individual who interacts with the QUICKTECH platform, including students, instructors, administrators, and support staff.

3. Personal Data Protection Policy

QUICKTECH strictly adheres to the Personal Data Protection Law (PDPL) of Saudi Arabia, implementing comprehensive measures to protect personal data:

• Data Collection: Personal data is collected only for specified, lawful purposes and limited to what is necessary.

• Data Retention: Personal data is retained only as long as necessary. Regular audits ensure accuracy and completeness.

• User Rights: Users can access, correct, or delete their personal data. QUICKTECH has a process for users to exercise these rights.

• Data Transfers: Personal data is not transferred outside Saudi Arabia unless legally required or explicitly consented to by the user, with appropriate safeguards in place.

4. Backup and Recovery Policy

QUICKTECH maintains a robust backup and disaster recovery strategy to protect data and ensure service continuity:

• Data Backups: Daily backups are performed, with 14 full backups retained for at least 3 months across multiple global data centers.

• Disaster Recovery Objectives: For paid users, RPO and RTO are 24 hours. For trial users, RTO is 48 hours.

• Hardware Failover: Hot standby replication and active monitoring ensure fast recovery from hardware failures.

5. Security and Cybersecurity Policies

QUICKTECH employs advanced security protocols:

• Network Security: All traffic is encrypted (HTTPS), with MFA for admin access and regular security assessments.

• Server Security: Protected by firewalls, IDS, patching, and restricted physical access in secure data centers.

• Web Application Security: Protection against XSS, SQL injection, etc. through regular penetration testing.

• Incident Management: Includes containment, eradication, recovery, and user communication—fully documented and reviewed.

6. Data Classification and Information Policy

QUICKTECH classifies data based on sensitivity:

• Confidential Data: Encrypted at rest and in transit, with restricted access.

• Internal Data: Accessible to authorized personnel only, stored securely.

• Public Data: Includes marketing content and publicly available resources.

7. Service Level Agreement (SLA)

QUICKTECH provides:

• Performance & Availability: 99.9% uptime; API responses and page loads within 1–3 seconds.

• Support & Incident Management: Incidents prioritized (P1 to P4) with fast resolution times—P1 resolved within 2 hours.

8. Communication Policy

QUICKTECH maintains transparent communication:

• User Support: 24/7 support for critical issues; structured ticketing and tracking.

• Notifications: Users are notified of updates, maintenance, and disruptions via email and in-app alerts.

9. Compliance and Monitoring

QUICKTECH is committed to full compliance:

• Regulatory Compliance: Adheres to PDPL and SDAIA guidelines, verified via internal audits.

• Policy Updates: Reviewed regularly and updated as needed. Users are notified of any major changes.

Newly Added Sections

10. User Content Ownership and Licensing

Users retain ownership of uploaded content. By uploading to QUICKTECH, users grant a non-exclusive, global license for operational use (e.g., content delivery, backups). This does not affect user ownership rights.

11. Content Moderation Policy

To ensure a safe learning environment:

• Guidelines: No harmful, offensive, or rights-violating content.

• Monitoring: Automated tools and manual reviews enforce policy.

• Appeals: Users may appeal removals; a dedicated team reviews all cases.

12. Third-Party Integrations and Data Sharing

QUICKTECH integrates with selected third parties:

• Data Sharing Agreements: Only with entities that follow strong data protection standards.

• Limited Access: Only essential data is shared, with no personal or payment info unless required and consented to.

13. Accessibility Compliance

QUICKTECH ensures inclusivity:

• Standards: Platform complies with WCAG standards (keyboard navigation, screen reader compatibility, etc.).

• Continuous Improvement: Feedback-driven updates ensure a better experience for users with disabilities.

14. International Data Transfers

While data is primarily localized:

• Legal Safeguards: Transfers comply with Saudi regulations and include legal protections.

• User Consent: Explicit consent is obtained when required.

• Data Localization: All personal data is stored in Saudi Arabia unless necessary and legally compliant.

15. Detailed Incident Response Plan

QUICKTECH handles incidents through:

• Containment: Immediate action to isolate threats.

• Eradication & Recovery: Root cause analysis, threat removal, data recovery.

• Communication: Affected users are informed, guided, and supported.

• Post-Incident Review: Lessons learned to improve future preparedness.

16. Policy Updates and User Notifications

• Reviews: Policy reviewed annually or upon legal/operational changes.

• User Alerts: All major updates are communicated via email and platform notifications.

• User Consent: Continued use after updates implies agreement. Users may opt out by deactivating their account.