Terms of Service

Acceptance
Definitions
License Grant
Restrictions
Support & Updates
Personal Data Protection
User Obligations
Data Processing
Security
Warranty & Disclaimer
Limitation of Liability
Termination
Governing Law
Contact Us

1. Acceptance

By using the XiKey business management system ("Software"), you agree to be bound by these terms. If you are using the Software on behalf of a company, you represent that you have the authority to bind that company to these terms. These terms are subject to the Personal Data Protection Law (PDPL) issued by Royal Decree No. M/19.

2. Definitions

"Software": XiKey business management system including all components (POS, Inventory Management, Accounting, Branch Manager)
"Licensee": The person or entity that purchased a license to use the Software
"Personal Data": Any data relating to an identified or identifiable natural person as defined by the PDPL
"Controller": The entity that determines the purposes and means of personal data processing
"Processor": The entity that processes personal data on behalf of the Controller

3. License Grant

XiKey grants you a perpetual, non-exclusive, non-transferable license to use the Software according to your purchased plan. The license includes:

Right to install and use on licensed devices
Access to updates during the support period
Technical support according to plan level

4. Restrictions

You may not:

Copy or distribute the Software to third parties
Modify, decompile, or reverse-engineer the Software
Use the Software on more devices than licensed
Remove or alter copyright notices
Use the Software in violation of the PDPL or any Saudi regulations

5. Support & Updates

The annual support subscription (optional after the first year) includes:

Security updates and bug fixes
ZATCA e-invoicing compliance updates
PDPL compliance updates
Technical support via email or phone according to your plan

6. Personal Data Protection (PDPL)

Supervisory Authority: Saudi Data & Artificial Intelligence Authority (SDAIA)

Applicable Law: Personal Data Protection Law - Royal Decree No. M/19

Both parties commit to the provisions of the Personal Data Protection Law (PDPL) and its Implementing Regulations. Obligations include:

Processing personal data based on valid legal grounds (Article 5)
Obtaining explicit consent where required (Article 6)
Adhering to data minimization and purpose limitation principles
Ensuring data subject rights (Articles 4, 14-19)
Reporting data breaches to SDAIA within 72 hours (Article 20)
Not transferring data outside the Kingdom except per Article 29 conditions

For more details on our data protection practices, please refer to our Privacy & Personal Data Protection Policy.

7. User Data Protection Obligations

As a user of XiKey and controller of personal data stored in the system, you are obligated to:

Comply with the PDPL when processing customer and employee data
Obtain necessary consents before collecting personal data
Use built-in security features (RBAC, encryption, audit trail)
Appoint a Data Protection Officer if required by regulations
Notify XiKey and SDAIA immediately upon discovering any data breach
Maintain the security of access credentials (usernames and passwords)
Not store personal data unnecessary for business purposes

8. Data Processing

XiKey operates on-premise on your servers. This means:

You Are the Controller

You are the controller of all personal data stored in the XiKey system on your servers. You bear responsibility for PDPL compliance regarding this data.

XiKey as Processor

When providing technical support, we may access your data as a processor. We commit to processing data only per your instructions and for support purposes only.

Data Stays Local

All transaction, customer, and employee data is stored exclusively on your servers within the Kingdom of Saudi Arabia.

9. Security

XiKey provides built-in security features to help you comply with the PDPL:

Multi-level Role-Based Access Control (RBAC)
Complete audit trail for all operations and changes
Encryption of stored and transmitted data
User session management with automatic locking
Automatic data backup

10. Warranty & Disclaimer

The Software is provided "as is" with a limited 90-day warranty from the date of purchase covering material programming defects only. We do not guarantee that the Software will be completely error-free.

While the Software includes features to support ZATCA and PDPL compliance, the Licensee bears ultimate responsibility for ensuring full compliance with applicable regulations.

11. Limitation of Liability

In no event shall XiKey's liability exceed the amount paid for the license. We are not liable for:

Any indirect, incidental, or consequential damages
Data loss resulting from system misuse or backup neglect
Fines or penalties resulting from the Licensee's non-compliance with PDPL or ZATCA regulations
Data breaches resulting from factors outside our control

12. Termination

We may terminate your license in the following cases:

Violation of these terms
Using the Software in violation of applicable regulations
Non-payment of license or renewal fees

Upon termination:

You must cease using the Software and delete all copies
Your data stored on your servers remains under your full control
We delete any of your personal data we hold within 30 days per our data retention policy

13. Governing Law

These terms are governed by the laws of the Kingdom of Saudi Arabia, including:

Personal Data Protection Law (PDPL) - Royal Decree No. M/19
Electronic Transactions Law
Anti-Cyber Crime Law
ZATCA regulations

Any disputes shall be referred to the competent courts in Jeddah, Kingdom of Saudi Arabia.

14. Contact Us

For any questions about these terms or data protection:

Legal Department: [email protected]

Data Protection Officer: [email protected]

Privacy Policy: Full Privacy Policy