Privacy Policy


Approved on: 16th November 2021
Next scheduled review: 1st March 2022


This policy outlines Malaa’s methodology and processes to collect, process and store end user data in a consistent method across the company. Our privacy policy is aligned with the principles and standards of international standards and compliant with the KSA management and data protection framework and interim regulations issued by NDMO (the regulatory arm of SDAIA) and compliant with SAMA’s regulations and SAMA’s Cybersecurity framework.


Malaa and/or its affiliates (“Malaa”, “we”, “us” and/or “our”) currently offer a financial planner product, financial planning software and services, and may offer additional products and services in the future (“collectively, the “Services”), through Malaa’s website, (“Site”) and our mobile applications (“App”). This Privacy Policy describes how Malaa treats your personal information when you use or evaluate our Site, App and/or Services.

For the purposes of this Privacy Policy, a “User” is an individual who creates an account on our Site or App to use our free financial planning software and/or to understand or evaluate our Services. Our Privacy Policy, Terms and Conditions, collectively govern your use or evaluation of our Site, App, and Services.

Information Collection

The categories of information we collect depend on whether you are a current or a former User. Examples of instances when we collect Personal Information include:

• when you register to open an account as a User.

• when you contact our client service organization with questions, or

• when you connect your bank account(s) with us

• when you go through our Know Your Customer (KYC) process

Wherever Malaa collects Personal Information, we endeavor to provide a link to this Privacy Policy and other relevant terms.

Information we collect from users

We collect Personal Information from Users, including but not limited to:

• name, e-mail address, telephone number, zip code, Internet Protocol address, birth date;

• Income information and other financial planning associated with those accounts you choose to link to our Services, any challenge and/or security questions associated with those accounts and any information contained in those accounts Note: The section labeled “Information we collect when acting as a user’s authorized agent” provides additional details regarding how we use and protect this information alongside Malaa’s internal data operations processes in compliance with the KSA management and data protection framework and regulation.

Information we collect when acting as a user’s authorized agent

Many Malaa users choose to aggregate information from accounts at other financial institutions onto their dashboard on our Site or in our App, although you are required to do so. In enabling this functionality, retrieves the User account information maintained by such third-party financial institutions with which the User or Client has an existing customer relationship (“Account Information”), as described in this section.

By linking your accounts, you provide Malaa access to your Account Information, which may include prior and current account balances, your transaction history, and holdings from these linked financial institutions. Portions of this information will be displayed on your Malaa dashboard. Malaa may use the Account Information we receive to formulate your financial projections, in connection with our fraud prevention activities, or for other purposes consistent with this Privacy Policy and the Services we provide to you. Malaa may also use aggregated Account Information from our Users for purposes of deciding which products and services to build in the future.

By choosing to use our Services to aggregate and analyze your Account Information, you expressly authorize and direct Malaa, on your behalf, to electronically retrieve all Account Information associated with or available via the username and password that you use to link the account through the financial institution’s portal, and to periodically refresh your consent to this retrieved Account Information for so long as the link remains active in alignment with the open banking guidelines issued by the Saudi Central Bank. Malaa works with the financial institutions in the collection, use, storage, and handling of data in connection with our account aggregation services. Malaa works with other third party entities such as the National Information Center to verify your identity and collect KYC data. Malaa does not have access to the login credentials used to link your third party accounts and retrieve Account Information after the credentials have been transmitted to the financial institutions portal or the National Information Center portals and/or other entities portals, although we may store your login names in encrypted form for purposes of fraud detection and prevention. Any Account Information that Malaa have access to is read-only, and the Account Information maintained by your third-party institution cannot be altered by Malaa. Malaa retains Account Information collected via consent based account linking service in accordance with our regulatory recordkeeping requirements, as permitted by law and as described elsewhere in this Privacy Policy, and as required in connection with the maintenance of your account and the Services we provide to you. Malaa does not share your Account Information with outside parties except in limited cases relating to fraud investigations, pursuant to which we may share limited Account Information with your linked third-party institution, although we also reserve the right to share Account Information with third parties where required by law. If you choose to remove or revoke a link to an account with a third-party institution you have previously linked, we will not retrieve any new Account Information for that account unless you re-link that account in the future.

Information regarding children

Due to the nature of our business, our Services are not made available to minors. Except for beneficiary information as described above, Malaa does not knowingly solicit Personal Information directly from or about persons under the age of 18.

If you are under the age of 18, please do not submit any Personal Information to Malaa.

If a parent or guardian becomes aware that his or her child under the age of 18 has directly provided us with Personal Information without his or her consent, he or she should contact us at and we will delete such information from our files unless regulatory obligations prevent us from doing so.

Other ways we collect information

Other means by which we collect Personal Information include the following:

1. Automatic Data Collection. We may collect certain information when you use our Services. This information may include your Internet protocol (“IP”) address, cookie identifiers, mobile carrier, mobile advertising and other unique identifiers, details about your browser, operating system or device, location information, Internet service provider, pages that you visit before, during and after using the Services, information about the links you click, and other information about how you use the Services. Information we collect may be associated with accounts and other devices.

2. Anonymized or Aggregated Information. Malaa’s Site and App record certain anonymized or aggregated information about your use or evaluation of our Services. Anonymized or aggregated information is used for a variety of functions, including the measurement of Users’ interest in and use of various portions or features of the Site and App. Anonymized or aggregated information is not Personal Information, and we may use such information in a number of ways, including internal analysis and research. We may share this information with third-parties for our purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.

3. Cookies and Pixels. Similar to other consumer internet services, Malaa uses cookies, a small piece of computer code that enables our Web servers to “identify” Users, each time they initiate a session on our Site. A cookie is set in order to identify you and tailor the Site to you. Cookies do not store any of the Personal Information that you provided to us; they are simply identifiers. You may delete cookie files from your hard drive at any time through your browser settings. However, cookies may be necessary to provide access to much of the content and many of the features of the Site.

4. Pixel Tags. Along with cookies, we may use “pixel tags,” also known as “web beacons,” which are small graphic files that allow us to monitor the use of our Sites. A pixel tag can collect information such as the IP address of the computer that downloaded the page on which the tag appears; the URL of the page on which the pixel tag appears; the time the page containing the pixel tag was viewed; the type of browser that fetched the pixel tag; and the identification number of any cookie on the computer previously placed by that server.

5. Site and App Activity. Malaa may also use third-party tracking technology, such as Google Analytics, to record similar information regarding you and your activity on our Site and App.

6. “Do Not Track” Technology. We do not collect Personal Information about your online activities over time and across different websites or online services. Therefore, our Site does not respond to Do Not Track (“DNT”) signals. We do not knowingly authorize third-parties to collect Personal Information about your online activities over time and across different websites or online services.

7. Surveys. We may contact you to participate in surveys. If you decide to participate, you may be asked to provide certain information which may include Personal Information.

How we use information

No renting, selling or trading out list

We will never rent, sell or trade your personal information to anyone. Ever.

User personal information

We use your Personal Information for a variety of business purposes, such as to help you evaluate our Services, offer you new products or services, enhance our Services, and for research and internal analysis.

Identify verification

We use third-party vendors to verify your identity as part of the regulatory requirement to verify our user’s identity. We may access your personal information with the National Information Center.

Cross-device tracking

Your browsing activity may be tracked across different websites and different devices or apps. For example, we may attempt to match your browsing activity on your mobile device with your browsing activity on your computer. To do this, we may analyze your browsing patterns, geo-location and device identifiers to match the information of the browser and devices that appear to be used by the same person.

Social media and links to other websites and applications

This Privacy Policy and these terms apply only to Malaa operated Services and applications. Please note that our Site and Apps may contain links to other websites, applications, social media accounts, and information for your convenience that are not operated or controlled by Malaa. Malaa does not control these linked third-party websites or their privacy practices, which may differ from those set out in this Privacy Policy. Any Personal Information you choose to give to linked third-parties is not covered by this Privacy Policy. We encourage you to review the privacy policy of any company or website before submitting your Personal Information. Some third-parties may choose to share their users’ Personal Information with us; that sharing is governed by that company’s privacy policy, not this Privacy Policy.

Information sharing and onward transfer

We will not share or disclose our Personal Information (current or former User) to any nonaffiliated third-parties except:

1. To protect ourselves or others. We may share your Personal Information as required by law, such as when we reasonably believe its necessary or appropriate to investigate, prevent, or take action regarding illegal activities, suspected fraud, situation involving potential threats to the personal safety of any person, if we believe doing so is required or appropriate to: comply with law enforcement or national security requests and legal process, such as a court order; to protect your, our or others’ rights, property, or safety; enforce our policies or contracts; or collect amounts owed to us.

2. Service providers. There are certain circumstances in which we may share your Personal Information with non-affiliated third-party service providers, including to perform certain business and technology related functions and to support the provision of the Services. We may share your personal Information with non-affiliated third-party service providers for the provision of the Services, which includes but is not limited to:

a. Mailing information

b. Data processing and storage

c. Identification and verification of fraud detection

d. Customer support

e. Marketing

3. Disclosure in the event of merger, sale, or other asset transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, purchase or sale of assets, or transition of service to another provider, then your Personal Information may be transferred as part of such a transaction, as permitted by law and/or contract,

Choices of opting-out

General. You have certain choices about the use and disclosures of your Personal Information, as set out in this Privacy Policy.

You may decline to provide Personal Information to Malaa. Declining to provide Personal Information may disqualify you from using Malaa Services, Site, and App features that require certain Personal Information.

Opting-out – Obtaining and withdrawing consent

Where you have consented to Malaa’s use of your Personal Information, you may withdraw that consent (revoke consent) at any time and opt-out by contacting us by email indicated under the “Contacting us” section blow. Users cannot opt-out of providing Malaa Personal Information and continue to use the Services. Users must close their account(s) in order to opt-out of further providing us with Personal Information. Additionally, before we use Personal Information for any new purpose. Even if you opt-out, we may still collect and use non-personal information regarding your activities on our Services and for other legal and regulatory purposes as described above.

Email and SMS communications

Malaa may use your Personal Information to communicate with you regarding our Services or to tell you about blog posts or Services that we believe will be of interest to you. If you decide at any time that you no longer wish to receive marketing communications from us, please follow the “unsubscribe” instructions provided in the communications or contact us at Please note that you cannot opt-out of administrative communications such as regulatory, billing or service notifications, or updates to our Terms or this Privacy Policy

We process requests to be placed on do-not-mail, do-not-phone and do-not-contact lists as required by applicable law.

Mobile devices

We may send you push notifications through our mobile application. You may at any time opt-out from receiving these types of communications by changing the settings on your mobile device. We may also collect location-based information if you use our mobile applications. You may opt-out of this collection by changing the settings on your mobile device.

How long we keep your data

We only retain your Personal Information for as long as reasonably necessary to fulfil the purposes we collected it for, that includes retaining your data to satisfy any legal, regulatory, tax, accounting or reporting requirements

On certain occasions, we may retain your Personal Information for a longer period, and even after you stop using our Services, in order to:

1. Respond to inquiries and complains

2. To comply with laws and regulations

3. To protect our interests

Changes to this Privacy Policy

We may update this Privacy Policy from time to time as we deem necessary at our sole discretion. If there are any material changes to this Privacy Policy, we will notify you as required by applicable law.

Malaa encourages you to review this Privacy Policy periodically to be informed regarding how we are using and protecting your information and to be aware of any policy changes. Your continued relationship with Malaa after the posting or notice of any amended Privacy Policy shall constitute your agreement to be bound by any such changes. Any changes to this Privacy Policy will take effect immediately after being posted or otherwise provided by us. Each version of this Privacy Policy will be identified on this page by its effective date.

This document constitutes Malaa’s complete Privacy Policy for Malaa and its affiliates and the Services, Site and App.

Contact Us

If after reviewing this Privacy Policy, you would like to submit a request, opt-out or you have any questions or privacy concerns, please contact us by email at or via physical mail at:

King Abdullah Financial District (KAFD)

Building 5.07 Riyadh

13519 Saudi Arabia