get in touch

Digisoul | AI Enabler for Corporates and SMEs

Data Retention & User Rights Policy

Effective Date: 18 April 2026  |  Version 1.0  |  Jurisdiction: Arab Republic of Egypt

Summary: DigiSoul AI Agency (“DigiSoul”) processes personal data strictly for the purposes of delivering digital products and services, fulfilling legal obligations, and improving user experience. Data is retained only for as long as necessary, and every data subject has enforceable rights under Egypt’s Personal Data Protection Law No. 151/2020 (PDPL) and its Executive Regulations.

1. Scope & Legal Basis

This Policy applies to all personal data collected through https://digisoul.io, connected SaaS platforms (Naqsh, Daleel, SentinelSphere, AI4X), training platforms, email communications, and any channel operated by DigiSoul.

Processing is grounded in the following lawful bases defined by PDPL 151/2020 and aligned international standards (GDPR, NIST Privacy Framework):

  • Explicit consent of the data subject (e.g., newsletter signup, marketing opt-in).
  • Performance of a contract to which the data subject is a party (e.g., order fulfillment, SaaS provisioning).
  • Legal obligation (tax, anti-fraud, AML screening, record-keeping).
  • Legitimate interests pursued by DigiSoul where such interests do not override the rights and freedoms of the data subject (e.g., security, service improvement).
  • Protection of vital interests of the data subject where applicable.

2. Regulatory Framework (Egypt, 2026)

Instrument Relevance
Personal Data Protection Law No. 151/2020 & Executive Regulations Primary legal basis for processing, retention, and data-subject rights.
Egyptian Personal Data Protection Center (PDPC) Supervisory authority; handles complaints and issues binding decisions.
Anti-Cyber & Information Technology Crimes Law No. 175/2018 Security of stored and transmitted data; breach-response obligations.
Electronic Signature Law No. 15/2004 Retention of electronically signed records.
VAT Law No. 67/2016 & Commercial Law No. 17/1999 Statutory retention of invoices and commercial records (minimum 5 years).
Central Bank of Egypt (CBE) & PCI DSS v4.0 Controls on payment-card data.
NIST AI RMF & ISO/IEC 42001 AI-system governance overlays for automated processing.

3. Categories of Personal Data

  • Identity data — full name, job title, organization.
  • Contact data — email address, phone number, billing/mailing address.
  • Account data — username, hashed password, profile preferences, purchase history.
  • Transactional data — order records, invoices, subscription status.
  • Technical data — IP address, device type, browser, operating system, session logs.
  • Usage data — pages visited, features used, time spent, clickstream analytics.
  • Marketing data — consent records, newsletter-engagement signals.
  • AI-interaction data — prompts, queries, and outputs generated within SaaS tools (used solely to provide the service; not used to train external foundation models without separate consent).
  • Sensitive data — DigiSoul does not intentionally collect sensitive personal data (health, religion, political opinions, biometrics). If submitted inadvertently, it is deleted promptly.

4. Retention Periods

Data is retained only as long as necessary for the purpose for which it was collected, to meet legal obligations, or to resolve disputes. Default periods are below; sh

Build smarter — with AI that respects your humanity.

Talk to a Digisoul strategist about your AI roadmap — bilingual (English & Arabic), enterprise-grade, certified.

Book a Discovery Call
Digisoul AI Agency — ISO/IEC 42001:2023 Certified AI Management System
Digisoul AI Agency

AI-powered digital agency for the Middle East, GCC, and Africa. Built on a certified AI Management System.

GET IN TOUCH
Products
Company
Trust & Policies

© 2026 Digisoul AI Agency LLC. All rights reserved.

Humanizing Digital · Digitizing Success

Linkedin-in Facebook-f Instagram Youtube