Skip to content
Authmatech
Legal

Authmatech legal center

Every contract that governs how Authmatech is used, in plain language. Last updated quarterly.

Privacy Policy

Last updated 2026-04-01

1. Who we are

Authmatech FZ-LLC (“Authmatech”, “we”, “us”) operates the silent mobile number verification platform available at authmatech.com. We are headquartered in Riyadh, Saudi Arabia, and provide services primarily to organizations operating across the MENA region.

2. Data we process

On behalf of our customers, we process mobile network identifiers (MSISDNs), encrypted SIM-binding tokens, and metadata about verification attempts (latency, operator, result, masked MSISDN). On behalf of website visitors and applicants, we process contact details voluntarily submitted via our forms.

3. How we use it

Customer-submitted data is used solely to perform the verification service our customers request, to bill for usage, and to maintain a tamper-evident audit trail. Visitor-submitted data is used solely to respond to enquiries, route them to the right team, and improve outreach.

4. Where it lives

Customer data is stored in the region nearest the customer’s contracted residency. Saudi Arabian customer data resides in KSA infrastructure. UAE and Egypt residency are available on the Enterprise tier. Cross-region replication only occurs with explicit, written customer consent.

5. How long we keep it

Verification audit records are retained for the duration specified in your contract (default 12 months, extendable for regulated workloads). Contact form submissions are retained for 24 months unless deleted earlier on request.

6. Your rights

Under GDPR, PDPL, and equivalent regional frameworks you have rights to access, correct, port, and delete your personal data. Submit requests to [email protected] — we respond within the regulatory SLA, typically faster.

7. How we secure it

MSISDNs, API keys, and operator secrets are AES-256-encrypted at rest with field-level keys. All transport uses TLS 1.2+. Logs are routed through a masking serializer that redacts PII before persistence. See the Trust Center for the full controls list.

8. Subprocessors

A current list of subprocessors and the data they handle is available at /security#policies on request. Material changes are notified 30 days in advance to customers under contract.

9. Children

Authmatech services are not directed to individuals under 18. We do not knowingly collect personal data from children.

10. Contact

For privacy questions, email [email protected]. For DPO-style escalation, write to [email protected].