Data Retention & User Rights

This policy explains how long Digisoul keeps personal data, the bases for retention, and the rights available to you under applicable data-protection laws, including the EU/UK GDPR, Egypt’s Personal Data Protection Law (Law No. 151 of 2020), and Saudi Arabia’s PDPL.

1. Principles

We keep personal data only for as long as necessary for the purposes for which it was collected, to meet legal, tax, and regulatory obligations, to resolve disputes, and to enforce our agreements. When data is no longer needed, we securely delete or anonymise it.

2. Retention periods

Account & profile data — for the life of your account and up to 24 months after closure.
Orders, billing & tax records — up to 5 years, in line with Egyptian tax and commercial record-keeping requirements.
Training & programme records — up to 24 months after completion, to support certificates and alumni access.
Support & enquiry communications — up to 24 months after the last interaction.
Marketing consent & preferences — until you withdraw consent or unsubscribe, plus a short record of that withdrawal.
Website analytics & logs — typically up to 14 months.

Periods may vary where a longer retention is required by law, or a shorter one is requested and lawful.

3. Your rights

Subject to applicable law, you may: access the personal data we hold about you; correct inaccurate data; request erasure; restrict or object to processing; request portability; and withdraw consent at any time without affecting prior lawful processing.

4. How to exercise your rights

Email bd@digisoul.io or call +20 100 020 9111. We respond within the timeframes required by applicable law (generally within 30 days) and may need to verify your identity first.

5. International transfers

Where data is transferred outside your jurisdiction, we apply appropriate safeguards (such as standard contractual clauses or equivalent measures) consistent with applicable law.

6. Security

We use encryption in transit, access controls, and data-minimisation practices. Our information-security practices are aligned with ISO/IEC 27001 principles, and our AI Management System is certified to ISO/IEC 42001:2023.

7. Breach notification

If a personal-data breach is likely to result in a risk to your rights, we notify the relevant authority and affected individuals within the timeframes required by applicable law.

8. Automated decision-making

We do not make decisions producing legal or similarly significant effects solely by automated means without human review.

9. Contact & updates

Questions about this policy: bd@digisoul.io, +20 100 020 9111, Cairo, Egypt. We may update this policy from time to time; the latest version is always published here. Last reviewed: May 2026.

Training

AI4X

Skills4X

Not sure which program?

Digital Products

New to Digisoul products?

Khabeer AI

Not sure where to start?

Resources

Want practical AI signal?