Privacy Policy

Last Updated: April 2026

The CLIMAX website and ERP system is owned by Zenith Apps LLC, a Wyoming Limited Liability Company, headquartered at 30 N Gould St, Ste N, Sheridan, WY 82801, which is the data controller of your personal data.

Zenith Apps LLC is represented exclusively in the Kingdom of Saudi Arabia by Alshuruq Alraida Commercial Establishment, a legal entity registered in Najran, Saudi Arabia, acting as the authorized representative and exclusive distributor of the Climax ERP solution within the Kingdom.

This Policy complies with the Saudi Personal Data Protection Law (PDPL), issued by Royal Decree No. (M/19) and its amendments, which entered into full effect in September 2024, as well as the European General Data Protection Regulation (GDPR).

Please read this Policy carefully before using the CLIMAX website or any of its services. We are committed to protecting your personal data and ensuring its confidentiality and security.

1. Personal Data We Collect

A. Visitor and Direct User Data When you visit CLIMAX, we automatically collect certain information about your device, including web browser information, IP address, time zone, and certain cookies installed on your device. We also collect information about the pages you visit and how you interact with the Site. We refer to this as "Device Information." When you register or fill out forms, we may collect: name, surname, address, email address, phone number, city of residence, organization name, and payment information.

B. End-Customer Data of Climax System Users Climax system users (businesses and organizations) may collect their end-customers' data through the system — such as name and mobile number — for the purpose of sending invoice notifications, account status updates, and service-related alerts. In this case, the system user is considered the primary data controller, and Zenith Apps LLC acts as a sub-processor in accordance with PDPL requirements.

2. Purpose of Data Processing and Legal Basis

In accordance with Saudi PDPL, we process your data only on lawful grounds, including:

• Performance of a contract with you or with the system user

• Compliance with regulatory and legal obligations (including ZATCA and e-invoicing requirements)

• Legitimate interests in operating the website and improving services

• Your explicit consent where required by applicable law

Automatically collected information is used solely to identify potential abuse and generate statistical usage data, without identifying any individual user.

3. Notification and Communication Services

The Climax system enables automatic notifications to end-customers (such as invoice notifications and account status updates) through various communication channels. Regarding this service:

• Opting Out of Notifications: End-customers have the full right to unsubscribe from notification services at any time, either by contacting us directly through the contact details below, or through the Climax system user they deal with.

• Deletion of End-Customer Data: A deletion request will result in the removal of data from communication and notification systems. However, data linked to invoices, accounts, and financial records may be retained by the Climax system user for legal, judicial, and tax compliance purposes, and is not subject to deletion from the accounting system records.

4. Your Rights

For residents of the Kingdom of Saudi Arabia under PDPL:

• The right to be informed of the purpose for which your data is collected

• The right to access and review your personal data

• The right to correct inaccurate or outdated data

• The right to request deletion of data (where permitted by law)

• The right to restrict processing

• The right to object to processing

For European residents under GDPR, the following additional rights apply: the right to data portability, and rights related to automated decision-making and profiling.

To exercise any of these rights, please contact us using the information provided below.

5. Cross-Border Data Transfers

In accordance with PDPL requirements, some data processing may take place outside the Kingdom of Saudi Arabia, including in the United States and Canada, subject to the safeguards and controls required by law to protect data subjects' privacy during cross-border transfers. Data of European residents may similarly be transferred outside the European Union under equivalent protections.

6. Links to Other Websites

Our website may contain links to third-party websites that we do not own or control. We are not responsible for the privacy practices of such websites, and we encourage you to review the privacy policy of every website you visit.

7. Information Security

We protect your data on servers in a secure, controlled environment in accordance with the standards and controls issued by the Saudi National Cybersecurity Authority and internationally recognized best practices, including administrative, technical, and physical safeguards against unauthorized access, modification, or disclosure. However, no data transmission over the Internet can be guaranteed to be fully secure.

In the event of any data breach or leak, we are committed to promptly notifying the relevant authorities and affected data subjects within the timeframes stipulated under PDPL.

8. Legal Disclosure

We will disclose any information we collect or use if required or permitted by applicable law, such as to comply with a court order or a request from a competent government authority, or when we believe in good faith that disclosure is necessary to protect rights, safety, or to investigate fraud.

9. Contact Information

For any questions regarding this Policy or to exercise your personal data rights, please contact us through the following official channels:

Zenith Apps LLC (Global)

• Email: privacy@zenith-apps.net

• Phone: +1 (307) 227-3040

Alshuruq Alraida Commercial Establishment (KSA Representative)

• Phone: +966-53-556-6429

• Email: climax@alshrouk.sa

• Email: privacy@climax-erp.com