Enkindle Digital | Global Privacy Policy

Last Updated: February 1, 2026

1. Introduction

Enkindle Digital (“we,” “us,” or “the Agency”), registered in the United Arab Emirates, is committed to protecting the privacy and security of data entrusted to us by our clients and their end-users worldwide. This policy outlines our standards for data processing in alignment with UAE Federal Decree-Law No. 45 of 2021, the KSA Personal Data Protection Law (PDPL), and international standards such as GDPR.

2. Our Role as a Data Processor

In most service engagements, Enkindle Digital acts as a Data Processor. Our clients act as the Data Controllers. We process personal data (such as customer lists for ad targeting or CRM leads) strictly according to the written instructions provided by our clients in our Service Agreements.

3. Data Security Measures

We implement industry-standard technical and organizational measures to protect data:

  • Access Control: We enforce 100% Multi-Factor Authentication (MFA/2FA) on all internal systems and client platforms (e.g., Meta Business Suite, Google Ads).
  • Encryption: Data is encrypted at rest and during transit using secure protocols.
  • Staff Training: All team members (Managers, Designers, and Executives) undergo regular privacy and cybersecurity training.
  • Confidentiality: Every team member is bound by strict non-disclosure and confidentiality agreements.

4. International Data Transfers

As a global agency, we ensure that any cross-border transfer of personal data complies with the relevant local laws.

  • KSA Data: Personal data belonging to KSA residents is handled in accordance with the residency and transfer requirements of the KSA PDPL.
  • UAE & Global Data: We ensure adequate protection levels are maintained whenever data moves across jurisdictions.

5. Data Retention

We do not store client data longer than necessary to fulfill our service obligations. Upon termination of a contract, Enkindle Digital will, at the client’s request, securely delete or return all personal data, unless local law requires continued storage.

6. Sub-Processors

We only use reputable third-party sub-processors (e.g., Amazon Web Services, Google Workspace, Slack) that maintain high-tier security certifications (ISO 27001 or SOC 2).

7. Contact & Rights

Data subjects wishing to exercise their rights (access, correction, or deletion) should contact the respective Data Controller (our client). For inquiries regarding Enkindle Digital’s privacy practices, contact: privacy@enkindle.digital