Wudd treats your personal data as something you control, not something we own. This page explains the specific rights the Saudi PDPL and EU GDPR give you, what data we actually hold, and exactly how to exercise each right inside the app.
Six rights apply to every Wudd user. The article numbers reference the Saudi PDPL; the EU GDPR grants substantially equivalent rights. The next sections explain how to exercise each one inside the app.
For features that ask for it (AI summarisation, occasion emails, leaderboard visibility, contributing anonymised signals to the cross-tenant benchmark bank, etc.), you can withdraw consent at any time. Wudd records the change with a timestamp so the audit trail proves your consent state at any historical moment.
Whenever a manager, an HR member, or a system process reads your data, an audit row is recorded. The most recent 50 events are visible to you in the app — date, who accessed, what type of access, and the stated purpose. Routine reads of your own profile by you are not logged.
Request a structured export and Wudd generates a ZIP with one CSV per category of personal data — profile, recognitions given and received, badges, tasks, evaluations, comments, chat messages, and your access log. Typically completes within 5 minutes.
Wudd uses a small set of vendors for specific features (invoicing, AI suggestions, email delivery, payments). The full list, what data each receives, and the region they operate in are below.
You can request deletion of your account. Some HR records (employment history, payroll-tied evaluations) may be retained under Saudi labour-law obligations even after deactivation; your organization's admin reviews each request and contacts you with the specific scope of what can be deleted.
You can edit your profile fields directly in the app. For data on records you don't control (e.g. a recognition someone wrote about you), contact privacy@wudd.net with the correction and we route it to your organization.
Eight categories total. Each row shows the legal basis we rely on to hold it and how long.
Name, email, job title, department, profile picture, language preference.
Retention: Active employment + your org's HR retention window after offboarding (typically 5 years per Saudi labour law).
Public messages of appreciation between you and colleagues, including points and value tags.
Retention: Org culture history. You can request deletion of recognitions you sent.
Badges you earned, the criteria you met, and the dates of award.
Retention: Active employment.
Tasks assigned to you, completion timestamps, OKR progress your work contributed to.
Retention: Per org HR retention policy.
Algorithmic + manager scores for each promotion cycle, the GPT snapshot they ran against, and the decision.
Retention: Employment-decision evidence per Saudi labour law.
Comments you wrote on recognitions and reactions you registered.
Retention: While the parent recognition is on the wall.
Messages you sent in Connect (corporate-internal chat). Direct-message threads are private to participants.
Retention: Active employment.
A record of which managers, HR personnel, or system processes read your data and why.
Retention: 365 days minimum (audit trail integrity).
Wudd records every privileged read of one user's data by another. The principle: a reasonable employee should be able to know who else has been looking at their data, when, and why. The full list lives on your in-app My Privacy page; here are the kinds of events that are logged versus not logged, so the boundary is honest.
Logged. A manager opens your promotion evaluation for a cycle review.
Logged. An HR member opens your profile from the employer panel.
Logged. A super-admin runs a cross-tenant analytical query that touches your data.
Not logged. You read your own profile or recognitions. Self-access is excluded by design — the question this log answers is "who else looked at me", not "log every SELECT".
Not logged. Anyone reading recognitions from the org-wide wall — recognition copy is org-public by design.
Not logged. Anonymous aggregate metrics (no individual subject in the result).
Six toggles. Each row shows the default and what changes when you flip it. AI processing is opt-in (off by default) — a more conservative posture than PDPL minimum, deliberately matching the GDPR Article 22 spirit on automated decision-making.
Recognitions addressed to you appear on the public-to-the-org wall. Off hides your name from the wall while keeping points + badges.
Auto-emails on personal milestones (birthday, work anniversary). Off stops the emails to you.
Your aggregated performance signals (NOT raw recognition text) may be summarised by AI for your manager's review. Off by default; opt in if you want it on.
Off hides your name from leaderboards while keeping your point totals.
Off removes your uploaded avatar; the system falls back to initials.
Helps Wudd produce industry-wide benchmarks. Only aggregated signals (no employee identity) are pooled. Off excludes your team's data from the bank.
Vendors that receive a portion of your data so Wudd can deliver specific features. Wudd does not sell your personal data to anyone.
This list is the canonical source of truth and is updated when we add or change a vendor. The same list is rendered inside the app on your My Privacy page.
Every right above maps to one click inside the app on your My Privacy page. No email-the-support-team workflow.
Use your normal credentials. The data-rights surface is part of your account, not a separate site.
It sits under your profile group and is available to every employee — no special role required.
Request data export, request deletion, toggle a consent, or read your access log. Every action is recorded for audit.
Email privacy@wudd.net or write to Wudd, Riyadh, Kingdom of Saudi Arabia. We respond within 30 days as the PDPL requires.
This page is the plain-language counterpart to our Privacy Policy. The Privacy Policy is the legally binding document; this page exists to make the rights it grants you actually exercisable, with named buttons and concrete steps. Where the two overlap and conflict, the Privacy Policy controls.