Total Reward
Sign In

Legal

Privacy Policy

Last updated: 20 June 2026

1. Who we are

Total Reward (“we”, “us”) is a compensation management platform operated for HR teams in Saudi Arabia, the GCC and the wider Arabic-speaking market. This policy explains how we collect, use, and protect personal data when you use totalreward.app.

2. Data we collect

  • Account data: name, work email, organization, role, and authentication metadata.
  • Compensation data you upload: employee records, salaries, allowances, bonus and merit data, salary structures.
  • Billing data: customer name, mobile number, email, invoice records, and payment status. Card details are processed directly by Paylink — we never store full card numbers.
  • Usage data: audit logs of actions you perform inside the application (who changed what, when).

3. How we use the data

  • To operate the service and the features you request.
  • To protect the security and integrity of your organization’s data.
  • To bill subscriptions and issue tax-compliant invoices (15% KSA VAT).
  • To send transactional emails (auth, receipts, important account events).
  • To respond to your support requests.

We do not sell personal data. We do not use customer compensation data for advertising or to train third-party AI models.

4. Legal basis

We process data under the contract you (or your organization) have with us, our legitimate interest in operating the service, and our legal obligations (tax, accounting). Where required, we rely on your consent.

5. Subprocessors

  • Lovable Cloud — application hosting, database, authentication.
  • Paylink — payment processing for subscriptions.
  • Transactional email provider — for system emails.

Each subprocessor receives only the data needed to perform its function.

6. Data location & transfers

Application data is stored with our managed cloud provider. Payment data is processed by Paylink within the Kingdom of Saudi Arabia. We take reasonable steps to ensure adequate protection when data crosses borders.

7. Retention

We retain customer data while your organization’s account is active. After cancellation, customer data is retained for up to 90 days (to allow account recovery) and then deleted, unless retention is required by law (e.g. tax invoices kept for the legally required period).

8. Security

All connections use HTTPS/TLS. Data is isolated per organization at the database level via row-level security. Access to production data is limited to authorized personnel and logged.

9. Your rights

You may request access, correction, or deletion of your personal data, or object to certain processing. For organization-level data, please ask your organization administrator first. To contact us, email privacy@totalreward.app or use the contact page.

10. Cookies

We use only the cookies necessary to keep you signed in and to remember your locale and theme preferences. We do not use advertising cookies.

11. Changes

We may update this policy. Material changes will be communicated by email or via a banner in the application.

12. Contact

For privacy questions, email privacy@totalreward.app.