Website Policies

Security & Incident Response.

SECURITY AND INCIDENT RESPONSE NOTICE

Last updated May 21, 2026

This notice describes how GPR Business Services handles security and personal data incident response for its website, customer services, and platform services. It is written to reflect manual and operational handling where a self-service or automated control is not available.

  1. Security approach

GPR applies reasonable technical and organizational safeguards according to the service, data, provider, environment, and customer configuration. These may include authentication, authorization, tenant scoping, access limitation, operational logging, secret-reference handling where supported, confidentiality controls, provider due diligence, and support access controls.

  1. Incident intake

Security concerns, suspected unauthorized access, credential exposure, provider misuse, or suspected personal data incidents may be reported to contact@gpr.sa. GPR will review reported incidents manually and may request additional information to assess scope, affected systems, affected data, and required action.

  1. Assessment and containment

GPR may take steps such as disabling affected credentials, restricting access, pausing a tenant, suspending a provider connection, preserving logs, contacting subprocessors, or requesting customer action where needed to contain or investigate an incident.

  1. Customer and authority notification

Where an incident affects customer-controlled personal data, GPR will notify the affected customer without undue delay after confirming the incident and will provide information reasonably available to GPR. Where GPR is responsible for making a notification to a competent authority or affected individual, GPR will assess and make notifications according to applicable law.

  1. Records

GPR may keep incident records, investigation notes, support records, security logs, and remediation evidence as needed for security, legal, audit, compliance, dispute, and service integrity purposes.

  1. Contact

Security and incident reports may be sent to contact@gpr.sa.