Terms of Service
1. Parties and Acceptance
1.1 These Terms of Service (“Terms”) govern your access to and use of the website located at https://ghrs.sa (“Site”) and any authenticated portal services made available through it (“Services”), operated by شركة غرس للتنمية و الحلول التقنية (trading as GHRS Ventures; Unified National Number: 7053644840), a company registered in the Kingdom of Saudi Arabia, with its principal place of business in Riyadh (“GHRS”, “we”, “us”, “our”).
1.2 By accessing the Site, submitting an application, or using the Services, you confirm that you have read, understood, and agree to be bound by these Terms. If you do not agree, you must stop using the Site and Services immediately.
1.3 These Terms constitute a binding agreement between you and GHRS. They do not create a partnership, employment relationship, joint venture, or agency between the parties.
2. Eligibility
2.1 You must be at least eighteen (18) years of age to use the Site or submit an application.
2.2 By using the Site you represent and warrant that: (a) you are at least 18 years old; (b) you have full legal capacity to enter into these Terms; and (c) your use of the Site does not violate any applicable law or regulation.
2.3 GHRS reserves the right to refuse access to any person who does not meet these requirements.
3. Description of Services
3.1 Venture-studio services. GHRS is a Saudi venture builder. The Site markets four engagement tracks and provides a private portal for admitted participants:
- Build — GHRS co-builds an MVP with an early-stage founder.
- Back — GHRS provides capital and institutional support to a later-stage venture.
- Boost — Corporate venture acceleration; a sponsoring corporation funds a defined problem space.
- Advisory — A strategic consulting engagement with a defined scope, deliverable, and budget.
3.2 No sale of services through the Site. Nothing on the Site constitutes an offer to sell or a binding commitment to provide any engagement. All engagements are subject to a separate, signed agreement between the relevant parties. Submission of an application creates no obligation on the part of GHRS to engage with any applicant.
3.3 Portal access.Admitted founders, limited partners, and corporate clients (“Portal Users”) receive access to a private authenticated area (“/portal”) where they may view briefs and download confidential documents relevant to their engagement. Portal access is strictly invite-only and role-gated; the scope of access is determined by GHRS at its sole discretion.
3.4 No investment advice. Nothing on the Site or in any materials provided through the portal constitutes investment advice, financial advice, or a solicitation to invest. Past performance of any portfolio company is not indicative of future results. You should seek independent professional advice before making any investment decision.
4. Application Submissions
4.1 Truthfulness. By submitting an application through /apply, you represent that all information provided is true, accurate, complete, and not misleading. GHRS may rely on the information you provide in its evaluation process.
4.2 No obligation. Receipt of an application creates no obligation on GHRS to acknowledge, evaluate, advance, or engage with any applicant. GHRS may accept or decline any application in its sole discretion, with or without reason.
4.3 No implied confidentiality. Submission of an application does not create a confidentiality or non-disclosure obligation on the part of GHRS unless the parties have executed a separate, signed non-disclosure agreement. Do not submit information you are not willing to disclose in the absence of such an agreement.
4.4 Rate limits. Applications are subject to technical rate limits (currently two submissions per email address per hour). Attempts to circumvent these limits are a breach of these Terms.
5. Intellectual Property
5.1 GHRS content. All content on the Site — including text, graphics, logos, images, and software — is owned by or licensed to GHRS and is protected under the laws of the Kingdom of Saudi Arabia. No content may be reproduced, distributed, modified, or publicly displayed without the prior written consent of GHRS.
5.2 User-submitted materials. By submitting materials through the application form or any other channel, you grant GHRS a non-exclusive, worldwide, royalty-free, irrevocable licence to use, reproduce, store, and analyse those materials solely for the purpose of evaluating your application and considering a potential engagement. This licence does not transfer ownership of your materials and terminates if GHRS declines your application, except to the extent GHRS is required to retain records under applicable law.
5.3 Feedback. Any feedback, suggestions, or ideas you provide to GHRS may be used by GHRS without restriction or compensation.
6. Portal User Accounts
6.1 Invite-only. Portal accounts are created exclusively by invitation. There is no self-registration. You may not share your invitation link or account credentials with any other person.
6.2 Account security. You are responsible for maintaining the confidentiality of your login credentials and for all activity that occurs under your account. You must notify GHRS immediately at info@ghrs.sa if you suspect unauthorised access.
6.3 Role-based access. Your access to documents and briefs is limited to the role assigned to your account (founder, LP, or corporate client). You may not attempt to access materials outside your assigned role.
6.4 Document confidentiality.Documents made available to you through the portal are confidential and provided solely for the purpose of your engagement with GHRS. You may not copy, share, publish, or distribute portal documents to any third party without GHRS’s prior written consent.
6.5 Session limits. Sessions expire after seven (7) days of inactivity and after thirty (30) days in all cases. You will be required to re-authenticate upon expiry.
7. Acceptable Use
You agree not to:
- use the Site or Services for any unlawful purpose or in violation of any applicable law or regulation;
- attempt to gain unauthorised access to any part of the Site, portal, backend systems, or any third-party systems connected to the Site;
- reverse-engineer, decompile, disassemble, or otherwise attempt to derive the source code of any software used to operate the Site or Services;
- scrape, crawl, or systematically download content from the Site using automated tools;
- submit false, misleading, or fraudulent information through any form on the Site;
- transmit viruses, malware, or any other harmful code;
- use the Site in any manner that could damage, disable, overburden, or impair GHRS’s infrastructure or that of its service providers; or
- impersonate any person or entity or misrepresent your affiliation with any person or entity.
8. Disclaimers
8.1 “As is” basis.The Site and Services are provided on an “as is” and “as available” basis without warranties of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement.
8.2 No guaranteed outcomes. GHRS makes no representation or warranty that any engagement will result in a commercial agreement, investment, or any particular outcome. Venture building involves inherent risk.
8.3 Availability. GHRS does not warrant that the Site will be available at all times, free from errors, or free from interruption.
9. Limitation of Liability
9.1 To the maximum extent permitted by the laws of the Kingdom of Saudi Arabia, GHRS (including its officers, employees, and agents) shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or in connection with your use of the Site or Services, even if GHRS has been advised of the possibility of such damages.
9.2 In no event shall GHRS’s total aggregate liability to you for any claims arising under or in connection with these Terms exceed the amount, if any, paid by you to GHRS in the twelve (12) months preceding the claim.
9.3 Nothing in these Terms excludes or limits liability for fraud, wilful misconduct, or any other matter that cannot be excluded or limited by law.
10. Indemnity
You agree to indemnify, defend, and hold harmless GHRS and its officers, directors, employees, and agents from and against any claims, damages, losses, costs (including reasonable legal fees), and expenses arising out of or relating to: (a) your use of the Site or Services; (b) your violation of these Terms; or (c) your violation of any applicable law or the rights of any third party.
11. Termination
11.1 GHRS may suspend or terminate your access to the Site or Services at any time, with or without notice, if GHRS reasonably believes you have breached these Terms or for any other legitimate reason.
11.2 Upon termination, the provisions of these Terms that by their nature should survive will continue in full force, including sections on intellectual property, disclaimers, limitation of liability, indemnity, and governing law.
12. Changes to Terms
12.1 GHRS may update these Terms at any time. When changes are material, GHRS will update the “Effective date” at the top of this page. Your continued use of the Site after the effective date of the revised Terms constitutes your acceptance of the changes.
12.2 If you do not agree to the revised Terms, you must cease using the Site and Services.
13. Governing Law and Disputes
13.1 These Terms and any dispute arising out of or in connection with them shall be governed by and construed in accordance with the laws of the Kingdom of Saudi Arabia.
13.2 Any dispute that cannot be resolved amicably shall be submitted to the exclusive jurisdiction of the competent courts in Riyadh, Kingdom of Saudi Arabia.
14. Miscellaneous
14.1 Entire agreement. These Terms, together with the Privacy Notice below and any executed engagement agreement, constitute the entire agreement between you and GHRS relating to your use of the Site and Services and supersede all prior agreements and understandings.
14.2 Severability. If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions will continue in full force and effect.
14.3 No waiver.Failure by GHRS to enforce any provision of these Terms does not constitute a waiver of GHRS’s right to enforce it at a later time.
14.4 Language. These Terms are in English. In the event of any conflict with a translated version, the English version prevails.
14.5 Contact for legal notices: info@ghrs.sa | GHRS Ventures, Riyadh, Kingdom of Saudi Arabia.
Privacy Notice
1. Identity of the Data Controller
شركة غرس للتنمية و الحلول التقنية (GHRS Ventures; Unified National Number: 7053644840), a company registered in Riyadh, Kingdom of Saudi Arabia, is the controller of the personal data collected and processed through the Site and Services described in this Notice.
Contact for privacy matters: info@ghrs.sa
2. Scope and Legal Framework
2.1 This Privacy Notice (“Notice”) describes how GHRS collects, uses, stores, transfers, and protects your personal data. It applies to all personal data processed through the Site (https://ghrs.sa), the application form at /apply, and the authenticated portal.
2.2 GHRS processes personal data in compliance with the Personal Data Protection Law of the Kingdom of Saudi Arabia (Royal Decree م/19 dated 1443/2/9H, as amended by Royal Decree م/148dated 1444/9/5H) (“PDPL”) and its implementing regulations.
2.3 This Notice should be read together with the Terms of Service above.
3. Personal Data We Collect
3.1 Application form (/apply)
The following data is collected from all applicants regardless of engagement mode:
- Full name
- Email address
- Phone number (international format)
- Organisation / company name
- LinkedIn URLs of team members (up to ten)
- Language preference (English / Arabic)
Additional data collected depending on the engagement mode selected:
| Mode | Additional fields |
|---|
| Build (founder) | Business idea (required), problem statement (required), traction data, team description, capital sought |
| Back (founder) | Business idea (required), traction data (required), problem statement, team description |
| Boost (corporate) | Sponsoring organisation (required), problem area, budget range (required), decision timeline |
| Advisory | Scope of work (required), expected deliverable, timeline, budget range (required) |
3.2 Portal user accounts
When GHRS admits a user and creates an account, the following data is stored:
- Email address
- Name (optional at the user’s discretion)
- Role (founder, LP, corporate client, admin, or super-admin)
- Language preference
- Password hash (managed by the authentication provider; the plain-text password is never stored)
- Optional: phone number, profile image
- Account timestamps (creation, last update)
3.3 Portal documents
Metadata stored for documents uploaded to the portal includes: document title, description, file size, content type, uploader identity, upload timestamp, visibility roles, optional thumbnail, and soft-delete timestamp. Document files (PDF format, up to 25 MB) are stored with GHRS’s cloud storage provider.
3.4 Audit and activity logs
- Document read logs: every successful document download records the user ID, document ID, and timestamp. These logs are never deleted.
- Brief read logs: every brief view records the user ID, brief identifier, timestamp, and language. These logs are never deleted.
- Invite logs: every invitation (consumed or unconsumed) records the invited email, assigned role, inviting administrator, and relevant timestamps. Consumed invites are retained as audit records; pending invites may be revoked by an administrator.
3.5 Ephemeral tokens
Short-lived HMAC-signed tokens are generated to authorise document uploads (10-minute TTL) and downloads (5-minute TTL). These tokens are automatically purged by a scheduled process and are not personal data in any meaningful sense.
3.6 Cookies and local storage
- Authentication cookie: set only on portal routes (/portal/*) by the authentication provider. This cookie is HttpOnly and session-scoped via JWT. It is not set on marketing pages.
- No tracking cookies on marketing pages. No analytics or advertising cookies are placed on the public-facing marketing pages by default.
- Analytics cookies (conditional): if GHRS activates website analytics, the analytics provider may set cookies on marketing pages to distinguish users and collect aggregate usage data including page views, events, and anonymised IP addresses. Website analytics is only active when the relevant environment variable is enabled; when inactive, no analytics cookies are placed. See Section 6 below.
- No use of localStorage or sessionStorage on marketing pages.
3.7 Server access logs
GHRS’s hosting provider collects standard HTTP server logs — including IP address, user-agent, and URL — as a function of providing hosting services. These logs are retained per the hosting provider’s default retention policy.
4. Purposes and Legal Bases for Processing
| Purpose | Personal data involved | Legal basis under PDPL |
|---|
| Processing and evaluating your application | Application form data (§3.1) | Legitimate interest of GHRS to evaluate prospective partners and clients (Art. 6(4) PDPL as amended) |
| Sending an acknowledgement email to applicants | Name, email, mode | Legitimate interest / pre-contractual steps |
| Sending an internal application digest to GHRS staff | Full submission payload | Legitimate interest of GHRS for internal operations |
| Creating and managing portal accounts | Account data (§3.2) | Performance of the engagement arrangement (Art. 6(2) PDPL) |
| Providing portal services (document access, briefs) | Account data, document metadata, audit logs | Performance of the engagement arrangement (Art. 6(2) PDPL) |
| Maintaining audit and activity logs | Read logs, invite logs (§3.4) | Legal obligation and legitimate interest in maintaining accurate records (Art. 6(2), Art. 18 PDPL) |
| Sending transactional emails (invites, password resets) | Email, name, reset/setup tokens | Performance of the engagement arrangement (Art. 6(2) PDPL) |
| Aggregate website analytics (if enabled) | Anonymised page-view and event data | Consent is obtained where required by applicable law; otherwise legitimate interest in improving the Site |
| Security monitoring and fraud prevention | Log data, rate-limit counters | Legitimate interest of GHRS and legal obligation |
| Compliance with legal obligations | All data categories as applicable | Legal obligation (Art. 6(2) PDPL) |
GHRS does not use personal data submitted through the Site for targeted advertising, remarketing, or sale to third parties. Triage of applications is performed manually by GHRS staff; no automated decision-making is applied to applicants.
5. Disclosure of Personal Data
5.1 GHRS does not sell, rent, or trade your personal data.
5.2 GHRS discloses personal data only in the following circumstances, consistent with Article 15 of the PDPL:
- To authorised GHRS staff who need access for the purposes described in Section 4.
- To sub-processors engaged to provide technical infrastructure.
- As required by law — to governmental or regulatory authorities, courts, or law enforcement bodies where required or permitted by the laws of the Kingdom of Saudi Arabia.
- To protect vital interests — where disclosure is necessary to protect life, safety, or health.
6. Cookies — Detailed Notice
| Cookie type | Set by | Purpose | Duration |
|---|
| Authentication cookie | Authentication provider (portal routes only) | Session authentication | Session (max 30 days) |
| Analytics cookies | Website analytics provider (if enabled) | Distinguishes users and collects aggregate usage data | Up to 2 years |
No cookies are set on marketing pages other than the analytics cookies described above, which are only active when website analytics is enabled. You may disable analytics cookies by using your browser’s cookie-management settings.
7. Sub-Processors
GHRS engages sub-processors to operate the Site and Services, including for database hosting, document storage, transactional email delivery, web hosting, DNS resolution, and (where enabled) website analytics. Sub-processors are bound by appropriate data-protection terms and process personal data solely on GHRS’s instructions and for the purposes set out in this Notice.
GHRS reviews sub-processors’ data-protection practices on an ongoing basis and takes reasonable steps to ensure that sub-processors maintain an adequate level of data protection consistent with the PDPL. To request the current list of sub-processors, contact info@ghrs.sa.
8. International Transfers
8.1 Where sub-processors are located outside the Kingdom of Saudi Arabia, processing personal data through those services involves a transfer of personal data outside the Kingdom.
8.2 Such transfers, where they occur, are made in accordance with Article 29 of the PDPL (as amended by Royal Decree م/148 dated 1444/9/5H). GHRS takes the following steps to protect data in cross-border transfers:
- GHRS selects sub-processors that provide adequate contractual and technical safeguards (Art. 8 PDPL).
- Transfers are limited to the minimum data necessary for the relevant purpose (Art. 29(3) PDPL).
- GHRS monitors sub-processors’ ongoing compliance with data protection requirements.
8.3 Where the applicable regulations specify additional conditions for transfers — including assessment by the competent authority — GHRS will comply with those conditions.
9. Data Retention
GHRS retains personal data for the periods set out below. Where retention is “indefinite,” this reflects the operational and audit requirements of the Services; GHRS will review retention practices as regulatory guidance develops.
| Data category | Retention period |
|---|
| Intake / application submissions | Indefinite (no automated deletion) |
| Portal user accounts | Indefinite |
| Document metadata | Indefinite; soft-deleted records are hidden from the UI but the underlying record and file are retained |
| Document and brief read logs | Indefinite (audit records) |
| Invite records (consumed) | Indefinite (audit records) |
| Invite records (pending, unaccepted) | Until revoked by an administrator |
| Upload authorisation tokens | 10 minutes; auto-purged hourly |
| Download authorisation tokens | 5 minutes; auto-purged hourly |
| Server access logs | Per the hosting provider’s default retention policy |
| Website analytics data (if enabled) | Per the analytics provider’s default retention policy (typically 14 months; configurable) |
In accordance with Article 18 of the PDPL, where GHRS is required by law to retain data beyond the original purpose, it will do so for the legally prescribed period and destroy the data thereafter.
No automated data export or self-service deletion interface is currently available. All access, correction, and deletion requests are handled manually — see Section 11.
10. Security Measures
In accordance with Article 19 of the PDPL, GHRS takes the following technical and organisational measures to protect personal data:
- HTTPS enforced on all pages with HTTP Strict Transport Security (HSTS, 1-year max-age, includeSubDomains).
- Strict Content Security Policy (default-src: self, with a targeted allowlist for approved third-party services).
- HTTP security headers: X-Frame-Options: DENY; X-Content-Type-Options: nosniff; Referrer-Policy: strict-origin-when-cross-origin; Permissions-Policy restricting camera, microphone, and geolocation access.
- Short-TTL signed tokens for document downloads (5-minute TTL, single-use HMAC-signed); access control list is re-verified at token minting time.
- Server-side input validation on all form submissions.
- Password policy enforced at account creation and password reset.
- Session limits: 7-day idle timeout; 30-day absolute maximum session length.
Despite these measures, no system is entirely immune from security risks. In the event of a personal data breach, GHRS will notify the competent authority and, where required, affected individuals in accordance with Article 20 of the PDPL.
11. Your Rights Under the PDPL
Under the PDPL (Articles 4 and 21, as amended by Royal Decree م/148 dated 1444/9/5H), you have the following rights in respect of your personal data held by GHRS:
- Right to be informed — to know the legal basis for collecting your data and the purpose for which it is collected.
- Right of access — to access your personal data held by GHRS and to receive a copy in a clear, readable format.
- Right to correction — to request correction, completion, or updating of inaccurate or incomplete data.
- Right to destruction— to request deletion of your data that is no longer needed for the purpose for which it was collected, subject to GHRS’s legitimate retention requirements and legal obligations.
- Other rights as set out in the PDPL implementing regulations, which may include the right to object to certain processing and the right to data portability as further specified by the competent authority.
How to exercise your rights: Submit a written request by email to info@ghrs.sawith the subject line “Data Subject Request.” Please include sufficient information to verify your identity. GHRS will respond within the timeframe prescribed by the PDPL and its implementing regulations.
12. Children
The Site and Services are not directed to individuals under the age of 18. GHRS does not knowingly collect personal data from minors. If you believe a minor has submitted personal data to GHRS, please contact info@ghrs.sa and GHRS will take steps to delete the relevant data.
13. Changes to This Notice
13.1 GHRS may update this Privacy Notice from time to time to reflect changes in the law, in the Services, or in data-processing practices. The “Effective date” at the top of this page will be updated whenever material changes are made.
13.2 Your continued use of the Site after the effective date of the revised Notice constitutes your acknowledgement of the changes. For significant changes, GHRS may provide additional notice (such as a banner on the Site or an email to portal users).
14. Contact
For any privacy-related questions, requests, or complaints:
شركة غرس للتنمية و الحلول التقنية (GHRS Ventures)
Email: info@ghrs.sa
Phone: +966 56 668 9836
Riyadh, Kingdom of Saudi Arabia
You also have the right to file a complaint with the competent authority responsible for enforcing the PDPL in the Kingdom of Saudi Arabia.
