MBL GUARDIAN

Driving HSSE Excellence

Privacy Policy

Last Updated: April 5, 2026  •  Effective Date: April 5, 2026

1. Introduction

RSG ("we," "us," or "our") operates the MBL Guardian mobile application (the "App"), a professional Health, Safety, Security & Environment (HSSE) management system. This Privacy Policy explains how we collect, use, store, share, and protect information in connection with your use of the App.

This Policy applies to all users of the App regardless of geographic location and has been prepared to comply with:

By accessing or using the App, you confirm that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the App immediately.

2. Data Controller Information

RSG

Website: https://hsse.rsg.one

Email: info@rsg.one

For privacy-related inquiries, please contact us at info@rsg.one.

3. Who This App Is For

MBL Guardian is an enterprise B2B application designed exclusively for use by organizations and their authorized employees, contractors, and representatives for professional HSSE management purposes. The App is not intended for personal use, consumer use, or use by individuals under the age of 18. We do not knowingly collect personal data from minors.

4. Information We Collect

We collect only the minimum data necessary to provide the App's functionality. The categories of data we collect are:

4.1 Account & Identity Data

This data is provided by your organization when your account is created, or by you directly during login.

4.2 Work & Operational Data

When you create, update, or interact with safety observations, we collect:

This data is work-related and is processed on behalf of your organization.

4.3 Technical & Session Data

4.4 Connectivity Verification Data

To verify internet connectivity, the App performs DNS resolution checks against well-known public DNS servers (Google Public DNS at 8.8.8.8 and Cloudflare DNS at 1.1.1.1). These checks are performed locally on your device. No personal data is transmitted during these checks; they involve only standard network requests to verify reachability.

4.5 Data We Do NOT Collect

We explicitly do not collect:

5. Legal Basis for Processing

Processing ActivityLegal Basis
Account authentication and session managementPerformance of contract / Legitimate interests
Storing and retrieving safety observation recordsPerformance of contract with your organization
Token refresh and automatic re-authenticationLegitimate interests (security, seamless user experience)
Connectivity verificationLegitimate interests (service availability)
Technical error and compatibility dataLegitimate interests (app stability and improvement)
Compliance with legal obligationsLegal obligation

Under PDPL, we rely on contractual necessity and legitimate interest as primary bases. Where GDPR applies, the same bases apply under Article 6(1)(b) and 6(1)(f).

6. How We Use Your Data

We use the information we collect to:

  1. Authenticate your identity and maintain secure sessions
  2. Display and manage safety observations and dashboard analytics relevant to you and your organization
  3. Enable creation, submission, approval, and closure of observation records
  4. Provide real-time data synchronization with the HSSE backend platform
  5. Maintain audit trails and history logs for regulatory compliance by your organization
  6. Detect and address technical errors, crashes, and connectivity issues
  7. Improve app performance, stability, and user experience
  8. Comply with applicable legal obligations

We do not use your data for:

7. Data Sharing and Disclosure

We do not sell, rent, or trade personal data. We may share data only in the following limited circumstances:

7.1 Your Organization

Work-related data you create (observations, reports, audit history) is shared with your employer/organization as the primary data controller of such records. Your organization has independent data obligations toward you.

7.2 RSG Infrastructure and Service Providers

Data is processed on RSG-operated servers at hsse.rsg.one. We may engage trusted sub-processors (e.g., cloud hosting providers) who are contractually bound to process data only per our instructions and with appropriate security measures in place.

7.3 Legal Requirements

We may disclose data where required by applicable law, court order, or government authority, including under Saudi law and SDAIA requests.

7.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction, subject to equivalent privacy protections.

8. Data Retention

Data TypeRetention Period
Authentication tokensDuration of session (or until logout / token expiry)
Observation and project recordsAs determined by your organization's data retention policy
Account dataDuration of your active account
Technical logsUp to 90 days for error diagnosis, then deleted

When you delete the App from your device, all locally stored tokens are purged automatically by Flutter Secure Storage. Server-side data is retained per your organization's agreement with RSG.

9. Data Security

We implement industry-standard security measures including:

Despite these measures, no system is entirely immune to unauthorized access. We encourage users to log out of the App when using shared devices and to report any suspected security issues to info@rsg.one.

10. Local Storage and Device Data

The App uses device-level encrypted storage (Flutter Secure Storage) to persist authentication tokens between sessions when the "Remember Me" option is selected. No other personal data is stored locally on the device. When the App is uninstalled, all locally stored data is automatically cleared.

The App does not use browser cookies. Any web content opened via Flutter Custom Tabs is governed by the respective website's own cookie and privacy policy.

11. Children's Privacy

MBL Guardian is an enterprise application intended solely for use by individuals who are 18 years of age or older in a professional capacity. We do not knowingly collect personal data from minors. If you believe a minor has used the App, please contact us at info@rsg.one and we will take appropriate action to remove such data.

12. International Data Transfers

Our primary servers are operated at hsse.rsg.one. If data is transferred outside the Kingdom of Saudi Arabia, such transfers are conducted in accordance with:

Where your organization is located outside Saudi Arabia, the App may transmit data to RSG's servers in Saudi Arabia. By using the App, your organization acknowledges and consents to such transfer.

13. Your Rights

Under Saudi PDPL:

Under GDPR (EU/EEA users):

Under CCPA (California residents):

To exercise any of these rights, contact us at info@rsg.one. We will respond within the timeframes required by applicable law (30 days under PDPL; 1 month under GDPR).

14. Complaints

If you have concerns about how we handle your data, you may:

  1. Contact us first at info@rsg.one — we aim to resolve all complaints promptly
  2. File a complaint with the Saudi Data & AI Authority (SDAIA) at https://sdaia.gov.sa (for Saudi Arabia users)
  3. File a complaint with your local data protection supervisory authority (for EU/EEA users)

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the App, legal requirements, or our practices. When we make material changes, we will update the "Last Updated" date at the top of this document. Continued use of the App after any changes constitutes acceptance of the updated Policy. We encourage you to review this Policy periodically.

16. Policy URL and In-App Access

This Privacy Policy is accessible from the App's login screen and settings.

17. Contact Us

RSG

Email: info@rsg.one

Website: https://hsse.rsg.one

This Privacy Policy is provided in English. In the event of any conflict between a translated version and the English version, the English version shall prevail.