Contact person: Business Client

Phone:Show

Email:Show

Location: Dammam, Saudi Arabia

Budget: Recommended by industry experts

Time to start: As soon as possible

Project description:
"Platform Technical Scope –Must be Saudi-Compliant (Fully PDPL-Aligned). please
the below might messing something in the policy so appreciate if you’re familiar with it
and note the below Dev flexible to be change to different tools.
1. Frontend Development Responsibilities:
• Build a responsive modern and secure multi-language web interface
• Design role-based user experience for Free, Premium, and Premium+ tiers
• Support Dark Mode / Light Mode toggle
• Fully support Arabic RTL and English LTR layouts
the landing page must feels like web3 and blockchain designer or like Xai web
Stack / Tools:
• React.js / [login to view URL]
• Tailwind CSS or Styled Components
• Framer Motion, Headless UI
• i18next or LinguiJS for localization
• Axios / React Query for secure API consumption
• All UI elements must be accessible (WCAG 2.1) and support secure rendering of user data (e.g., XSS protection)
Compliance Notes:
• Ensure explicit consent notices for cookies, tracking, and AI personalization per PDPL
• Implement user profile management and account deletion requests
Display clear privacy policy/notice before data collection, including controller identity, purposes, rights, recipients, transfers, and risks (PDPL Art. 12)
2. Backend & API Development Responsibilities:
• Develop secure multi-tier backend with scalable logic
• Support tiered limits on uploads, data access and web features
• Implement full-featured admin control panel
• Manage secure file uploads, structured storage, and permission-based access
Stack / Tools:
• Node.js (Express) or Python (FastAPI)
• PostgreSQL or MongoDB
• Redis for session or caching
• JWT, OTP, or OAuth2 authentication
• REST API or GraphQL for structured client consumption
Compliance Notes:
• All APIs must implement data minimization, logging, and revocation processes in line with PDPL Articles 7 & 9
• Authentication tokens should follow best practice (expiry, refresh, revocation)
• All backend must support data subject access requests (DSAR) by design
• Store data within Saudi data centers or allow user approval for cross-border transfers (PDPL Article 29)
• Implement breach detection and notification to SDAIA within 72 hours, and to data subjects if high risk (PDPL Art. 20)
• Maintain records of processing activities (ROPA), including purposes, categories, recipients, transfers, retention, and measures (PDPL Art. 31)
3. AI Module Integration Responsibilities:
• Integrate AI APIs for personalization, scoring, and smart discovery
• All AI usage must respect user consent, be explainable, and optionally disabled by user
• Tier-based access to AI-powered features
Compliance Notes:
• Comply with PDPL Article 17 (Automated decision-making transparency)
• Log and disclose any AI-based recommendations or scoring
• Offer users a way to opt-out of algorithmic personalization
• Avoid processing sensitive personal data through third-party AI services unless explicit consent is gathered
• Conduct data protection impact assessments (DPIA) for high-risk AI processing, e.g., sensitive data or profiling (PDPL Art. 22)
4. System Architecture & DevOps Responsibilities:
• Containerize app services for portability and scaling
• Implement secure DevOps pipeline for deployments and updates
• Manage staging and production environments securely
note : the above might minimized to less features such as removing Ai and making it with algorithm I’ll explain more about the idea if the quota acceptable" (client-provided description)