Skip to main content
LEGAL

Privacy policy.

A plain-English summary of what we collect, why we collect it, and the choices you have. The detail follows below.

Last updated May 2026

Overview

AllChrono operates the website at allchrono.comand the related marketplace, sourcing, escrow, authentication, and dealer-network services (collectively, the “Platform”). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, how long we keep it, and the rights you have over it.

We act as a data controller for personal information processed through the Platform. We are committed to processing personal information lawfully, fairly, and transparently in line with the Saudi Personal Data Protection Law (PDPL), the EU General Data Protection Regulation (GDPR) where applicable, and equivalent regimes in jurisdictions where we operate.

Information we collect

Information you provide

We collect information you give us directly when you use the Platform, including:

  • Identity and contact details: full name, email address, phone number, country and city, preferred contact method.
  • Sourcing requests: watch reference, condition preferences, budget range, source-region preferences, timeline, and any notes you choose to include.
  • Dealer applications: business name, role, years in trade, monthly volume tier, specialties, and supporting documentation requested during verification.
  • Communications: messages you send to our team via the contact form, email, or other channels.

Information collected automatically

When you visit the Platform we automatically collect limited information about your visit through cookies, server logs, and similar technologies. This may include IP address, device and browser type, pages viewed, referring URL, and timestamps. See our Cookie policy for the specific categories used.

Information from third parties

For dealer onboarding and high-value transactions, we may receive information from identity-verification providers, payment processors, sanctions and anti-money-laundering databases, and regulated escrow partners. We only request the information needed to complete the verification or settlement.

How we use information

We use personal information to:

  • Operate, maintain, and improve the Platform.
  • Match sourcing requests with verified dealers in our network, and deliver quotes and updates back to you.
  • Process applications to the dealer network, including verification, reference checks, and contractual onboarding.
  • Authenticate watches, manage escrow and settlement, coordinate insured logistics, and maintain on-chain provenance records.
  • Send transactional notifications (request received, quote available, authentication outcome, shipment status).
  • Send marketing communications where you have opted in. You can unsubscribe at any time.
  • Detect, prevent, and respond to fraud, abuse, or security incidents.
  • Comply with legal, regulatory, and audit obligations.

Lawful bases

Where GDPR or equivalent regimes apply, we rely on the following bases:

  • Performance of a contract— to deliver the services you have requested.
  • Legitimate interests— to operate and improve the Platform, protect against fraud, and provide analytics.
  • Consent— for marketing communications and non-essential cookies. You can withdraw consent at any time.
  • Legal obligation— to comply with anti-money-laundering, sanctions, tax, and audit laws.

Sharing and disclosure

We share personal information only as needed to operate the Platform and deliver services you have requested. Categories of recipients include:

  • Verified dealers— sourcing requests are shared with the dealers in our network so they can prepare quotes. Dealers are bound by contractual confidentiality obligations.
  • Service providers— payment processors, escrow agents, KYC/AML providers, insurance and logistics partners, email and analytics infrastructure providers, all under written data-processing agreements.
  • Authentication hubs— our hubs in Riyadh, Tokyo, and Washington D.C., which receive watches and their associated dossiers as part of the authentication workflow.
  • Legal and regulatory recipients— where required by law, court order, or regulatory request, or to protect the rights, property, or safety of AllChrono, our users, or the public.
  • Successors— in the event of a merger, acquisition, financing, or sale of assets, where the recipient agrees to honour this Privacy Policy.

We do not sell personal information and we do not share personal information with third parties for their own marketing purposes.

International transfers

AllChrono operates across the GCC, Europe, the United States, and Japan. Personal information may be transferred to and processed in jurisdictions other than the one you are based in. Where the destination jurisdiction is not recognised as providing an adequate level of protection, we put appropriate safeguards in place — including standard contractual clauses and equivalent mechanisms recognised under PDPL and GDPR.

Data retention

We keep personal information only as long as we need it for the purposes described in this Policy, plus a reasonable period for regulatory and audit obligations. Provenance dossiers tied to a specific watch are retained for the lifetime of the asset and anchored on chain — this is necessary to maintain the integrity of the watch’s record across future ownership transfers. You may request deletion of your personal account data; provenance dossiers may be retained in pseudonymised form where the watch continues to exist in the market.

Your rights

Subject to the laws that apply where you live, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of your information (subject to retention obligations).
  • Object to or restrict certain processing activities.
  • Receive a copy of your information in a portable, machine-readable format.
  • Withdraw consent for processing based on consent.
  • Lodge a complaint with the Saudi Data & AI Authority (SDAIA) or your local supervisory authority.

To exercise any of these rights, write to us at [email protected]. We respond within 30 days.

Security

We use industry-standard technical and organisational safeguards to protect personal information — including encryption in transit and at rest, role-based access controls, audit logging, and regular security reviews. No system can be guaranteed absolutely secure; if a breach affecting your personal information occurs, we will notify you and the relevant authority in line with applicable law.

Children

The Platform is not directed to children under 18 and we do not knowingly collect information from minors. If you believe a minor has provided us with information, please contact us so we can delete it.

Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be notified through the Platform or by email where we have your address.

Contact

Questions about this Policy or about how we handle your information — please reach our team at [email protected]. Postal address available on request.

The Letter

Stay close.

Market intelligence, dispatches from our hubs, and the occasional piece we find interesting.