Disclaimer Policy
1. Using the Portal:
The electronic portal of the General Authority for the Care & Management of the Grand Mosque and the Prophet's Mosque (hereinafter referred to as "the Portal") is provided for your personal use. Accessing and using the Portal is subject to these terms and conditions, as well as the laws and regulations of the Kingdom of Saudi Arabia.
Your access to the Portal constitutes your unconditional agreement to these terms and conditions, whether you are a registered user or not. This agreement is effective from the date of your first use of the Portal.
The Portal is intended to enhance communication with users and provide digital content and services that support the mission of the Authority and facilitate access to information and services within the Two Holy Mosques.
2. Usage Restrictions:
-
By using the Portal, you agree to refrain from:
-
Downloading or distributing any files that you do not own or for which you do not have permission to use.
-
Uploading files that contain viruses or malicious software.
-
Posting content that violates Islamic teachings or public order.
-
Attempting unauthorized access to the Portal's components or infrastructure.
-
Using the Portal for unauthorized promotional or commercial purposes.
3. Links to the Portal:
Links to the Portal may be added to websites that do not conflict with the mission or objectives of the Authority. The Authority reserves the right to reject or remove any link that it deems inappropriate.
4. Links from the Portal:
The Portal may contain links to other websites for convenience. The Authority is not responsible for the content of these external sites or for the continued functionality of the links.
5. Protection from Viruses:
The Authority makes efforts to ensure that the content of the Portal is free from malicious software. However, the user is responsible for ensuring the security of their device.
6. Disclaimer:
The Portal and its associated services are provided "as is," without any warranties. The Authority assumes no responsibility for any damages that may result from your use of the website.
7. Limit of Liability:
Your use of the Portal is at your own risk. The Authority assumes no liability for any damages arising from your use of the website or reliance on its contents.
8. Indemnification:
You agree to reimburse the Authority for any losses or claims arising from your breach of these terms.
9. Termination of Use:
The Authority reserves the right to terminate or suspend your access to the Portal in the event of a violation of the terms of use.
10. Ownership Rights:
All content published on the Portal is protected by copyright. It may not be used without the written consent of the Authority.
11. Jurisdiction:
All disputes are subject to the laws and regulations in force in the Kingdom of Saudi Arabia.
12. General Provisions:
-
Arabic is the official language of the Portal.
-
The content published is non-commercial.
-
Translations (if any) are not considered legally binding.
-
The Authority reserves the right to modify the terms of use without prior notice.
Safe Usage Policy
1. Introduction
This document represents the Safe Usage Policy of the General Presidency for the Affairs of the Grand Mosque and the Prophet's Mosque, as referenced within this document.
Its aim is to define guidelines and requirements for the safe use of our applications by users.
2. Purpose
The purpose of the Safe Usage Policy is to clarify the guiding principles for the secure and appropriate use of electronic services and web applications provided by the General Presidency.
3. Scope
This policy applies to all users of the electronic services and applications, including employees whether permanent, temporary, or contractual, as well as suppliers and contractor staff associated with the General Presidency.
4. Terms and Definitions
- Cybersecurity: As defined by the National Cybersecurity Authority, it is the protection of networks, IT systems, operational technologies, and their components (hardware/software), services, and data from unauthorized access, disruption, modification, or misuse. This includes information security, digital security, etc.
- NCA: National Cybersecurity Authority.
- ISO: International Organization for Standardization.
- ISMS: Information Security Management System (ISO 27001).
- ECC: Essential Cybersecurity Controls.
- Asset: Any tangible or intangible item of value to the entity, including people, machines, facilities, patents, software, services, and also less tangible things like information, reputation, or knowledge.
- Confidentiality: Restricting access to and disclosure of information to authorized individuals only, including the protection of private and proprietary data.
- Information Integrity: Protection from unauthorized alteration or destruction, ensuring reliability and non-repudiation.
- Availability: Ensuring timely access to information, data, systems, and applications.
- Incident: A security breach violating cybersecurity policies, acceptable use, practices, or controls.
- Authentication: Verifying the identity of a user, process, or device, usually required to access system resources.
- Authorization: Determining and validating a user's access rights to resources and protecting digital assets.
- Control: A measure used to mitigate or manage risks.
- Impact: The extent of loss resulting from the exploitation of a security vulnerability.
- Penetration Testing: Security testing of a system, network, website, or application.
- Attack: Any malicious activity attempting unauthorized access, disruption, destruction, or exploitation of information systems or data.
- Security Breach: Unauthorized disclosure, access, alteration, destruction, or loss of data, intentionally or unintentionally. This includes leakage, misuse, or unauthorized changes to sensitive information.
- Risk Owner: Person or department responsible for managing a risk, selecting necessary controls, and ensuring mitigation to an acceptable level.
- Risk Acceptance Level: The level of risk that the General Presidency can tolerate and manage.
- Residual Risks: The remaining risk after implementing appropriate controls, which may require further action to reduce to acceptable levels.
- Risk Register: A record of critical risk management data including risk ID, classification, residual risk, risk owner, and status.
5. Roles and Responsibilities
General Directorate of Cybersecurity
- Preparing and reviewing the application security policy.
- Ensuring that all cybersecurity controls and requirements are implemented in applications developed internally or by third parties.
- Conducting vulnerability assessments and penetration tests internally or via independent third parties to ensure data security.
General Directorate of Information Technology
- Securing the General Presidency’s data in development and testing environments by anonymizing or masking sensitive data where possible.
- Ensuring cybersecurity requirements are integrated into all phases of the software development lifecycle.
- Applying cybersecurity controls to internet-facing applications.
- Implementing Secure Software Development Lifecycle (Secure SDLC) for both internally developed and third-party applications.
- Applying the application security policy to ensure secure internal and external access to applications.
6. Policy Provisions
General Provisions
- Using the General Presidency’s websites or applications implies unconditional acceptance of this policy.
- This policy applies to both registered and unregistered users.
- Users must keep all obtained data and credentials, such as passwords, confidential and not share them.
- Users must log out of applications or websites after use.
- When visiting the General Presidency’s websites, the user’s IP address, date, and time of visit will be recorded.
Usage Restrictions
- Users are prohibited from tampering with or disrupting the services offered by the General Presidency.
- Users may not perform vulnerability scans on services without prior authorization.
- Users are not allowed to use technologies that bypass firewalls.
- Users may not upload malicious files.
- Do not use the General Presidency’s applications or websites to upload content that may harm systems or services.
- It is prohibited to publish offensive or illegal content.
- Do not use the platform for political purposes, criminal activities, or racist or illegal commentary.
- It is prohibited to publish content that violates others' intellectual property or collect/store personal information.
- Do not leak or share website files or contents.
- Do not use the General Presidency’s email to register for social media platforms unless for official work.
- Do not enable browser AutoFill for passwords; always log in manually for account security.
- Do not use the official email to send or publish unlawful or inappropriate content including discrimination, defamation, or abuse.
7. Compliance
-
All cybersecurity policies must comply with the Essential Cybersecurity Controls issued by the National Cybersecurity Authority (ECC-1:2018).
-
All users within the General Presidency must comply with these cybersecurity policies. Department heads must monitor ongoing compliance within their teams.
-
Policy compliance must be reviewed periodically by the General Directorate of Cybersecurity, and the senior management must take corrective actions in case of violations.
8. References
-
Cybersecurity Controls issued by the National Cybersecurity Authority.
-
ISO27001
9. Exception Criteria
-
This document aims to meet all cybersecurity protection requirements. In case of exceptions, a formal request must be submitted to the General Directorate of Cybersecurity, with clear justification and expected benefits, for final approval by the cybersecurity supervisory committee.
-
An exception is valid for a maximum of one year. It may be renewed up to three consecutive years if needed. No further extension is allowed after the third year.
Customer Charter
Out of the General Authority’s commitment to building a strong relationship with beneficiaries and delivering top-quality service, using the Authority’s portal or any of its digital services constitutes unconditional acceptance of the terms and conditions, and this applies to all users, whether registered or unregistered.
1. Responsibilities of the General Authority for the Affairs of the Grand Mosque and the Prophet’s Mosque:
- Providing reliable and secure digital services.
- Offering multiple support and communication channels to address beneficiaries’ inquiries and feedback.
- Protecting users’ privacy and confidentiality in line with global best practices.
- Continuously working on service development and improvement.
- Maintaining operational stability of digital platforms with an uptime of no less than 99.9%.
2. Support and Assistance:
The General Authority provides a technical support center to offer all forms of guidance and assistance. This includes publishing explanatory guides and content, and responding to inquiries through multiple channels.
3. Privacy and Information Protection:
The Authority is committed to using advanced technologies to protect users’ data and ensure it is not misused.
4. Responsibilities of Beneficiaries:
- Use the portal only for legitimate purposes.
- Do not attempt unauthorized access to the Authority’s systems or cause technical faults.
- Refrain from uploading or sharing harmful, inappropriate, or infringing content.
- Cooperate in improving services by providing constructive feedback and suggestions.
5. Intellectual Property Rights:
All materials published on the portal are protected by copyright and trademark laws and may not be used for commercial purposes without written permission from the General Authority. Personal and non-commercial use is allowed with proper attribution to the source.
6. Contact:
If you have any inquiries or feedback regarding the Customer Charter, you may contact the portal management via the “Contact Us” page or through the official approved channels.
Through this charter, we aim to establish a relationship based on mutual trust and respect between the Authority and its beneficiaries, ensuring an enhanced user experience and excellence in delivering digital services.
Service Level Agreement (SLA)
For electronic services in the Two Holy Mosques
The General Authority is deeply committed to achieving beneficiary satisfaction by enabling them to access electronic services easily and continuously around the clock, in line with the highest standards of efficiency and quality. For more information on all electronic services, you can visit the electronic services portal via this link.
1. Scope of the Agreement:
This agreement covers all electronic services provided through the Authority’s platforms and constitutes the Authority’s commitment to delivering high-performance and reliable digital services to citizens, residents, and visitors from various segments.
2. Objectives of the Agreement:
- Document KPIs (Key Performance Indicators) associated with the provided electronic services.
- Assess whether these services meet the agreed performance levels.
- Identify potential operational gaps and propose practical solutions.
- Support technical and administrative decision-makers in improving service delivery quality.
Commitments of the Authority:
- Deliver services within the specified timeframe and approved quality level.
- Maintain digital systems and ensure their availability around the clock.
- Notify beneficiaries of any disruptions or scheduled maintenance.
- Handle complaints and inquiries through official channels.
Beneficiary Commitments:
- Provide accurate and complete information when requesting a service.
- Follow up on requests and respond to any required updates.
- Use the services in accordance with the established guidelines.
Exceptions:
- You may contact the Authority via the Contact Us page.
- If you are not satisfied with the service, you have the right to submit a report through the electronic reporting system.
SLA Metrics for Electronic Services (table-like format)
| Platform |
Platform Services |
Request Fulfillment Time |
Service Availability |
Success Rate |
| e-Services Platform |
Complaints (Request Submission) |
2 minutes |
24/7 |
99% |
| Competitions & Surveys |
10 minutes |
24/7 |
99% |
| Traveler Reservation Service (Request Submission) |
5 minutes |
24/7 |
97% |
| Greeting Card |
2 minutes |
24/7 |
97% |
| Cart Driver Requests (Submission) |
10 minutes |
24/7 |
99% |
| Volunteer Work Service (Submission) |
5 minutes |
24/7 |
95% |
| Childcare Centres (Submit Request)) |
4 minutes |
24/7 |
99% |
| Permits (Submit Request) |
5 minutes |
24/7 |
99% |
| Individual Zamzam Request (Submit Request) |
2 minutes |
24/7 |
99% |
| Beneficiaries (Submit Request) |
2 minutes |
24/7 |
99% |
| Academic Notifications |
2 minutes |
24/7 |
99% |
| College Enrollment Application (Submit Request) |
3 minutes |
during official registration times |
99% |
| Seasonal Employment (Submit Request) |
5 minutes |
seasonal service upon start of registration |
99% |
| Contract Employment Certificate |
1 minutes |
24/7 |
99% |
| I’tikaf (Submit Request) |
2 minutes |
seasonal service upon start of registration |
99% |
| Open Data (Submit Request) |
2 minutes |
24/7 |
99% |
| Digital Tawaf |
Instant |
24/7 |
99% |
| Manarah Al-Haramain Platform |
Imams & Mu’athins Schedules |
Instant |
24/7 |
99% |
| Arafah Sermon |
Instant |
Seasonal Service on the Day of Arafah Every Hijri Year |
99% |
| Carts Platform |
Golf Cart Booking |
5 minutes |
24/7 |
97% |
| Driven Cart Booking |
5 minutes |
24/7 |
99% |
| Unassisted Cart Booking |
5 minutes |
24/7 |
99% |
| Visits Platform |
Exhibition Visit Booking (Makkah) |
5 minutes |
24/7 |
99% |
| Complex Visit Booking |
5 minutes |
24/7 |
99% |
| Exhibition Visit Booking (Madinah) |
5 minutes |
24/7 |
99% |
Evaluation Mechanism:
- Beneficiaries can evaluate their experience after each service via the linked feedback form.
Accessibility Policy
In line with the vision of the General Presidency for the Affairs of the Grand Mosque and the Prophet's Mosque to enable visitors, Umrah performers, and pilgrims to fully benefit from our digital services, we have designed and developed our portal to ensure comprehensive accessibility for all users, including people with disabilities, elderly individuals, and users with diverse technical backgrounds.
1. Our Commitment to Global Standards
The Presidency's portal has been developed in compliance with the highest digital accessibility standards (WCAG 2.1 - AAA) approved by the World Wide Web Consortium (W3C), to ensure:
- A fair and secure digital experience for everyone
- Easy interaction with website content for users
- Access to all information and services without discrimination or technical barriers
2. Accessibility Features on Our Portal:
- Screen reader compatibility: Full support for languages and text formats to facilitate audio reading
- High-contrast colors: Ensures clarity of text content for visually impaired users
- Multimedia alternatives: Text alternatives for all images, captions for videos and transcripts for audio recordings
- Keyboard-only navigation: Allows users to browse the site without a mouse
- Adjustable font size and line spacing: Accommodates users with visual preferences
- Logical and organized page/content navigation: Facilitates use with assistive technologies
3. Serving All Visitors Without Exception
We at the Presidency believe digital equity is part of our comprehensive mission to serve visitors of the Two Holy Mosques. Therefore, our website's accessibility represents a fundamental commitment that we continuously improve.
4. Your Feedback Matters
If you encounter any difficulties accessing website content or have suggestions to improve the digital experience, you can share them via the form below or the unified number (1966). We will work diligently to address them to enhance service quality and inclusivity.
Privacy and Data Protection Policy
As part of its commitment to protect users' data and preserve their privacy, the General Presidency for the Affairs of the Grand Mosque and the Prophet's Mosque implements the Personal Data Protection Law and takes necessary measures to prevent unauthorized access to information.
1. Contact Information
- Responsible Department: Data Management Office | Email: DMO@gph.gov.sa
2. Data We Collect
We collect your personal data to the extent necessary to provide high-quality customized services in compliance with relevant regulations. Not providing this data may affect your use of our website and services.
We collect different types of data about you as shown below:
- National ID information: Full name, phone number, birth date (Gregorian/Hijri), ID/residence card issue/expiry dates, gender, nationality
- Cookies: Data collected through web logs and similar technologies (IP address etc.)
- User's geographical location: For utilizing certain services on our website
3. How We Store Your Personal Data
-
Personal data is collected, used and processed for regulatory and improvement purposes
-
Personal data is processed to track user inquiries, suggestions or complaints
-
Personal data is used to provide the Presidency's services
-
Personal data is processed to fulfill the Presidency's legal obligations
-
Personal data is used for employment applications or inquiries
4. How We Process Your Personal Data
Personal data is processed in accordance with its collection purposes while taking necessary measures. The Presidency applies the highest security standards to protect data confidentiality and prevent unauthorized access. Sensitive data is encrypted per legal requirements.
5. Who We Share Your Information With
The Presidency reserves the right to share personal data with other government entities to provide more effective services. No sharing occurs with non-governmental third parties unless they are authorized entities providing specific government services. The Presidency reserves the right to disclose information to competent authorities when legally required.
Submitting data through our official channels constitutes explicit consent for the Presidency to store, process and use this data.
6. Purpose Limitation
The Presidency collects and uses your data only for clear, legal and specific purposes, ensuring transparency and protection of your privacy rights.
7. Legal Basis for Processing
Your explicit consent (which can be withdrawn anytime without affecting legal processing). For requests, contact the Data Management Office.
- Right to information: Know how your data is collected, processed, stored and shared (via this policy)
- Right of access: Obtain your data in a readable format when technically feasible
- Right to rectification: Correct inaccurate or incomplete personal data
8. Data Storage Duration and Disposal
Data is stored in Saudi Arabia on secure servers compliant with National Cybersecurity Authority standards. It is retained for the legally required period before secure irreversible disposal. The Presidency uses encryption and anonymization to prevent leaks or unauthorized access.
9. Your Rights
The Presidency is committed to protecting your rights per the Personal Data Protection Law with maximum transparency:
- Right to information (see above)
- Right of access (see above)
- Right to rectification (see above)
- Right to erasure:
• Upon direct request
• If data is no longer necessary
• If consent is withdrawn (when it's the only legal basis)
• If data was processed unlawfully
- Right to withdraw consent at any time (without retroactive effect)
- Right to file complaints with the Saudi Data and AI Authority for non-compliance
10. Contact Us
For concerns about compliance with the Personal Data Protection Law, contact the Data Management Office (DMO@gph.gov.sa). If unsatisfied with our response within 15 working days, you may file a complaint with the Saudi Data and AI Authority.