KSA PDPL · NCA ECC-2 · UAE PDPL

The compliance gaps that risk an SAR 5 million fine — uncovered in five minutes.

An external audit aligned with the Saudi Personal Data Protection Law and the National Cybersecurity Authority's Essential Cybersecurity Controls. No installation. No agents. No NCA license required.

Free preview. No card. No signup. Full report from SAR 1,120 per month.

Aligned with
KSA PDPL NCA ECC-2 UAE PDPL SAMA CSF
The Audit, in Three Movements

From a domain name to an action plan — in five minutes.

EHIRAR performs a passive external posture assessment. No agents installed on your systems. No active probes that require permission. Only the same signals an attacker would already see.

I.

Discover

DNS records, SSL certificates, subdomains, exposed files, leaked secrets in JavaScript, security headers. The complete external surface.

II.

Map

Every finding is mapped to the specific PDPL article, NCA ECC-2 control, and UAE PDPL clause it violates. No vague checklists.

III.

Remediate

An AI advisor — grounded in 992 expert briefs on Saudi compliance — explains each issue in plain language and provides a fix plan.

Subscriptions

Pricing that respects your scale.

Three tiers, each priced in Saudi Riyal. Pay monthly or annually — annual subscribers receive two months complimentary.

Essential

For startups and small e-commerce. PDPL essentials, monthly cadence.

1,120 SAR
per month
$299 USD
  • 1 domain + 10 subdomains
  • Monthly automated scan
  • PDPL article mapping
  • PDF report (EN / AR)
  • Email support
Start with Essential
Most Chosen

Professional

For mid-market firms and Aramco/STC supply chain. Weekly cadence, AI advisor.

2,995 SAR
per month
$799 USD
  • 5 domains + 50 subdomains
  • Weekly automated scan
  • PDPL + NCA ECC-2 mapping
  • AI compliance chat (per finding)
  • API access
  • Compliance badge for your site
  • Priority support
Start with Professional

Enterprise

For 250+ headcount, finance, and Aramco prime suppliers. Full GRC.

7,495 SAR
per month
$1,999 USD
  • Unlimited domains & subdomains
  • SAMA CSF module
  • Third-party risk management
  • Sovereign Cloud option (AWS Bahrain)
  • CISO dashboard
  • Quarterly advisor sessions
  • SLA, dedicated support
Contact Sales
Questions

Frequently asked.

Is this a penetration test? Do I need an NCA license?

No. EHIRAR performs a passive external posture assessment — it only observes signals an attacker would already see (DNS, public certificates, HTTP headers, public files). It does not exploit, brute-force, or fuzz. No NCA penetration test license is required, and no customer authorization paperwork is needed.

How is my own data protected?

We collect only domain names you submit and the public scan output. We store no personal data. For Enterprise customers we provide a Sovereign Cloud deployment in AWS Bahrain so data stays inside the Kingdom.

Do you accept Mada?

Yes. All subscriptions are processed through a Saudi-licensed payment gateway with full Mada support, Visa, Mastercard and Apple Pay. ZATCA-compliant invoicing.

Which PDPL articles do you map to?

Every finding is linked to the specific PDPL article it touches (e.g. Art. 18 on data security measures, Art. 19 on breach notification, Art. 26 on cross-border transfers) as well as the corresponding NCA ECC-2:2024 control family.

Can I cancel anytime?

Yes. Monthly plans can be cancelled at any time and remain active until the end of the billing cycle. Annual plans are non-refundable but can be paused.

Live Assessment

Initialising assessment…

0%
Assessment Complete

Your external posture, uncovered.

Risk Score · 100
0
Critical
0
High
0
Medium
0
Low

See every finding. Receive the full action plan.

Unlock the complete report including all findings, PDPL article mapping, AI remediation advisor, and downloadable PDF. From SAR 1,120 / month.

View Plans