User Guide


An operational product guide for customers, evaluators, and regulators reviewing what DataSitr does, how it routes data, and what claims it does not make.

Important regulatory note. This guide describes the product and operating controls as currently built. It is not legal advice and it is not an SDAIA-issued approval, accreditation, or license. Controller/processor allocation, contractual commitments, and any applicable licensing obligations should be reviewed by qualified Saudi counsel.

1. What DataSitr is

DataSitr is a Saudi-hosted privacy gateway for AI requests. It receives text requests, detects personal data and sensitive signals, and then routes each request through the appropriate privacy lane before any model call is made. The purpose is to support AI enablement while reducing the risk of uncontrolled transfers of personal data outside the Kingdom.

2. Intended users

3. Core operating flow

  1. DataSitr receives request text, a request ID, task type, and routing policy inputs.
  2. The detector scans for PII using English recognizers, Saudi-specific patterns, and a configurable local Arabic semantic backend.
  3. The policy engine assigns one of four outcomes: green, amber, red, or block.
  4. If the request is green, the current public pilot default is typed-placeholder anonymization before any external model call. If fpe is explicitly enabled, supported Saudi structural identifiers can use FF1 structural surrogates, but that remains reversible pseudonymization rather than the default public anonymization claim. If the request is amber or red, processing is routed to operator-configured in-Kingdom paths according to the configured provider set and policy.
  5. The service returns the response with compliance metadata and writes request-linked operational records.

4. Privacy lanes

5. What stays in-Kingdom

Customers can also force all processing onto configured in-Kingdom paths by using force_in_kingdom where their internal policy requires it. If no such path is available, the request is rejected. DataSitr does not independently verify provider data residency for amber/red paths.

6. User-facing controls and records

7. Customer and operator responsibilities

8. What this product does not claim

9. Relevant official references

Questions about this guide should be routed through your DataSitr operator or administrator.