Waqi.ai (واقي) is a Saudi-hosted privacy, security, and governance (GRC) platform that helps organizations achieve and maintain compliance with Saudi Arabia’s Personal Data Protection Law (PDPL). Built for hospitals, banks, universities, retailers, and enterprises across the Kingdom, Waqi replaces slow, costly manual consulting with automated website scanning, consent management, legal document generation, and full privacy governance—available in bilingual English and Arabic.
At its core, Waqi combines AI-powered compliance scanning with Shield.js, a lightweight on-site script that deploys PDPL-aligned cookie consent banners, blocks trackers before user consent, and keeps privacy policies up to date as regulations change. Organizations connect their domains, run automated audits that detect cookies, trackers, and violations, and receive clear remediation guidance. The free Scan tier provides basic compliance scoring, while paid plans unlock detailed reports, Shield.js deployment, legal templates, and advanced GRC modules.
Beyond website compliance, Waqi’s GRC workspace covers the full privacy lifecycle: Records of Processing Activities (RoPA), asset inventory, data flow mapping, gap analysis, DPIA and risk registers, vendor risk management (TPRM), access reviews, audit calendars, breach notification workflows, and DSAR (Data Subject Access Request) portals with complete audit trails. Waqi AI guides teams step by step—from DNS verification and Shield.js installation to policy publishing and personalized compliance roadmaps—turning work that traditionally takes months and thousands of riyals into minutes.
Waqi is aligned with SDAIA guidance and references frameworks including NCA-ECC, SAMA CSF, and ISO 27001 where applicable. All customer data is hosted 100% inside Saudi Arabia (Oracle Cloud KSA, WafaTech) with AES-256 encryption at rest and in transit, ensuring full data sovereignty. Organizations can earn PDPL Readiness Certificates and security awareness certificates as they deploy Shield.js and complete training modules.
The platform also includes a Legal Center for template-driven privacy policies and notices, a Human Firewall security awareness program, and organizational dashboards for monitoring compliance health across departments. CSV import/export supports inventory, RoPA, vendors, and access reviews for teams that manage data in spreadsheets today.
Pricing follows a freemium model: Scan (free — 3 scans/month), Scan Pro (299 SAR/month)
ShadowLock is a comprehensive AI risk detection and governance platform designed specifically for Managed Service Providers (MSPs), IT administrators, and security teams that need visibility and control over the growing use of artificial intelligence tools within organizations. As AI adoption accelerates across workplaces, many employees are using applications such as ChatGPT, Claude, Gemini, Copilot, and other AI-powered services without formal approval or oversight. This phenomenon, often referred to as “Shadow AI,” creates significant security, compliance, privacy, and legal risks for organizations. ShadowLock was created to help businesses identify, manage, and control these risks before they lead to data breaches, compliance violations, or costly incidents.
The platform provides organizations with a centralized solution for detecting unauthorized AI usage across multiple environments, including web browsers, desktop applications, browser extensions, cloud services, and Microsoft 365 tenants. By combining endpoint monitoring, browser-level enforcement, and cloud application detection, ShadowLock offers broad coverage of the modern AI landscape. Its primary objective is to give organizations complete visibility into how AI tools are being used and what sensitive information may be exposed through them.
One of the platform’s key strengths is its ability to detect a wide range of AI-related activities. ShadowLock can identify visits to AI websites, monitor the use of AI browser extensions, discover desktop AI applications running on company devices, and detect AI-powered features embedded within approved software platforms. It also distinguishes between personal and corporate AI accounts, helping organizations prevent employees from using unauthorized personal accounts to process business information.
To reduce the risk of sensitive information leakage, ShadowLock includes advanced data protection capabilities. The platform can intercept file uploads, detect sensitive information being pasted into AI prompts, and even identify confidential data while users are typing. Rather than simply monitoring activity, it can actively enforce policies that block, warn, or allow specific actions based on organizational requirements. This enables businesses to prevent customer records, credentials, personally identifiable information (PII), protected health information (PHI), source code, contracts, and other confidential data from being submitted to unauthorized AI services.
ShadowLock also addresses the compliance challenges associated with modern AI usage. Organizations operating under frameworks such as HIPAA, GDPR, CCPA, SOC 2, and other regulatory requirements can use the platform to strengthen governance controls and maintain detailed audit trails. Every enforcement action, policy decision, and detected event can be logged and exported, providing valuable evidence during audits, security reviews, compliance assessments, and cyber insurance evaluations.
The platform is designed with scalability and ease of deployment in mind. A lightweight endpoint agent can be deployed silently through existing Remote Monitoring and Management (RMM) systems, minimizing disruption for users and administrators. Once installed, the agent works alongside a browser enforcement layer that automatically applies organizational policies across supported browsers. In addition, ShadowLock integrates with Microsoft 365 environments through Microsoft Graph to detect AI applications that have received OAuth permissions, providing visibility into AI-related risks that may exist outside traditional endpoint monitoring.
For MSPs, ShadowLock offers a multi-organization dashboard that allows service providers to manage AI risk across multiple customer environments from a single interface. IT teams can monitor risk levels, review alerts, manage policies, track device inventories, and generate customer-facing reports. This centralized approach simplifies AI governance while helping providers demonstrate value to their clients.
Privacy is another core principle of the platform. ShadowLock focuses on collecting risk signals rather than monitoring content. Sensitive information is classified locally on the device, and the platform is designed to avoid transmitting actual content, recording keystrokes, or storing uploaded files. Instead, it logs metadata and event information necessary for governance and compliance purposes while maintaining user privacy.
Overall, ShadowLock serves as a proactive AI governance and security solution that helps organizations gain visibility into their AI surface, enforce data protection policies, reduce compliance exposure, and maintain control over rapidly expanding AI usage across their environments. By combining detection, enforcement, reporting, and compliance support within a single platform, it enables businesses to safely embrace AI while minimizing operational and regulatory risks.
0
Good to know
Frequently asked questions
Waqi.ai (واقي) is a Saudi-hosted privacy, security, and governance platform designed to help organizations comply with Saudi Arabia’s Personal Data Protection Law (PDPL). It automates compliance processes through features like website scanning, consent management, and legal document generation. Waqi combines AI-powered compliance scanning with a lightweight script called Shield.js, which manages cookie consent and blocks trackers before user consent is given. The platform also offers a comprehensive GRC workspace that covers the full privacy lifecycle, including data flow mapping, vendor risk management, and audit trails. With its freemium pricing model, organizations can start with basic compliance scoring and upgrade for more advanced features.
Waqi.ai offers a range of features including automated website compliance scanning, consent management, legal document generation, and full privacy governance. Key functionalities include AI-powered compliance audits, deployment of PDPL-aligned cookie consent banners via Shield.js, and tools for managing Records of Processing Activities (RoPA), asset inventory, and data flow mapping. Additionally, it provides breach notification workflows, Data Subject Access Request (DSAR) portals, and a Human Firewall security awareness program to enhance organizational compliance and security.
Waqi.ai ensures data sovereignty by hosting all customer data 100% within Saudi Arabia, utilizing Oracle Cloud KSA and WafaTech. The platform employs AES-256 encryption for data both at rest and in transit, which helps protect sensitive information and comply with local regulations. This commitment to local data hosting aligns with the requirements of the Personal Data Protection Law (PDPL) in Saudi Arabia.
Waqi.ai follows a freemium pricing model. The free tier allows users to perform up to three compliance scans per month. For more advanced features, users can subscribe to the Scan Pro plan, which is priced at 299 SAR per month. This model enables organizations to start with basic compliance tools and scale up as their needs grow.