Privacy Policy

Your Privacy Policy must be transparent about the two groups of people whose data you handle: your business clients (Merchants) and their customers (Cardholders). Given the sensitive nature of this data and Pakistan’s regulatory landscape (like the Prevention of Electronic Crimes Act, 2016 – PECA and the upcoming Personal Data Protection Bill), clear and robust policies are crucial.

A. Information We Collect

Data Subject Type of Information Collected Purpose of Collection
Merchant/Business Client Identification Data: Company name, Business Registration Number, CNIC/Passport of principals, address, email, phone number. Financial Data: Bank account details for settlement, Tax ID/NTN. Technical Data: API keys, login credentials, IP addresses, usage logs. KYC/AML Compliance, Account Setup, Service Provision, Billing, Technical Support.
Cardholder (End-Customer) Transaction Data: Card type, masked card number (e.g., last 4 digits), expiry date, authorization code, transaction amount, IP address, device information. Processing Transactions, Fraud Prevention, Chargeback Management, Regulatory Compliance (PCI DSS).

B. Use of Information (How and Why)

Purpose Description Legal Basis (Implied/Required)
Service Provision To facilitate payment authorization, settlement, and reporting for the Merchant. Performance of Contract with Merchant.
Security & Fraud Prevention To monitor transactions, detect and prevent fraudulent, illegal, or suspicious activity. Legal & Regulatory Obligation (AML/CFT), Protection of company and Merchant assets.
Regulatory Compliance To fulfill requirements under the State Bank of Pakistan (SBP) directives, anti-money laundering (AML), and know-your-customer (KYC) laws. Legal Obligation.

C. Disclosure and Sharing of Information

  • Financial Partners: We share necessary Transaction Data (excluding full card numbers, which are securely tokenized) with acquiring banks, card networks (Visa/Mastercard), and other financial institutions solely for the purpose of processing the transaction.

  • Legal & Law Enforcement: We may disclose data if legally required by a court order, regulatory authority (SBP, FIA), or law enforcement agency in Pakistan.

  • Third-Party Vendors: We utilize secure, PCI-DSS compliant third-party providers (e.g., cloud hosting, security services) under strict contractual agreements that mandate confidentiality and data protection standards.

  • No Sale of Data: We do not sell, rent, or trade personal or financial data to third parties for marketing purposes.

D. Data Security and Retention

  • Security Standard: We maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS) and employ industry-standard measures (encryption, tokenization, access controls) to protect data against unauthorized access, disclosure, alteration, or destruction.

  • Retention: We retain data only for as long as necessary to fulfill the services, meet legal/regulatory requirements (especially for AML/CFT), resolve disputes, and enforce our agreements.

Get A Quote
Get A Quote

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by