Privacy Policy

Effective: October 2, 2025Version: 1.0
← Back to HomeTerms of Service

This Privacy Policy explains how Payzap Fintech Solutions Pvt Ltd ("Payzap", "we", "our", or "us") collects, uses, shares, and protects information when you use the Payzap mobile application and related services (the "Services"). We operate the Services as a white-label wallet in partnership with Akhtar Fuiou Technologies (Private) Limited ("AFT"), an authorized Electronic Money Institution (EMI) and license holder. Customer accounts are established with AFT and customer data is stored by AFT as the licensed EMI. This policy also explains your choices and rights.

Quick summaryWho is responsible for your dataInformation we collectHow we use informationDevice permissionsHow we share informationSecurityData retentionYour rightsChildren's privacyInternational transfersCookies & analyticsChanges to this policyContact

1) Quick summary

  • We ask for camera and location access only during onboarding to scan your payment card and verify approximate location for fraud prevention and compliance.
  • We use end‑to‑end encryption for sensitive data in transit and at rest.
  • AFT, as the authorized EMI and license holder, creates and maintains your account and stores customer data.
  • Payzap provides the app technology and acts as a service provider/processor to AFT for the Services.

2) Who is responsible for your data

Because your account is issued by AFT (the licensed EMI), AFT is the data controller for personal data related to account issuance, KYC/AML, wallet balances, and transactions. Payzap acts as AFT's service provider / data processor by developing and operating the app interface. We process personal data on AFT's documented instructions and under our contract with AFT. For privacy requests regarding your account data, please contact AFT (see Contact), or reach us and we will coordinate with AFT.

3) Information we collect

A. You provide

  • Identity & onboarding details: name, email, phone number, government ID info (as required by AFT), and cardholder details to link a card.
  • Support communications and feedback.

B. Collected automatically when you use the app

  • Device & usage: device model, OS version, app version, crash logs, performance metrics.
  • Approximate location (if enabled): coarse geolocation for fraud checks and compliance.

C. Collected via permissions (onboarding only)

  • Camera: to scan your payment card and/or ID document for onboarding. Images are processed to extract required data and then securely discarded unless AFT must retain them to satisfy legal obligations.
  • Location: approximate device location to validate jurisdiction, prevent fraud, and meet risk/compliance checks. We do not track your continuous location; access occurs only during onboarding or when required to complete a regulated action.

4) How we use information

  • To register and verify you, link a card, and set up your wallet with AFT.
  • To operate, maintain, and improve the app (including troubleshooting and analytics).
  • To detect, prevent, and investigate fraud, abuse, and security incidents.
  • To comply with law and respond to lawful requests (e.g., KYC/AML performed by AFT).
  • With your consent, where required (e.g., granting camera or location access).

5) Device permissions and app store disclosures

  • Camera — purpose: scan card/ID for onboarding; frequency: one‑time or when re‑verification is required; data: images processed on device or via secure services; retention: discarded unless legally required by AFT.
  • Location — purpose: verify jurisdiction and reduce fraud; frequency: onboarding only (or during specific regulated actions); precision: coarse; retention: not stored by Payzap beyond session; AFT may retain derived risk flags per regulation.

Permission prompts will appear in‑app before any access. You can revoke permissions at any time in your device settings; certain features may stop working.

6) How we share information

  • With AFT: to create and service your account as the EMI license holder and data controller.
  • Service providers: vetted vendors that host infrastructure, provide analytics, crash reporting, fraud detection, or customer support—bound by confidentiality and security obligations.
  • Compliance and legal: to regulators, law enforcement, or other parties when required by law or to protect rights, safety, and security.
  • Business transfers: if we undergo a merger, acquisition, or asset sale, your information may transfer subject to this Policy.
  • We do not sell personal information.

7) Security

We apply technical and organizational measures appropriate to the risk, including end‑to‑end encryption of sensitive data in transit and at rest, key management, access controls, network segmentation, and continuous monitoring. No system is perfectly secure; we maintain incident response procedures and will notify AFT and/or you as required by law.

8) Data retention

Payzap retains only the data it needs to operate the app interface and support AFT in servicing your account. Customer account and transaction records are retained by AFT in accordance with regulatory retention periods (e.g., KYC/AML). Where we process data on AFT's behalf, we retain it for the duration of our contract or as instructed by AFT and then securely delete or anonymize it.

9) Your privacy rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing, to data portability, and to withdraw consent where processing is based on consent. Because AFT controls account data, requests for those rights should be directed to AFT. You can also contact Payzap and we will coordinate with AFT to support your request.

Legal bases (EEA/UK users)

Where the GDPR/UK GDPR applies, our processing occurs under these legal bases: performance of a contract (onboarding and servicing via AFT), compliance with legal obligations (financial regulations), legitimate interests (fraud prevention, app security, service improvement), and consent (camera/location permissions where required).

California (CCPA/CPRA)

We do not "sell" or "share" personal information for cross‑context behavioral advertising as defined by California law. California residents can exercise their rights by contacting us or AFT.

10) Children's privacy

The Services are not directed to children under the age required to open a financial account in your jurisdiction. If you believe a child has provided personal data, contact us so we can work with AFT to address it.

11) International data transfers

Your information may be processed in countries other than your own. Where required, we and AFT implement appropriate safeguards for cross‑border transfers (for example, standard contractual clauses).

12) Cookies & analytics (website)

Our website may use strictly necessary cookies and, with your consent, analytics cookies to understand usage and improve the site. You can manage cookies through our cookie banner and your browser settings.

13) Changes to this policy

We may update this Policy from time to time. We will post the updated version and revise the Effective date above. Material changes will be communicated through the app or website.

14) Contact

Payzap Fintech Solutions Pvt Ltd
Email: hello@payzap.com.pk
Address: Lahore, Pakistan