Terms of ServicePrivacy Policy

Privacy Policy

Last Updated: November 2, 2025

Introduction

Welcome to Amwal Tech Inc. ("Amwal," "we," "us," or "our"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our authentication, identity orchestration, and payment services, including our website, mobile applications, and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

About Amwal

Amwal is a regulated Payment Service Provider licensed by Saudi Payments (Central Bank of Saudi Arabia) under license PSP013 and regulated in Abu Dhabi Global Market under tech license 00076. We provide frictionless biometric authentication, 1-click checkout solutions, and Buy Now, Pay Later (BNPL) services to merchants, financial institutions, and consumers across the Middle East.

Information We Collect

Personal Information You Provide

When you register for an account, use our Services, or communicate with us, we may collect:

  • Identity Information: Full name, date of birth, nationality, government-issued ID numbers
  • Contact Information: Email address, phone number, mailing address
  • Financial Information: Bank account details, card information, payment history, transaction records
  • Authentication Data: Biometric data (such as fingerprints or facial recognition data), passkeys, device identifiers
  • Account Credentials: Username, password, security questions and answers
  • Purchase Information: Details of products or services purchased, merchant information, installment plan details
  • Communication Data: Your communications with us, including customer support inquiries

Information Collected Automatically

When you use our Services, we automatically collect:

  • Device Information: Device type, operating system, unique device identifiers, mobile network information
  • Usage Data: Pages viewed, features used, time spent on pages, click patterns, session information
  • Location Data: IP address, approximate geographic location based on IP address
  • Technical Data: Browser type and version, time zone setting, browser plug-in types and versions
  • Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar tracking technologies

Information from Third Parties

We may receive information about you from:

  • Merchants: When you use our payment solutions at participating merchants
  • Financial Institutions: Banks and card issuers for payment processing and verification
  • Identity Verification Services: Third-party services that help us verify your identity and prevent fraud
  • Credit Bureaus: Information about your credit history (where applicable and with your consent)
  • Social Media Platforms: If you choose to connect your social media accounts
  • Business Partners: Partners who integrate our Services into their platforms

How We Use Your Information

We use your information for the following purposes:

Service Delivery

  • Provide, maintain, and improve our authentication and payment services
  • Process payments and installment plans
  • Enable 1-click checkout and biometric authentication features
  • Authenticate your identity and verify account information
  • Manage your account and provide customer support

Security and Fraud Prevention

  • Detect, prevent, and investigate fraudulent transactions and activities
  • Monitor and analyze security incidents
  • Verify your identity to prevent unauthorized access
  • Comply with anti-money laundering (AML) and Know Your Customer (KYC) requirements
  • Protect against security threats and technical issues

Legal and Regulatory Compliance

  • Comply with legal obligations under Saudi Arabian, UAE, and other applicable laws
  • Respond to legal requests, court orders, and regulatory requirements
  • Enforce our terms and conditions and other agreements
  • Exercise and defend legal claims

Business Operations

  • Analyze usage patterns to improve our Services
  • Conduct research and development for new features and services
  • Perform data analytics and statistical analysis
  • Send administrative information, updates, and security alerts
  • Manage our business relationships with merchants and partners

Marketing and Communications

  • Send promotional materials about our Services and partner offers (with your consent where required)
  • Personalize your experience and provide relevant recommendations
  • Conduct surveys and gather feedback
  • Send newsletters and updates about new features

You can opt out of marketing communications at any time by following the unsubscribe instructions in our emails or contacting us directly.

Legal Basis for Processing (Where Applicable)

We process your personal information based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our Services and fulfill our contractual obligations
  • Legal Obligation: Compliance with applicable laws, including financial regulations, AML/KYC requirements
  • Legitimate Interests: Fraud prevention, security, business operations, and service improvements
  • Consent: Where you have provided explicit consent for specific processing activities

How We Share Your Information

We may share your information with the following parties:

Service Providers and Partners

  • Payment processors and financial institutions for transaction processing
  • Cloud storage and hosting providers
  • Identity verification and fraud prevention services
  • Customer support and communication platforms
  • Analytics and data processing services
  • Marketing and advertising partners (with your consent)

Merchants and Business Partners

  • Merchants where you make purchases using our Services
  • Partners whose installment programs you participate in
  • E-commerce platforms that integrate our authentication solutions

Regulatory and Legal Authorities

  • Government agencies, regulators, and law enforcement when required by law
  • Saudi Payments (Central Bank of Saudi Arabia) and Abu Dhabi Global Market regulators
  • Tax authorities and other governmental bodies
  • Courts and legal authorities in connection with legal proceedings

Corporate Transactions

  • Potential buyers, investors, or partners in the event of a merger, acquisition, or sale of assets
  • Professional advisors including lawyers, auditors, and consultants

With Your Consent

  • Other third parties when you provide explicit consent

We require all third parties to respect the security of your personal information and treat it in accordance with applicable laws. We do not allow them to use your personal information for their own purposes.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including Saudi Arabia, the United Arab Emirates, and other locations where our service providers operate. These countries may have different data protection laws than your jurisdiction.

When we transfer your personal information internationally, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions by competent regulators
  • Certification schemes or binding corporate rules
  • Your explicit consent

Data Security

We implement industry-standard security measures to protect your information, including:

Technical Measures

  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of sensitive data at rest
  • Multi-factor authentication and biometric security
  • FIDO and OpenID certified authentication protocols
  • Secure passkey-based authentication
  • Regular security audits and penetration testing
  • Intrusion detection and prevention systems

Organizational Measures

  • Access controls limiting who can access your information
  • Employee training on data protection and security
  • Confidentiality agreements with employees and contractors
  • Incident response and breach notification procedures
  • Regular review and update of security practices

While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you of any data breaches as required by law.

Data Retention

We retain your personal information for as long as necessary to:

  • Provide our Services and maintain your account
  • Comply with legal, regulatory, tax, and accounting obligations
  • Resolve disputes and enforce our agreements
  • Prevent fraud and ensure security

Retention Periods

  • Account Information: Retained while your account is active and for a reasonable period after closure
  • Transaction Records: Typically retained for 5-7 years to comply with financial regulations
  • Marketing Data: Retained until you withdraw consent or unsubscribe
  • Security Logs: Retained for 12-24 months for security monitoring

When we no longer need your information, we will securely delete or anonymize it in accordance with our data retention policies.

Your Rights and Choices

Depending on your location, you may have the following rights:

Access and Correction

  • Request access to your personal information
  • Request correction of inaccurate or incomplete information
  • Download a copy of your information

Deletion and Restriction

  • Request deletion of your personal information (subject to legal obligations)
  • Request restriction of processing in certain circumstances
  • Object to processing based on legitimate interests

Data Portability

  • Receive your information in a structured, machine-readable format
  • Request transfer of your information to another service provider

Consent Withdrawal

  • Withdraw consent for processing based on consent at any time
  • Opt out of marketing communications

Automated Decision-Making

  • Object to decisions based solely on automated processing
  • Request human review of automated decisions

To exercise these rights, please contact us using the information provided in the "Contact Us" section. We will respond to your request within the timeframe required by applicable law (typically 30 days).

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver relevant content.

Types of Cookies We Use

  • Essential Cookies: Necessary for the Services to function
  • Performance Cookies: Help us understand how you use our Services
  • Functionality Cookies: Remember your preferences and settings
  • Targeting Cookies: Deliver relevant advertisements (with your consent)

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of our Services.

Children's Privacy

Our Services are not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information promptly.

Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Services.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website with a new "Last Updated" date
  • Sending you an email notification (if you have provided your email address)
  • Displaying a prominent notice on our Services

Your continued use of our Services after the effective date of the updated Privacy Policy constitutes acceptance of the changes.

Regulatory Compliance

Amwal is committed to complying with applicable data protection and financial services regulations, including:

  • Saudi Arabian Personal Data Protection Law (PDPL)
  • UAE Data Protection Laws
  • Payment Services Regulations in Saudi Arabia and UAE
  • Anti-Money Laundering (AML) regulations
  • Know Your Customer (KYC) requirements
  • Payment Card Industry Data Security Standard (PCI DSS)
  • FIDO Alliance authentication standards
  • OpenID certification requirements

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Amwal Tech Inc.

Email: privacy@amwal.tech