Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Registration: Full name, mobile phone number, email address, date of birth, and national ID or passport details for identity verification (KYC).
• Financial Information: Bank account details, payment card numbers, transaction history, and wallet balances.
• Visa Card Application: Additional identity documents, address verification, and employment information as required by banking partners.
• Contact Forms: Name, email, phone number, and message content submitted through our website contact or influencer application forms.
• Ask HesabPay (AI): Text inputs, transaction commands, and conversation history when using the AI-powered payment assistant.
• Merchant/Agent Registration: Business name, license information, location data, and banking details.

1.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers, IP address, and mobile network information.
• Usage Data: App usage patterns, features accessed, transaction frequency, session duration, and interaction with notifications.
• Location Data: Approximate location based on IP address or, with your permission, precise GPS location for agent/merchant finder services.
• USSD Session Data: Session identifiers and menu navigation data for *580# service usage.
• HesabPOS Data: Transaction data processed through POS terminals, card reader interactions, and merchant settlement records.

1.3 Information from Third Parties

• Identity verification services and government databases for KYC compliance.
• Banking partners and card networks (Visa, Mastercard) for transaction processing and card issuance.
• Third-party service providers (flight booking, hotel reservation, food delivery) for order fulfillment.

2. How We Use Your Information

• Service Delivery: Processing transactions, managing your wallet, issuing Visa Cards, facilitating E-Hawala transfers, and enabling USSD payments.
• Identity Verification: Complying with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations as required by Da Afghanistan Bank and applicable laws.
• AI Assistant: Processing natural language commands through Ask HesabPay to execute transactions, provide account information, and assist with bill payments.
• Security: Detecting and preventing fraud, unauthorized access, and suspicious activities using blockchain-secured audit trails.
• Communication: Sending transaction notifications, account alerts, service updates, and responding to support inquiries.
• Improvement: Analyzing usage patterns to improve app performance, develop new features, and enhance user experience.
• Legal Compliance: Meeting regulatory reporting requirements, responding to legal requests, and enforcing our Terms and Conditions.
• Bulk Disbursements: Processing salary payments and enterprise payroll through multi-level approval workflows.

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

• Banking Partners: Licensed banks that hold your funds at a 1:1 ratio, card-issuing banks for Visa Card services, and payment processors for card transactions.
• Card Networks: Visa, Mastercard, American Express, and other networks for transaction authorization and fraud prevention.
• Third-Party Service Providers: Flight booking (Duffel), hotel reservations, food delivery, and gift card partners — only the data necessary to fulfill your order.
• AI Processing Partners: Language model providers for Ask HesabPay functionality — input data is processed but not used to train third-party models.
• Regulatory Authorities: Da Afghanistan Bank, law enforcement, and government agencies when required by law or court order.
• Agents and Merchants: Limited transaction data necessary for cash-out, deposit, and payment processing at HesabPay agent and merchant locations.

4. Data Storage and Security

4.1 Storage

Your data is stored on secure servers with encryption at rest and in transit. Financial records are maintained in accordance with applicable data retention laws. Transaction records are secured using blockchain technology for an immutable audit trail.

4.2 Security Measures

• End-to-end encryption for all financial transactions.
• Multi-factor authentication for account access and high-value transactions.
• Blockchain-secured transaction ledger for tamper-proof record keeping.
• Regular security audits and penetration testing.
• PCI DSS compliance for card data handling through HesabPOS and Visa Card services.
• Automated fraud detection and real-time transaction monitoring.

4.3 Data Retention

We retain your personal data for as long as your account is active or as needed to provide Services. Transaction records are retained for a minimum of 5 years as required by financial regulations. You may request account deletion, after which we will remove personal data except where retention is required by law.

5. Your Rights

• Access: Request a copy of your personal data held by HesabPay.
• Correction: Update or correct inaccurate personal information through app settings or by contacting support.
• Deletion: Request deletion of your account and personal data, subject to legal retention requirements.
• Data Portability: Download your transaction history and account statements in standard formats.
• Withdraw Consent: Opt out of marketing communications and non-essential data processing at any time.
• Restrict Processing: Request limitation of certain data processing activities.

To exercise these rights, contact us at [email protected] or call 580.

6. Cookies and Tracking

Our website uses essential cookies for functionality (language preference, session management) and analytics cookies to understand visitor behavior. Our mobile app uses device identifiers for push notifications and fraud prevention. You can manage cookie preferences through your browser settings.

7. Children's Privacy

HesabPay services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal data, we will promptly delete the account and associated information.

8. International Data Transfers

Your data may be transferred to and processed in countries outside Afghanistan, including the United States (where HesabPay, Inc. is incorporated in Delaware) and other jurisdictions where our service providers operate. We ensure that appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through in-app notifications, email, or SMS. Continued use of our Services after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: [email protected]
• Phone: 580 (short code) | +93 793 111 299
• Address: 2093 Philadelphia Pike 7860, Claymont, DE 19703-2424, United States
• Website: hesab.com