Privacy Policy

PeacePay is committed to protecting the privacy and security of your personal data. This Data Protection and Privacy Policy ("Policy") explains how we collect, use, share, and protect your personal information when you access or use PeacePay’s services, including our website, mobile application, and related features (collectively, the "Services").

This Policy is issued in compliance with Egypt’s Personal Data Protection Law No. 151 of 2020, and outlines your rights and our responsibilities when processing your personal data. We may also adhere to other applicable data protection regulations, depending on the jurisdiction.

By using our Services, you acknowledge that you have read and understood this Policy and consent explicitly to the collection and use of your personal data, where required, in accordance with this Policy.

Purpose

• Transparency: Provide you with a clear understanding of how your personal data is collected, used, and protected.
• Accountability: Demonstrate PeacePay’s commitment to responsible data handling and compliance with applicable laws.
• User Control: Empower you with meaningful choices over how your personal data is used and managed.

Scope

This Policy applies to all users of PeacePay services, including merchants, delivery partners, and buyers. It covers:

• Data Collection: All categories of personal data collected, including identity, contact, transactional, and usage data.
• Data Use: How your data is used for service delivery, fraud prevention, communication, compliance, and user experience improvements.
• Data Sharing: Situations in which your data may be shared with third parties, such as our licensed payment partners (e.g., HealthPay), technology vendors, or legal authorities.
• Data Security: Measures in place to protect your data from unauthorized access, loss, or misuse.
• User Rights: Your rights under applicable laws, including access, correction, erasure, objection, and data portability.
• Data Retention: How long your data is retained and the criteria used to determine retention periods.
• International Transfers: Where applicable, how your data may be transferred outside Egypt in accordance with Article 14 of Law 151/2020.
• Complaint Mechanisms: How to raise privacy-related complaints and contact the Egyptian Data Protection Center (EDPC)

Key Definitions

The following terms are used throughout this Policy:

• Personal Data: Any information relating to an identified or identifiable natural person.
• Data Subject: You — the individual whose data is being processed.
• Data Controller: PeacePay, which determines the purposes and means of personal data processing.
• Data Processor: A third party that processes data on behalf of PeacePay.
• Processing: Any operation performed on personal data (e.g., collection, storage, use, transmission).
• Sensitive Personal Data: Includes information relating to health, biometric data, religious beliefs, political opinions, criminal records, or any data defined as sensitive under Egyptian law.
• Consent: Your explicit, informed, and freely given agreement to allow PeacePay to process your personal data.
• Cookies: Small text files placed on your device when using our website or app to enhance your user experience.
• Third Party: Any person or organization other than PeacePay or its direct affiliates

Types of Data Collected

PeacePay collects various types of data to provide, improve, and secure its services. The data collected can be categorized as follows:

• Personal Information
• • This refers to information that can be used to identify you individually. PeacePay may collect the following personal information:
  • • Account Information: This includes your name, email address, phone number, date of birth, and government-issued identifiers such as your national ID number. Sensitive personal information (e.g., national ID) is handled with enhanced security measures in compliance with Egyptian Data Protection Law No. 151 of 2020.
    • Contact Information: If you contact PeacePay's customer support, we may collect your name, phone number, email address, and any other information you provide in your communication.
• Transaction Information
• • This refers to information about your transactions on the PeacePay platform. PeacePay may collect the following transaction information:
  • • Transaction Details: This includes the date, time, amount, currency, sender and recipient information, payment method used, and transaction ID for each transaction.
    • Transaction History: We maintain a full record of your transaction activity for auditing, support, and legal compliance purposes.
• Device and Usage Information
• • This refers to information about your device and how you use PeacePay's services. PeacePay may collect the following device and usage information:
  • • Device Information: Includes device type, operating system, browser, IP address, device ID, and similar technical identifiers.
    • Usage Information: Includes information on your interactions with PeacePay's app or website, such as page visits, clicks, features used, and access times.
    • Location Information: With your consent, PeacePay may access your device’s location to enhance service delivery.
    • Cookies and Similar Technologies: We use cookies to improve user experience and collect analytics data. These tools may track your preferences, session activity, and usage trends.
• Children’s Data
• • PeacePay’s services are intended only for individuals aged 18 years or older. We do not knowingly collect personal data from children. If we discover that we have collected personal information from a minor, we will promptly delete it.

How PeacePay Uses Data

PeacePay uses your data for multiple purposes necessary to operate, enhance, and secure our platform, as well as to comply with applicable legal obligations.

Providing and Improving Services

PeacePay processes your data on the basis of your explicit consent, contractual necessity, legal obligation, or legitimate interest for the following purposes:

• Create and manage your account — including verifying your identity and providing account access.
• Process financial transactions — such as payments, transfers, or top-ups.
• Personalize your experience — by recommending services or content relevant to your activity.

• Analyze and enhance service quality — including usage analytics, product improvement, and feature development.

Communication and Customer Support

• Communicate with you: This includes sending you transaction confirmations, account updates, and other important information.
• Provide customer support: Your data is used to respond to your inquiries, resolve issues, and provide assistance.

Security and Fraud Prevention

• Account and transaction security — through fraud monitoring, anomaly detection, and risk scoring.
• Regulatory compliance — including internal audits and investigation of suspicious activity.

Marketing and Promotions

With your consent, PeacePay may use your data to:

• Send you marketing communications: This includes emails, notifications, or other messages about new products, promotions, and other updates.
• Conduct market research: Your data may be used to analyze market trends and improve PeacePay's services.

You can withdraw your consent at any time via account settings or by contacting us.

Legal Compliance

• Comply with laws and regulations, including Anti-Money Laundering (AML) and Know Your Customer (KYC) obligations.
• Respond to legal requests, subpoenas, or investigations by law enforcement agencies or regulatory bodies.

International Data Transfers

Some of your personal data may be stored or processed outside Egypt. When we do so, we ensure adequate data protection safeguards are in place, such as standard contractual clauses or agreements compliant with Article 14 of Egypt's Data Protection Law.

Data Retention

PeacePay retains personal data only for as long as necessary to fulfill the purposes stated above or as required by law:

• Transaction records: Retained for at least 7 years per financial reporting and AML regulations.
• Identification information: Retained for 5 years after account deactivation or as mandated by regulators.

• General usage data: Retained for up to 2 years after your last interaction, unless otherwise mandated.

Security Measures

• PeacePay prioritizes the security of your personal data and implements various measures to protect it from unauthorized access, use, or disclosure. These measures include:
• • Encryption: PeacePay uses encryption to protect your data both in transit and at rest. This means that your data is scrambled while it is being transmitted over the internet and while it is stored on PeacePay's servers, making it difficult for unauthorized individuals to access or read.
  • Access Controls: PeacePay implements strict access controls to limit access to your data to authorized personnel only. Employees are granted access to data only on a need-to-know basis, and different levels of access are granted based on their roles and responsibilities.
  • Secure Storage: PeacePay stores your data on secure servers that meet industry standards for data protection. These servers are protected by firewalls, intrusion detection systems, and other security measures to prevent unauthorized access.
  • Regular Security Assessments: PeacePay conducts regular security assessments and vulnerability scans to identify and address potential weaknesses in its systems. This helps to ensure that its security measures remain effective against evolving threats.
  • Employee Training: PeacePay provides regular training to its employees on data security and privacy best practices. This ensures that employees are aware of their responsibilities in protecting your data.
  • Physical Security: PeacePay maintains physical security measures to protect its data centers and other facilities from unauthorized access. This includes security personnel, surveillance systems, and access control systems.
  • Vendor Due Diligence: When working with third-party vendors who may have access to your data, PeacePay conducts due diligence to ensure that they have appropriate security measures in place.
• These security measures are designed to protect your personal data from a variety of threats, including unauthorized access, data breaches, and cyberattacks. PeacePay is committed to continuously improving its security measures to stay ahead of evolving threats and ensure the ongoing protection of your data.

Data Retention

• Purpose: PeacePay retains user data for operational, legal, and regulatory purposes, including dispute resolution, fraud prevention, and compliance with KYC/AML requirements.  
• Retention Periods: PeacePay retains user data for different periods depending on the data type, purpose of collection, and legal obligations. Specific retention periods are outlined in PeacePay's Privacy Policy.  
• Data Security: PeacePay implements appropriate technical and organizational measures to protect retained data from unauthorized access, use, or disclosure.  
• Data Minimization: PeacePay retains only the data necessary for the identified purposes and deletes data that is no longer needed.  
• User Rights: Users have the right to access, rectify, or erase their retained data as permitted by applicable laws and regulations.
• Your location data, if collected, is only processed with your explicit consent and used solely to enhance delivery, fraud prevention, and transaction matching features.

Accessing and Correcting Data

• User Access: Users have the right to access their personal data held by PeacePay, subject to verification of their identity.  
• Data Correction: Users can request correction of inaccurate or incomplete personal data.  
• Access Procedure: PeacePay provides a clear and accessible procedure for users to exercise their access and correction rights, as outlined in the Privacy Policy.

Data Portability

• User Rights: Users have the right to receive their personal data in a structured, commonly used, and machine-readable format.  
• Data Transfer: Users can request the transfer of their data to another service provider.  
• Portability Procedure: PeacePay provides a clear and accessible procedure for users to exercise their data portability rights.

Objection to Processing

• User Rights: Users have the right to object to the processing of their personal data based on legitimate interests or direct marketing.  
• Objection Procedure: PeacePay provides a clear and accessible procedure for users to exercise their objection rights.  
• Processing Restrictions: Upon receiving an objection, PeacePay will restrict processing of the user's data unless there are compelling legitimate grounds for continued processing.

Deleting Data

• User Rights: Users have the right to request deletion of their personal data, subject to certain exceptions (e.g., legal obligations).  
• Deletion Procedure: PeacePay provides a clear and accessible procedure for users to exercise their deletion rights.
• Data Retention: PeacePay may retain certain data for legal or regulatory purposes, even if a deletion request is made.

Use of Cookies

• Purpose: PeacePay uses cookies and similar tracking technologies to enhance user experience, analyze website traffic, and personalize content.  
• Cookie Types: PeacePay may use various types of cookies, including essential cookies, performance cookies, and functionality cookies.
• User Choice: Users can manage their cookie preferences through browser settings or by using cookie management tools provided by PeacePay.

Managing Cookie Preferences

• Browser Settings: Users can adjust their browser settings to block or delete cookies.  
• Cookie Management Tools: PeacePay may provide tools for users to manage their cookie preferences.  
• Cookie Policy: PeacePay's Cookie Policy provides detailed information about the use of cookies and how to manage preferences.
  

Age Restrictions

• Minimum Age: PeacePay services are not intended for use by children under the age of 16.  
• Parental Consent: PeacePay may require parental consent for users under a certain age, as specified in the Terms and Conditions.  
• Data Collection: PeacePay does not knowingly collect personal data from children under the age of 16.
  

Notification of Changes

• Policy Revisions: PeacePay may update this Privacy Policy as needed.
• Notification Methods: Users will be notified of material changes through website updates, SMS and e-mail notifications, or in-app notifications.  
• Effective Date: The updated policy will be effictive in 5 days after applying the changes.
  

How to Contact PeacePay

• Contact Methods: Users can contact PeacePay through various channels, including 
• • E-mail: info@peacepay.me
  • In-app chat.
• Response Time: PeacePay strives to respond to inquiries in a timely manner.