Privacy Policy

Your privacy and the security of your personal data are of paramount importance to Kwik Pay. This Privacy Policy provides a comprehensive explanation of how we collect, use, process, protect, and share your information.

Last Updated: December 14, 2025

Your privacy and the security of your personal data are of paramount importance to Kwik Pay ("Company," "we," "us," or "our"). This Privacy Policy is designed to provide a comprehensive and transparent explanation of how we collect, use, process, protect, and share your information when you use our mobile application, Kwik Pay (the "Application" or "Service").

This policy has been updated to provide greater clarity on our data handling practices, particularly concerning identity verification and the use of face data, in line with best practices and regulatory requirements, including those of the Apple App Store. We encourage you to read this policy in its entirety to make informed decisions about your privacy.

Table of Contents

1. Interpretation and Definitions

Interpretation

Words with initial capital letters have specific meanings defined under the following conditions. These definitions apply regardless of whether they appear in singular or plural form.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for You to access our Service or parts of our Service.
  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for the election of directors or other managing authorities.
  • Application refers to Kwik Pay, the software program provided by the Company, which you download onto your Device.
  • Biometric Data refers to data used for authentication on your device, such as fingerprints and facial geometry (e.g., for Apple's Face ID or Android's Face Unlock). As detailed in this policy, we do not collect, receive, or store this data; it remains on your device.
  • Company (referred to as either "the Company," "we," "us," or "our" in this Agreement) refers to Kwik Pay, located in Kuwait.
  • Country refers to Kuwait.
  • Device means any device that can access the Service, such as a computer, a cellphone, or a digital tablet.
  • Face Data refers to the digital images of your face (selfie) and the photograph on your Civil ID that you provide during the identity verification (KYC) process.
  • Personal Data is any information that relates to an identified or identifiable individual.
  • Service refers to the Application and all related services provided by Kwik Pay.
  • Service Provider means any natural or legal person who processes data on behalf of the Company. This includes third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service (such as identity verification), or to assist the Company in analyzing how the Service is used.
  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
  • You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

2. The Data We Collect and How We Collect It

To provide and improve our Service, we collect several different types of information. The data we collect depends on the features you use and how you interact with our Application.

2.1. Information You Provide Directly to Us

When you create an Account, use our services, or communicate with us, you provide us with certain information directly. This includes:

  • Identity and Registration Information: To comply with legal and regulatory obligations (such as Know Your Customer - KYC and Anti-Money Laundering - AML laws), we require you to provide identity information when you sign up. This includes:
    • Full Name
    • Mobile Phone Number
    • Civil ID Number
    • Date of Birth
    • Nationality
    • Gender
    • Face Data: As part of our mandatory KYC process, we collect a selfie photograph taken by you within the app and images of the front and back of your Civil ID. This is explained in detail in the "Identity Verification and Face Data" section below.
  • Contact Information:
    • Email Address
    • Physical Address (as extracted from your Civil ID or provided by you)
  • Financial Information:
    • Bank account details and payment card details (when you add money to your wallet). Note: Full card numbers are not stored on our servers but are handled by our PCI-DSS compliant payment gateway partners.
    • Transaction History: We maintain a detailed record of your transactions, including payments, transfers, and requests for money made through the Service.
  • Communications with Us: When you contact our customer support, provide feedback, or respond to surveys, we collect the information you provide in your communications.

2.2. Information We Collect Automatically (Usage Data)

When you access and use our Service, we automatically collect certain information about your interaction with the Application and your Device.

  • Device Information: We collect information about the mobile device you use, including the type of mobile device, the device's unique identifiers (such as UDID or advertising ID), IP address, mobile operating system, and device settings.
  • Service Usage Information: We log how you use our Service, including the features you use, the pages you visit within the app, the time and date of your visits, the time spent on those pages, and other diagnostic data. This helps us understand user behavior, troubleshoot issues, and improve the app's functionality.
  • Location Information: With your explicit permission, we may collect information about your device's location. You can enable or disable location services at any time through your device settings. We may use this information for security purposes (e.g., to detect suspicious logins) or to offer location-based services in the future.

2.3. Information from Third-Party Sources

We may receive information about you from third-party sources to supplement the information we collect. This includes:

  • Identity Verification Partners: We use specialized Service Providers to assist with our KYC process. They may provide us with a confirmation of the verification result (i.e., a match or no-match determination).
  • Financial Institutions: We may receive information from banks or payment processors regarding the success or failure of a transaction.

3. Identity Verification and Face Data

Your Trust is Our Priority. This section provides a detailed, transparent explanation of why we collect Face Data, how it is used, and how we protect it. This process is essential for securing your account and complying with financial regulations in Kuwait.

As a regulated financial service, we are legally required to verify the identity of our users. This process, known as Know Your Customer (KYC), helps prevent fraud, money laundering, and other illicit activities. Our KYC process involves the collection and use of Face Data.

3.1. What Face Data Does the App Collect?

During the onboarding process for a new user, the Application will prompt you to provide the following data, which we define as "Face Data":

  • A Selfie Photograph: You will be asked to take a live photo of yourself using your device's camera through the Application. This is a one-time action during account setup.
  • A Photograph from Your Civil ID: You will be required to upload images of the front and back of your government-issued Civil ID. The front of the Civil ID contains a photograph of you.

The collection of this data is mandatory to activate your Kwik Pay wallet. If you do not wish to provide this data, you will be unable to complete the registration process and use our Service.

3.2. How Do We Use Your Face Data?

The sole and exclusive purpose for collecting and processing your Face Data is for identity verification. The process works as follows:

  1. Liveness Check: Our system first performs a "liveness" check on your selfie to ensure it is a real, live photo of a person and not a picture of a screen, a printed photo, or a mask. This is a critical step to prevent spoofing attacks.
  2. Face Matching: Our technology then compares the facial geometry extracted from your live selfie with the facial geometry extracted from the photograph on your uploaded Civil ID.
  3. Verification Decision: The system determines if the two faces are a match. A successful match confirms that the person creating the account is the same person to whom the Civil ID belongs. This verification is a prerequisite for activating your account.

This automated process allows for a secure, efficient, and unbiased verification, enabling you to start using your Kwik Pay wallet quickly and safely.

3.3. Do We Share Your Face Data with Third Parties?

Yes, for the exclusive purpose of performing the identity verification described above, we share your Face Data with a trusted, specialized third-party Service Provider.

  • Who is the Third Party? We partner with a leading global identity verification service that specializes in secure biometric analysis. We have entered into strict contractual agreements with this provider to ensure the security and privacy of your data.
  • Why Do We Share It? We do not have the in-house technology to perform this highly specialized and secure verification. Our Service Provider has the advanced, secure infrastructure and algorithms necessary to perform liveness detection and face matching accurately and safely.
  • What are the Third Party's Obligations? Our contract with our identity verification provider strictly mandates that:
    • The Face Data (both the selfie and the Civil ID image) is used only for the one-time verification check.
    • The Face Data must not be used for any other purpose, such as training their own AI models, marketing, or any other commercial activity.
    • The selfie data and any biometric information derived from it must be permanently deleted from their systems immediately after the verification result (match or no-match) is sent back to us. They do not store or retain your selfie.
  • PACI Verification: The app flow also includes "PACI verification." This refers to verifying your Civil ID information against the records of The Public Authority for Civil Information (PACI) in Kuwait. This process involves sharing your Civil ID number and other details from the ID card, but does not involve sharing your selfie (Face Data) with PACI.

3.4. How Long Do We Retain Your Face Data?

We have a strict and clear data retention policy for Face Data, designed to minimize data storage and protect your privacy.

Type of Face Data Retention Policy Reason for this Policy
Selfie Photograph NOT RETAINED. The selfie is used in real-time for the verification process and is then immediately and permanently discarded. We do not store your selfie on our servers or in any database after the verification check is complete. To maximize your privacy and security. The selfie is only needed for the momentary act of verification. There is no business or legal reason to retain it afterward.
Civil ID Image (contains a face photo) RETAINED. The image of your Civil ID is retained in a secure, encrypted format for as long as you maintain an active Kwik Pay account, and for a subsequent period as required by law. To comply with financial regulations in Kuwait, including Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) laws. These regulations require us to maintain a record of the identity documents used to open an account for a specific period, even after an account is closed. This retention period is typically 5-10 years after the business relationship ends.

3.5. Where is This Information Stored?

The Civil ID image that we retain is stored in a highly secure environment. We employ robust technical and organizational measures to protect it, including:

  • Encryption at Rest: The data is encrypted using industry-standard algorithms (e.g., AES-256) before being stored on our servers.
  • Encryption in Transit: All data transferred between your device, our servers, and our third-party verification provider is encrypted using TLS (Transport Layer Security).
  • Access Controls: Strict access controls are in place to ensure that only a limited number of authorized personnel can access this data, and only for legitimate purposes such as regulatory audits or fraud investigations.

4. Biometric Login Information (Face ID / Fingerprint)

Our Application offers you the convenience of using your device's built-in biometric authentication features (such as Apple's Face ID or Touch ID, and Android's equivalent features) to log in to your account or authorize transactions.

Important: Kwik Pay never collects, receives, processes, or stores your biometric data (e.g., your fingerprint or face scan). This information remains securely on your device.

  • How it Works: When you enable this feature, our Application interacts with your device's secure operating system. The app simply asks the device's operating system to authenticate you. The operating system then uses its secure hardware (like the Secure Enclave on Apple devices) to perform the biometric match.
  • What We Receive: The only information our Application receives from your device's operating system is a "yes" or "no" confirmation of whether the authentication was successful. We do not have access to the underlying Biometric Data itself.
  • Your Control: You have full control over this feature. You can enable or disable it at any time within the Kwik Pay Application's security settings or your device's system settings.

5. How and Why We Use Your Personal Data

We use the personal data we collect for a variety of purposes, all of which are aimed at providing you with a secure, efficient, and customized experience.

  • To Provide and Maintain our Service: This includes creating your account, processing transactions, and monitoring the usage of our Service to ensure it is functioning correctly.
  • To Manage Your Account: To manage your registration as a user of the Service. The Personal Data you provide gives you access to different functionalities of the Service that are available to you as a registered user.
  • For the Performance of a Contract: For the development, compliance, and undertaking of the purchase contract for the products, items, or services you have purchased or of any other contract with us through the Service.
  • To Contact You: To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including security updates, when necessary or reasonable for their implementation.
  • To Provide You with News and Offers: To provide you with news, special offers, and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about, unless you have opted not to receive such information.
  • To Manage Your Requests: To attend and manage your requests to us, such as customer support inquiries.
  • To Prevent Fraud and Enhance Security: We use your data, including transaction patterns and device information, to monitor for and prevent fraudulent activity, unauthorized access, and other security threats to your account and our platform.
  • For Business Transfers: We may use your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by us about our Service users is among the assets transferred.
  • For Other Purposes: We may use your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our Service, products, services, marketing, and your experience.

6. Sharing and Disclosure of Your Personal Data

We do not sell your Personal Data. We may share your information in the following circumstances and with the following parties:

  • With Service Providers: We share your Personal Data with trusted Service Providers to perform services on our behalf. This includes our identity verification partner (as detailed in Section 3), payment processors, cloud hosting providers, and customer support software providers. These providers are contractually bound to protect your data and are prohibited from using it for any other purpose.
  • With Financial Institutions: We share transaction information with banks and other financial institutions as necessary to process your payments and transfers.
  • For Business Transfers: If the Company is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
  • With Law Enforcement and for Legal Reasons: Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency). We may also disclose your data in the good faith belief that such action is necessary to:
    • Comply with a legal obligation.
    • Protect and defend the rights or property of the Company.
    • Prevent or investigate possible wrongdoing in connection with the Service.
    • Protect the personal safety of users of the Service or the public.
    • Protect against legal liability.
  • With Your Consent: We may disclose your personal information for any other purpose with your explicit consent.

7. Data Retention: How Long We Keep Your Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

  • Account Data: We retain your profile and account information for as long as your account is active.
  • Transaction Data: We retain your transaction history for the duration of your account and for a subsequent period as required by financial regulations.
  • Identity Documents (Civil ID): As stated in Section 3.4, we are legally required to retain a copy of your identity verification documents for a specific period (e.g., 5-10 years) after you close your account to comply with AML/CTF laws.
  • Selfie Data: As stated in Section 3.4, your selfie is not retained and is discarded immediately after verification.
  • Usage Data: We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods.

8. International Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. This means that this information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

For example, our cloud hosting provider or identity verification Service Provider may have servers located in other countries. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. We will not transfer your Personal Data to an organization or a country unless there are adequate controls in place, including the security of your data and other personal information, and a legal framework (such as Standard Contractual Clauses) that ensures a comparable level of data protection.

9. Security of Your Personal Data

The security of your Personal Data is a top priority for us. We implement and maintain a wide range of administrative, technical, and physical security measures designed to protect your information from unauthorized access, loss, misuse, disclosure, alteration, and destruction. These measures include:

  • Data Encryption: Encrypting your data both in transit (using TLS) and at rest (using AES-256).
  • Secure Development Practices: Following secure coding guidelines and regularly scanning our code for vulnerabilities.
  • Access Control: Limiting access to personal data to authorized employees and Service Providers who have a legitimate business need to access it.
  • Regular Security Audits: Conducting regular internal and external security assessments and penetration tests.
  • Incident Response Plan: Maintaining a plan to promptly respond to and manage any data security incidents.

However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

10. Your Privacy Rights and Choices

You have certain rights regarding the Personal Data we hold about you. Depending on your jurisdiction, these may include:

  • Right to Access: You have the right to request a copy of the personal information we hold about you.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete. You can update most of your profile information directly within the app.
  • Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data, under certain conditions. Please note that we may be required to retain certain information for legal and regulatory compliance purposes, as outlined in the Data Retention section.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  • Right to Withdraw Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at support@kwikpay.com.kw. We will respond to your request in accordance with applicable law.

11. Children's Privacy

Our Service is not intended for use by anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us immediately.

If we become aware that we have collected Personal Data from anyone under the age of 13 without verification of parental consent, we will take steps to remove that information from our servers promptly.

12. Links to Other Websites and Third-Party Services

Our Service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data handling practices, please do not hesitate to contact us:

Last updated: December 14, 2025