PRIVACY POLICY
This Privacy Policy (the Privacy Policy) relates to your use of HyperPay reporting services which available at www.hyperpay.com
HyperPay Inc Saudi Information Systems Technology ("we," "us," or "our") is a financial technology company registered and operating in the Kingdom of Saudi Arabia (KSA). We are fully committed to safeguarding your personal data in strict compliance with the Kingdom of Saudi Arabia’s Personal Data Protection Law (PDPL), its implementing regulations, and any supplementary guidelines issued by the Saudi Data & Artificial Intelligence Authority (SDAIA).
This Privacy Policy outlines in detail how we collect, process, disclose, and protect your personal data when you engage with our services, including but not limited to payment processing, card issuance, and other FinTech
solutions.
We are committed to protecting your privacy and the information that can identify you (“Personal Information”)
that you provide when you deal with us and as you access our platform through our web or mobile applications
or any other means. By accessing and using our web or mobile applications, you agree and consent to the collection, use and disclosure of your Personal Information as outlined in this privacy Policy.
Under the PDPL, we act as:
A Data Controller for services where we determine the purpose and means of processing. A Data Processor for
services where we process data on behalf of other entities under contractual agreements. By using our services,
you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy.
SCOPE
This Privacy Policy applies to:
- Customers (individuals and businesses) using our financial services.
- Merchants, partners, and third-party service providers integrated with our platform.
- Visitors to our website, mobile applications, and any digital platforms.
- Any individual whose personal data we process under the PDPL.
QUESTIONS OR CONCERNS
Reading this Privacy Policy will help you understand your privacy rights and choices. This Privacy Policy is an integral part of HyperPay’s terms and conditions that apply to you. By submitting your information to us you consent to us to use your information for the purposes set out in this Privacy Policy. If you still have any questions or concerns, please contact us at Privacy@hyperpay.com.
For matters specifically related to data protection, you can also reach out to our Data Protection Officer with the details provided below:
Address: Saudi Arabia- Riyadh
Email: fahad.almutairi@hyperpay.com
Phone: +966536645582
SUMMARY OF KEY POINTS
We collect personal data through various interactions, including account registration, transactions, customer support, and automated technologies. When you visit, use, or navigate our web/mobile applications, we may process personal information depending on how you interact with us and our web/mobile applications, the choices you make, and the products and features you use.
Do we process any sensitive personal information?
We may process sensitive personal information, when necessary, with your consent or as otherwise permitted by applicable law.
Do we share any information with third party?
We may share your personal data and information with third parties for the delivery of specific
services and functionalities via our web/mobile applications or to contribute to the development of the services and functionalities of such third parties. We require these third-party service providers to implement measures to maintain the security of your data, and to align their data use practices with the terms of this Privacy Policy. However, we shall not be liable for any misuse or violation of this Privacy Policy by any such third party.
How do we process your information?
We process your information to provide, improve, and administer our web/mobile applications, communicate with you, for security and fraud prevention, and comply with the law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.
In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties.
How do we keep your information safe?
We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.
How do you exercise your rights?
The easiest way to exercise your rights is by contacting us. We will consider and act upon any request in accordance with PDPL.
WHAT INFORMATION DO WE COLLECT?
Personal information provided directly by You In short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you register on the web/mobile applications, express an interest in obtaining information about us or our products and web/mobile applications, when you participate in activities on the web/mobile applications, or otherwise when you contact us.
• Names
• Phone numbers
• Email addresses
• Usernames
• Passwords
• Date of birth
• Gender
• Contact preferences
• Contact or authentication data
• Billing addresses
• Debit/credit card numbers
• Job titles
• Mailing addresses
• Authentication information of your customers
• Personal information of your customers
• Bank account information
• National ID / IQAMA
• Any other Personal Information provided by You
Application Data
If you use our web/mobile applications, we also may collect the following information if you choose to provide us with access or permission:
Geolocation Information
We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application(s), to provide certain location-based web/mobile applications. If you wish to change our access or permissions, you may do so in your device's settings.
Push Notifications
We may request to send you push notifications regarding your account or certain features of the application(s). If you wish to opt-out from receiving these types of communications, you may turn them off in your device's settings. This information is primarily needed to maintain the security and operation of our application(s), for troubleshooting, and for our internal analytics and reporting purposes.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
Information automatically collected
Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our web/mobile applications. We automatically collect certain information when you visit, use, or navigate the web/mobile applications. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser, and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our web/mobile applications, and other technical information. This information is primarily needed to maintain the security and operation of our web/mobile applications, and for our internal analytics and reporting purposes. Like many businesses, we also collect information through cookies and similar technologies. The information we collect includes:
Log and Usage Data
Log and usage data are web/mobile applications-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our web/mobile applications and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the web/mobile applications (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called "crash dumps"), and hardware settings).
Device Data
We collect device data such as information about your computer, phone, tablet, or other devices you use to access the web/mobile applications. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet web/mobile applications provider and/or mobile carrier, operating system, and system configuration information.
Interaction through social media
Any posts or interactions you have with us on social media channels.
HOW DO WE PROCESS YOUR INFORMATION?
In Short: We process your information to provide, improve, and administer our web/mobile applications, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your personal information for a variety of reasons, depending on how you interact with our web/mobile applications, including:
• To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.
• To deliver and facilitate the delivery of web/mobile applications and functionalities to the user. We may process your information to provide you with the requested web/mobile applications.
• To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested web/mobile applications.
• To send administrative information to you. We may process your information to send you details about our products and web/mobile applications, changes to our terms and policies, and other similar information.
• To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through our applications.
• To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our web/mobile applications.
• To protect our web/mobile applications. We may process your information as part of our efforts to keep our web/mobile applications safe and secure, including fraud monitoring and prevention.
• To identify usage trends. We may process information about how you use our web/mobile applications to better understand how they are being used so we can improve them.
• To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
We may use cookies and other tracking technologies to collect and store your information.
To improve your experience and tailor our service to you, we use technology called “cookies” to collect how our website is used. These may include your data; The use of cookies is essential to the operation of our website and services.
Types of cookies and their uses:
1. Google Analytics Cookies
These are automatically set if Google Analytics is used on the WordPress site.
• _ga
Used to distinguish unique users across sessions.
o What it is: A unique identifier assigned to each visitor.
o Why it matters: Enables Google Analytics to track user behavior and measure site traffic.
o Used by: Google Analytics.
• _ga_* (e.g. _ga_47HPHXETEM, _ga_5TFS8M5TTY, etc.)
Used to maintain session state for different GA4 properties.
o What it is: Stores session information related to specific GA4 properties.
o Why it matters: Tracks how users interact within a session, including session duration, bounce rate, and navigation.
o Used by: Google Analytics 4 (GA4).
• _gcl_au
Used by Google AdSense or Google Ads for conversion tracking.
o What it is: A cookie for tracking ad performance and measuring conversions.
o Why it matters: Helps optimize advertising strategies by attributing user actions to ads.
o Used by: Google Ads / AdSense.
2. WordPress Cookies
wp-settings-time-[UID] wordpress_logged_in_*, wp-settings-*, wordpress_sec_*, comment_author_* (e.g., wp-settings-time-111, wp-settings-time-4) Stores admin panel and user interface preferences.
o What it is: A timestamp for when a user’s UI settings were last saved.
o Why it matters: Enables personalization of the WordPress admin dashboard for each user.
o Used by: WordPress core for logged-in users.
o Consent: Not required for essential functionality (e.g., logged-in users).
3. WPForms Cookie
• _wpfuuid
Used to uniquely identify a user who fills out a form.
o What it is: A UUID assigned to the browser to track form interactions without requiring login.
o Why it matters: Helps WPForms associate submissions with a user session for features like form abandonment or user tracking.
o Used by: WPForms plugin.
5. Automatic (Jetpack / WooCommerce) Tracking Cookies
• tk_lr, tk_or
Used for referral tracking and Jetpack stats.
o What it is: Track referrer behavior and internal analytics for Jetpack/WooCommerce.
o Why it matters: Helps site owners analyze traffic sources and user behavior.
o Used by: Jetpack / WooCommerce / Automattic services.
6. A/B Testing / Experimentation
• experimentation_subject_id
Identifies users for participation in A/B tests.
o What it is: Encoded identifier to assign the user to an experiment group.
o Why it matters: Used for testing UI/UX changes and performance improvements.
o Used by: Services performing A/B or multivariate testing (possibly Jetpack or a custom plugin)
7. Google Tag Manager (GTM)
• _ga, _gid, _gat
o What it is: These are analytics cookies that help measure user interactions and website performance.
o Why it matters: These cookies enable the tracking of visitor behavior (e.g., pages viewed, time spent) to improve website functionality and marketing strategies.
o Used by: Google Analytics via GTM; used in browsers for analytics tracking.
o Consent: Required for Saudi PDPL compliance due to non-essential tracking.
8. Google reCAPTCHA
• NID, __Secure-ENID, __Secure-3PSIDCC, and related cookies
o What it is: Security cookies placed by Google to verify that a user is human and not a bot.
o Why it matters: These cookies help protect forms and login pages from automated abuse and spam.
o Used by: reCAPTCHA service during form interactions.
o Consent: Required, as these cookies involve tracking and third-party domains.
9. Tido Chat (Live Support Widget)
• tidio_state, tidio_chat_session, _tidio_* (stored in both cookies and localStorage)
o What it is: Identifiers used by the Tidio live chat plugin to track open chats, messages, and user states.
o Why it matters: Ensures continuity in user support by maintaining conversation state across pages and visits.
o Used by: The embedded Tidio widget in your browser.
o Consent: Required under PDPL, as it stores identifiable session data for engagement purposes.
IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
In Short: We may transfer, store, and process your information in countries other than your own.
Our servers are located in the Kingdom of Saudi Arabia. If you are accessing our web/mobile applications from outside the Kingdom of Saudi Arabia, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information. Your personal data may be transferred outside the Kingdom of Saudi Arabia where our data processing partners, or service providers are located.
HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate technical and organizational security measures to protect the personal information that we have under our control from unauthorized access, use, disclosure and accidental loss. When you enter personal information, we encrypt the transmission of that information or use SSL connections (Secure Socket Layer) technology. You are solely responsible for maintaining the security and confidentiality of your account username and password.
However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, the transmission of personal information to and from our web/mobile applications is at your own risk. You should only access the web/mobile applications within a secure environment.
You have several rights regarding your personal data:
- Access: You can access your personal data and request information on how it is processed.
- Rectification: You can request corrections to your personal data.
- Erasure: You can request the deletion of your personal data in certain circumstances (right to be forgotten), unless we are legally required to retain it.
- Portability: You can request your personal data in a commonly used, machine-readable format and ask us to transmit it to a third party.
- Notification of Breach: You will be notified in case of a data breach that poses a high risk to your rights and freedoms.
Additionally, you have the right to:
-Restriction or Objection: You can object to or request restrictions on the processing of your personal data.
-Withdraw Consent: You can withdraw your consent at any time, except when the process of the Information is not based on the Consent.
Data Subject Requests
To exercise any of your rights mentioned in this Privacy Policy, you can submit a request to the contact information mentioned earlier in this Policy.
Right to Lodge a Complaint
If you have any complaints regarding alleged breaches of Data Protection Regulations, you can file them with the relevant authority.
Time limit to respond
We will respond to all legitimate requests within one calendar month. If your request is particularly complex, or you have made a number of requests, it may take us longer up to three calendar months to respond, but we will notify you of this and keep you updated.
DO WE MAKE UPDATES TO THIS POLICY
In short: Yes, we will update this Privacy Policy as necessary to stay compliant with relevant laws. We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.
HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have questions or comments about this Privacy Policy, you may email us at: Privacy@hyperpay.com
HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please submit an email at Privacy@hyperpay.com