Who We Are
AssistSit Pay ("we", "our", "us") is a payment gateway solution provider operating in Pakistan. We provide technology infrastructure that enables businesses to collect digital payments from their customers.
This Privacy Policy explains how we collect, use, store, protect, and share personal and financial information when you use our services. We are committed to protecting the privacy and security of all data entrusted to us.
Information We Collect
We collect the following categories of information:
- Business Information: Business name, registration number, tax details, and authorized representative information during merchant onboarding
- Bank Account Details: Business bank account information for settlement purposes
- Transaction Data: Payment amounts, dates, methods, statuses, and reference numbers
- Customer Payment Data: Payment method details submitted at checkout (handled through PCI DSS compliant systems — raw card numbers are never stored by us)
- Technical Data: IP addresses, browser type, device information, and usage patterns used for fraud prevention and platform security
- Communications: Records of emails and support interactions with our team
Important: We do not store raw card numbers or full payment credentials on our servers. All sensitive payment data is handled through tokenization and PCI DSS compliant infrastructure.
How We Use Your Information
We use the information we collect for the following purposes:
- Processing and facilitating payment transactions between merchants and their customers
- Verifying merchant identity and conducting KYC (Know Your Customer) checks as required by SBP
- Detecting, investigating, and preventing fraudulent or unauthorized activity
- Settling funds to merchant bank accounts as per agreed terms
- Providing customer support and resolving technical issues
- Complying with State Bank of Pakistan (SBP) regulations and other applicable laws
- Generating transaction reports and account statements for merchants
- Improving and maintaining the security and performance of our platform
We do not use your data for marketing purposes or sell it to advertisers.
Data Storage & Security
We take data security seriously and implement multiple layers of protection:
- All data in transit is encrypted using 256-bit SSL/TLS encryption
- Data at rest is stored on secured, encrypted servers
- Our payment processing systems are PCI DSS Level 1 compliant
- Access to sensitive data is restricted to authorized personnel only, on a need-to-know basis
- We conduct regular security audits and vulnerability assessments
- Real-time fraud monitoring systems operate 24/7
Data is stored on secure servers in Pakistan or with compliant international infrastructure partners that meet the same security standards.
Data Sharing
We do not sell, rent, or trade your personal information to any third parties. We may share data only in the following limited circumstances:
- Banking & Payment Partners: Shared with banks, card networks, and wallet providers solely to process transactions
- Regulatory Authorities: Disclosed to the State Bank of Pakistan (SBP), FBR, or other government bodies when legally required
- Fraud & Compliance Services: Shared with third-party fraud detection and AML compliance service providers under strict confidentiality agreements
- Legal Proceedings: Disclosed when required by court order or applicable law
All third parties with whom we share data are contractually obligated to maintain the confidentiality and security of that data.
Data Retention
We retain your data for as long as necessary to fulfill the purposes described in this policy and to comply with our legal obligations:
- Transaction records are retained for a minimum of 5 years as required by Pakistani financial regulations
- KYC and merchant onboarding documents are retained for the duration of the business relationship plus 5 years
- Support communications are retained for 2 years
- Technical logs are retained for up to 12 months
Upon expiry of the applicable retention period, data is securely deleted or anonymized.
Your Rights
As a merchant or data subject using our platform, you have the following rights regarding your personal data:
- Right to Access: Request a copy of the personal data we hold about you
- Right to Correction: Request correction of inaccurate or incomplete data
- Right to Deletion: Request deletion of your data, subject to legal retention requirements
- Right to Restriction: Request that we limit processing of your data in certain circumstances
- Right to Object: Object to processing of your data for purposes other than core service delivery
To exercise any of these rights, please contact us at privacy@assistsit.com. We will respond to verified requests within 30 days.
Cookies
Our website and merchant dashboard use cookies to ensure proper functionality and security:
- Essential Cookies: Required for the platform to function, including session management and security tokens. These cannot be disabled.
- Analytics Cookies: Used to understand how merchants use our dashboard so we can improve the experience. These are anonymous and aggregated.
We do not use advertising or tracking cookies. You can control non-essential cookies through your browser settings.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will notify registered merchants via email at least 14 days before the changes take effect.
The latest version of this policy is always available on our website. The "Last updated" date at the top of this page indicates when it was last revised.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact our team:
- Email: privacy@assistsit.com
- General inquiries: payments@assistsit.com
- Address: ...., Pakistan
We aim to respond to all privacy-related inquiries within 5 business days.
