Privacy Policy

1. Introduction

Dibsy processes personal data as part of the services we provide to our merchants and their customers (consumers), business partners, and website users.

As a licensed payment service provider regulated by the Qatar Central Bank, we are committed to handling personal data securely and in full compliance with Law No. (13) of 2016 on Protecting Personal Data Privacy and other applicable regulations.

Our role in Qatar’s financial ecosystem—and the trust our users place in us—requires the responsible and lawful processing of personal data.

This policy outlines how Paywise LLC (DBA Dibsy) ("Dibsy", "we", "our", "us") collects, uses, stores, shares, and protects personal data.

2. Who is Dibsy?

Dibsy is a payment service provider based in Qatar. We help businesses accept online payments through cards and wallets.

You may interact with Dibsy when you:

  • Use our services as a merchant
  • Make a payment via a Dibsy merchant
  • Visit our website or app
  • Contact our customer support team

We are regulated by the Qatar Central Bank and comply with the Payment Services Regulation, AML/CFT laws, and other national financial regulations.

3. Dibsy’s Responsibilities

We act as a data controller because we:

  • Define what data is needed to provide our services
  • Determine how personal data is used and stored
  • Set purposes for lawful processing
  • Fulfill our regulatory obligations

In limited cases (e.g., custom invoicing features), Dibsy may act as a data processor under a merchant’s instructions.

4. What Personal Data Does Dibsy Process?

Merchants:

  • Full name, phone number, email
  • Business name, CR, IBAN, legal structure
  • Identity verification (QID, passport, UBO info)
  • Login credentials and transaction data
  • IP address, browser, device info

Consumers (Payers):

  • Payment method details (card, wallet)
  • Transaction amount and confirmation details
  • Name, email, phone (if shared for receipts/verification)
  • Device, IP address, location
  • Details about purchased products/services (if relevant for disputes)

Business Partners:

  • Contact name, business email and phone
  • Company registration and credentials
  • Communication records

Website Visitors:

  • IP address, location, device/browser info
  • Cookie and session interaction data

5. Why Does Dibsy Collect and Use Your Personal Data?

We collect and process personal data to:

  • Register and manage merchant accounts
  • Facilitate secure payment transactions
  • Comply with regulatory obligations (e.g., AML/CFT, QCB reporting)
  • Detect and prevent fraud and financial crime
  • Handle chargebacks and customer disputes
  • Improve our platform and services
  • Communicate service updates and system alerts
  • Provide customer support

6. Legal Basis for Processing

We rely on the following legal grounds:

  • Contractual necessity – to provide and maintain our services
  • Legal obligations – under Qatari financial laws and regulations
  • Legitimate interests – such as fraud prevention and service improvement
  • Consent – where required (e.g., for marketing communications)

7. How Long Does Dibsy Keep Your Personal Data?

We retain personal data only for as long as necessary, or as mandated by law:

Type of Data Retention Period
Merchant account data Duration of relationship + 15 years
Transaction data (consumer) 15 years from date of transaction
Verification documents 15 years after account closure
Cookie/usage analytics Up to 24 months
Marketing preferences Until consent is withdrawn

8. How Does Dibsy Secure Your Personal Data?

We implement industry-standard security practices:

Technical Safeguards:

  • End-to-end encryption (in transit and at rest)
  • Tokenization of sensitive payment data
  • Multi-factor authentication and access control
  • Real-time fraud detection systems
  • Firewalls and network segmentation

Organizational Safeguards:

  • Background-checked staff with role-based access
  • Mandatory privacy and security training
  • PCI-DSS certification
  • Incident response plans and breach notification procedures

9. Does Dibsy Share Your Personal Data?

We share data only when necessary and with safeguards in place:

  • Banks and card networks for transaction processing
  • Service providers for identity verification, hosting, and analytics
  • Regulators and authorities (e.g., QCB, tax, law enforcement) when legally required
  • Business acquirers in the case of a merger or asset transfer

Dibsy does not sell your personal data to third parties.

10. International Data Transfers

If data is transferred outside Qatar, we ensure it is protected using:

  • Jurisdictions with adequate data protection laws
  • Standard contractual clauses
  • Equivalent legal and technical safeguards

11. Does Dibsy Use Cookies?

Yes. We use cookies to:

  • Enable core site functionality
  • Analyze usage to improve performance
  • Store your preferences

You can control cookie settings in your browser. For more details, refer to Website Compliance and Cookies Policy.

12. What Rights Do You Have?

You have the right to:

  • Access your personal data
  • Request correction or deletion
  • Restrict or object to processing
  • Withdraw consent (for marketing)
  • Request data portability

13. How Can You Contact Dibsy?

If you have any questions regarding our use of your personal data, you can contact us via privacy@dibsy.one.

Doha, 21st May, 2025