Privacy Policy

PayGo is a QR-based checkout platform that service businesses, including beauty salons, barber shops, spas and wellness centres, clinics, and fitness studios (each a "Merchant"), use to let their customers settle bills, leave tips, receive personalised upsell offers, and submit feedback, all from their phone browser without downloading an app.

This policy covers personal data we collect from you as an end user (a customer of a Merchant using PayGo). It does not cover data that Merchants collect independently or data processed under their own privacy policies.

If you have any questions about this policy or wish to exercise your privacy rights, please reach us through our contact form. We will respond within a reasonable time and no later than is required by applicable law.

PayGo operates in the United Arab Emirates and the Kingdom of Saudi Arabia. Your data may be processed in either country or by service providers operating globally, subject to appropriate safeguards.

Information you provide

When you scan a PayGo QR code and proceed through checkout, you may provide us with your name, email address, or phone number, for example to receive a digital receipt. Providing this information is optional unless the Merchant requires it for their records.

Payment information

We do not store your full card details. Payments are processed by licensed payment gateways, which return only a tokenised reference to us. Your card number, CVV, and expiry date are never held on PayGo systems.

Transaction data

We record the details of transactions completed through our platform, including the Merchant, the services on your bill, the amount paid, the tip amount (if any), upsell items added, and any feedback ratings you submit. This data is used to generate your receipt and to power personalised suggestions on future visits.

Device and usage data

When you open a PayGo checkout link, we automatically receive standard technical data including your IP address (used to infer general location), browser type, device type, and the pages or screens you view within the flow. We use cookies and similar technologies for session management and analytics.

Feedback and reviews

If you submit a star rating or written comment through the PayGo feedback step, that content is recorded and shared with the Merchant. You are responsible for what you write in review fields.

Communications with us

If you contact us for support or to report an issue, we collect the content of that communication and any contact details you provide.

Delivering the service

We use your data to display your bill, process your payment, calculate and route tips to the correct service providers, surface relevant upsell suggestions, capture your feedback, and send you a receipt.

Personalisation

With your consent, we may use your transaction history across visits and Merchants to personalise the offers and suggestions shown to you during checkout. Our AI upsell engine analyses patterns in your past orders to surface products or services that are relevant to you, not generic promotions.

Merchant communications

Where you opt in when checking out at a specific Merchant, we may send you follow-up communications on that Merchant's behalf, such as a thank-you message, a rebooking reminder, or a special offer. These are sent under the Merchant's brand and at their direction. You can opt out at any time.

Platform improvement

We analyse aggregated and anonymised usage data to improve the PayGo platform, train our recommendation models, and develop new features. Aggregated data cannot be linked back to you as an individual.

Fraud prevention and security

We use transaction and device data to detect and prevent fraudulent activity, chargebacks, and misuse of the platform.

Legal compliance

We may use or disclose your data where required by applicable law, regulation, court order, or at the request of a competent authority.

When you interact with a Merchant's PayGo checkout, some data processing takes place at the Merchant's direction rather than ours. In those cases, the Merchant is the data controller for that processing, and their own privacy policy governs it. This includes, for example, the Merchant seeing your feedback score, your visit frequency, or communications they have chosen to send to you after you opted in.

We contractually require all Merchants to handle your data lawfully and in accordance with applicable privacy law.

Payment processors

We share the minimum data necessary with licensed payment gateways to authorise and complete your transaction.

Merchants

We share transaction summaries (date, service, amount, tip, feedback rating) with the Merchant where your transaction took place. This allows them to reconcile payments and review customer satisfaction. Where you have opted in to personalised communications, we may also share your contact details with that Merchant.

Technology service providers

We work with third-party providers for hosting, analytics, email delivery, and customer support tooling. These providers process data only on our instructions and are bound by data processing agreements.

Group companies and partners

PayGo operates in partnership with Arab United Business. We may share operational data within this group where necessary to deliver the service.

Legal and safety disclosures

We may disclose your data to law enforcement or regulatory authorities when required by law, or to protect the rights, property, or safety of PayGo, our Merchants, or others.

No sale of personal data

We do not sell your personal data to third parties. We do not share it for third-party advertising purposes.

We use session cookies to maintain your checkout state as you move through the payment flow. We also use analytics cookies (from privacy-respecting analytics tools) to understand how customers use our service and where errors occur. We do not use advertising or tracking pixels.

You can configure your browser to refuse cookies, though this may affect the functionality of the checkout flow.

We retain transaction records for a minimum of five years to comply with applicable financial record-keeping requirements. Feedback and review data is retained for the period the Merchant's account remains active plus a reasonable period thereafter. Device and usage data is retained for up to 24 months.

Where you request deletion of your data, we will action that request promptly, subject to any legal obligations that require us to retain certain records.

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All data transmitted between your device and our servers is encrypted using TLS. Our payment processing partners maintain PCI-DSS compliance. Access to personal data within our team is restricted on a need-to-know basis.

No internet-based service can guarantee absolute security. If you discover a potential security issue, please notify us promptly through our contact form.

Depending on your location and applicable law, you may have the right to:

• Access: request a copy of the personal data we hold about you.
• Correction: ask us to correct inaccurate or incomplete data.
• Deletion: request that we delete your personal data, subject to legal retention requirements.
• Restriction: ask us to restrict certain processing of your data while a request is being resolved.
• Objection: object to processing based on legitimate interests.
• Portability: receive a structured, machine-readable copy of data you have provided to us.
• Opt out of marketing: unsubscribe from Merchant or PayGo communications at any time using the link in any message or by contacting us.

To exercise any of these rights, please use our contact form. We will respond within 30 days, or within the timeframe required by applicable law.

The PayGo service is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has used the service and submitted personal data, please contact us and we will delete it promptly.

This Privacy Policy is governed by the laws of the United Arab Emirates, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the courts of the UAE.

We may update this Privacy Policy from time to time to reflect changes to our practices or applicable law. Material changes will be notified through the PayGo platform or by other appropriate means. The date at the top of this page always reflects the most recent version.