Download Now

Privacy Policy

Introduction​

Welcome to SAHL, a merchant-centric digital payment gateway and QR-based retail solution operated by Forteve Private Limited (“SAHL,” “we,” “us,” or “our”).

We are committed to safeguarding the privacy and personal data of all users interacting with our Platform, including merchants, customers, partners, and website visitors.

This Privacy Policy explains how we collect, process, store, share, and protect your information when you use our website, merchant and retail portals, mobile applications, APIs, and related services (collectively, the “Platform”).

By using the Platform, you agree to this Privacy Policy. If you do not agree, you should stop using the Platform immediately.

Information We Collect

We collect both personal and non-personal data in the following ways:

Information You Provide
  • Identity Details: Name, CNIC/NICOP, date of birth, photograph
  • Contact Information: Email, phone number, address
  • Business Details: Business name, NTN/STRN, category, registration info
  • Financial Information: Bank details, IBAN, tokenized card data, settlement preferences
  • Login Credentials: Username, encrypted passwords, security data
  • Communication Records: Support tickets, feedback, and inquiries
Automatically Collected Data
  • Device Information: IP address, browser type, operating system
  • Usage Data: Platform activity, pages visited, session duration
  • Transaction Data: Payment amounts, timestamps, QR activity, status
  • Location Data: General location via IP; precise location only with consent
    Cookies & Tracking Data (see Section 8)
Third-Party Sources
  • Identity verification data (e.g., NADRA, Tasdeeq, SBP systems
  • AML/KYC screening from authorized partners
  • Banking confirmations (RAAST, 1LINK, financial institutions)
  • Customer data shared by merchants for transaction processing
How We Use Your Information

We use your data for the following purposes:

Service Operations
  • Processing payments, settlements, and refunds
  • Verifying merchants and users (KYC/AML)
  • Managing user accounts and dashboards
  • Enabling QR payments and platform services
Legal & Compliance
  • Meeting SBP regulations and AML/CFT obligations
  • Responding to regulatory or legal requests
  • Maintaining records required by law
  • Supporting financial risk and lending compliance
Security & Fraud Prevention
  • Monitoring transactions for suspicious activity
  • Preventing fraud and unauthorized access
  • Ensuring system and data security
Analytics & Improvements
  • Understanding usage behavior
  • Improving product features and performance
  • Creating anonymized reports for insights
Communication
  • Sending alerts, OTPs, and transaction notifications
  • Providing customer support
  • Sharing product updates and marketing (where consent applies)
Data Staring

We do not sell your personal data. However, we may share it in these cases:

Service Providers

With trusted third-party vendors (e.g., cloud services, KYC providers, communication tools) under strict data protection agreements.

Financial Ecosystem

With banks, payment networks (e.g., RAAST, 1LINK), and financial institutions for processing transactions.

Authorities

With regulators or government bodies (e.g., SBP, FBR, FIA, SECP) when required by law.

Affiliates

With affiliated entities of Forteve Private Limited for operational and compliance purposes, under equivalent safeguards.

Business Transfers

In case of mergers or restructuring, data may be transferred to successor entities under the same protections.

With Consent

Where you explicitly allow us to share your data.

Data Retention

We retain data only as long as necessary:

  • Transaction Records: Minimum 5 years
  • KYC Documents: 5 years after relationship ends
  • Account Data: Duration + 5 years post-closure
  • Support Logs: 3 years
  • Marketing Records: Until consent withdrawal + 1 year
  • Cookies Data: Up to 13 months
  • Fraud Records: Up to 7 years

Data is securely deleted or anonymized after retention periods.

Data Security

You have the following rights (subject to applicable laws):

  • Access: Request your stored data
  • Correction: Update inaccurate information
  • Deletion: Request removal (where legally allowed)
  • Objection: Opt out of marketing
  • Withdraw Consent: Anytime
  • Complaint: Raise concerns with authorities

To exercise these rights, contact us at: privacy@sahl.com
We aim to respond within 30 days.

Your Rights

We use strong security measures, including:

  • Encryption (AES-256, TLS 1.2+)
  • PCI-DSS compliant systems
  • Multi-factor authentication (MFA)
  • Role-based access controls
  • Regular security audits and testing
  • Incident response protocols

While we strive for maximum security, no system is completely risk-free.

Cookies & Tracking

We use cookies to improve functionality:

  • Essential Cookies: Required for platform operation
  • Analytics Cookies: Track usage patterns
  • Preference Cookies: Save user settings
  • Marketing Cookies: Personalized ads (with consent)

You can manage cookies through browser settings.

International Data Transfers

While SAHL primarily operates in Pakistan, your data may be processed internationally (e.g., cloud services). We ensure adequate safeguards through contractual protections.

Third-Party Links

While SAHL primarily operates in Pakistan, your data may be processed internationally (e.g., cloud services). We ensure adequate safeguards through contractual protections.

Policy Updates

We may revise this Privacy Policy periodically. Updates will be posted on our Platform with a revised date. Continued use indicates acceptance.

Contact Us

For any questions or concerns:

📧 privacy@besahl.io
🏢 Forteve Private Limited