Privacy Policy

Introduction

Breadfast Pay (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you use our services and sign up for a Breadfast Pay’s account (collectively, “Services”).

This Privacy Policy is relevant to your use of our Services and specifically addresses the information collected in connection with your access to and interaction with our Services. We strongly encourage you to read this Privacy Policy thoroughly to understand how we handle your information.

By using our Services, you confirm that you have read and agree to this Privacy Policy. This means you understand and accept how we collect, use, disclose, and store your personal information, along with our overall Privacy Policy.

Information We Collect

We may collect the following types of information:

  • Personal Information: This includes your name, email address, phone number, mailing address, date of birth, and any other information you provide when you register for our Services.
  • Transaction Information: Details of transactions made using our Services, including transaction amounts, dates, and merchant information.
  • Device Information: Information about your device, such as IP address, browser type, operating system, and device identifiers.
  • Usage Data: Information about how you use our Services, including access times, pages viewed, and the duration of your visits.
  • Device and Location Data: We collect information about your device (like model and operating system) and your location to enhance security, prevent fraud, and improve our services.
  • Usage Activity: We track how you interact with our Services, including access times and features used, to better understand your preferences and improve your experience.
  • Sources of Information: We gather information directly from you, your devices, and third-party services for identity verification and fraud prevention.

Biometric Authentication

We may offer biometric authentication (such as fingerprint or facial recognition) as an optional feature to facilitate secure access to your account.

  • We do not collect, store, or process your biometric data (such as fingerprints or facial recognition templates).
  • Biometric authentication is performed locally on your device using your device’s operating system (e.g., Apple iOS or Android).
  • We only receive a confirmation from your device indicating whether authentication was successful.

Purpose of Use

Biometric authentication is used solely for:

  • Logging into the application
  • Verifying your identity when accessing your account

It is not used to authorize transactions.

User Control

  • This feature is optional and can be enabled or disabled at any time through your device or application settings.
  • If disabled, you will be required to use alternative authentication methods (e.g., passcode or password).

Consent

By enabling biometric authentication, you consent to the use of this feature in accordance with this Privacy Policy and any applicable terms governing its use.

Legal Basis for Processing Your Data

  • Your consent.
  • Performance of a contract with you.
  • Compliance with a legal obligation.
  • Protection of your vital interests.

How We Use Your Information

  • To provide, maintain, and improve our Services.
  • To process transactions and manage your account.
  • To communicate with you regarding your account and transactions.
  • To respond to your inquiries and provide customer support.
  • To send you promotional materials and updates, subject to your preferences.
  • To monitor and analyze usage and trends to improve user experience.

Close Card

  • When a card is closed, personal information related to the card (e.g., transaction history, card details) may still be retained for regulatory or audit purposes. However, after the card is closed, no further transactions can be made, and the associated data is flagged for archiving or deletion according to the bank’s retention policies.
  • The cardholder’s personal details are still maintained as part of the broader account or financial history.
  • After card closure, no active cardholder information is accessible, except for historical purposes (e.g., for audits or legal obligations).

Close Account – Delete Information About the Customer

  • When an account is closed, it triggers the process of removing or anonymizing personal information about the customer. However, complete deletion of data is often restricted by compliance with regulatory requirements, such as KYC and AML laws, which mandate the retention of customer data for a period after account closure.
  • Personal Identifiable Information (PII): Can be deleted or anonymized once the legal retention period has passed.
  • The customer’s data: can only be fully deleted if it no longer serves any legal or operational purpose.

Disclosure of Your Information

We may share your information in the following situations:

  • Service Providers: We may share your information with third-party vendors and service providers who perform services on our behalf, such as payment processing, data analysis, and marketing.
  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities.
  • Business Transfers: If we are involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.

How Long We Keep Your Information

  • The retention period of customer information depends on the type of data and the purpose for which it was collected.
  • For financial services, information is typically retained for a certain period after account closure. In many cases, this period might be 3 years, depending on jurisdictional laws such as anti-money laundering (AML) or Know Your Customer (KYC) regulations.

Security of Your Information

  • As a PCI DSS-compliant company, we follow industry standards to protect sensitive data such as financial and personal information.
  • Additionally, our services are approved by the Central Bank of Egypt (CBE), ensuring compliance with national financial and security regulations.

Storage and Processing

  • All customer data is stored and processed in secure servers used for data storage located in PCI DSS-certified data centers.

Your Rights

Under Egyptian law, you have the following rights regarding your personal data:

  • Access: You have the right to request access to your personal data.
  • Correction: You have the right to request correction of inaccurate or incomplete personal data.
  • Deletion: You may request deletion of your personal data under certain circumstances.
  • Objection: You have the right to object to the processing of your personal data.

To exercise these rights, please contact us using the information provided below.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on our website and updating the effective date.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at: [email protected]