Last updated: June 2026 · SBP EMI Compliant
1. Data We Collect
MAP Pay collects CNIC number, biometric data (via NADRA Verisys), phone number, email address, device identifiers, and transaction history to provide EMI-regulated wallet services.
2. How We Use Your Data
Your data is used for KYC verification, transaction processing via RAAST/1Link, AML/CFT compliance screening, and BNPL credit scoring. We do not sell personal data to third parties.
3. Data Sharing
Data is shared only with: State Bank of Pakistan (SBP) for regulatory compliance, NADRA for identity verification, 1Link for payment routing, and licensed banking partners for fund settlement.
4. Data Retention
Transaction records are retained for 7 years per SBP AML regulations. KYC documents are retained for the duration of account existence plus 5 years.
5. Your Rights
You may request data access, correction, or deletion (subject to regulatory requirements) by contacting privacy@mappay.pk. Accounts subject to active investigations cannot be deleted.
6. Security
MAP Pay uses PCI-DSS compliant infrastructure, AES-256 encryption, and HSM-secured key management. All transactions are protected by 2FA and biometric authentication.
7. Contact
For privacy queries: privacy@mappay.pk
MAP Pay (Pvt.) Ltd, Lahore, Pakistan
SBP EMI License: Pending (Application 2026)
