top of page

Privacy Policy

Last Updated: 2026/02/08
This Privacy Policy explains how we collect, use, share, and protect personal data when you use the Maqsafy App/Website available at (www.maqsafy.com).

Maqsafy is a platform that enables schools to operate digital school services—depending on the school’s activation—including: School Canteen, Online Store, Trip Fees, Activity Fees, and Automated Dismissal Call.

This Privacy Policy is subject to the applicable laws and regulations in the Kingdom of Saudi Arabia, in particular the Personal Data Protection Law (PDPL) and its Implementing Regulations.

1) Who We Are
Maqsafy is an initiative of Commercial Settlement Company (Closed Joint-Stock Company), a Saudi company operating in the field of electronic payment solutions and digital service operations.

2) Scope of This Privacy Policy
This Privacy Policy applies to personal data collected and processed through:

  • The Maqsafy App/Website; and

  • Service-related operational channels (such as activation and support).

This Privacy Policy does not apply to websites or applications of third parties that may be accessed through links within the Service.

3) What Data We Collect

We collect the minimum necessary data to provide, operate, and improve the Service. Depending on the case, this may include:

3.0) Students and Minors

The data we process may include data relating to students (including minors). In such cases, the Service is typically used by a parent/guardian or their representative, and the school may provide us with student and parent/guardian data to operate the school services within Maqsafy according to the school’s activation of the Service. (sdaia.gov.sa)

A) Identity & Account Data

  • Name

  • National ID / Iqama (for the parent/guardian or the student where provided)

  • Mobile number

  • School information (such as the Ministry school code)

  • Activation and verification data (such as OTP verification codes)

 

(B) Student & School Services Data

  • Educational stage and grade

  • Records of usage of services within Maqsafy (Automated Call, Trip/Activity fees)

 

(C) Financial Transaction Data

  • Top-up / payment / purchase / refund transactions within the services (Canteen / Store / Trips / Activities)

  • Financial records needed for settlement and reporting, where applicable

 

(D) Technical & Security Data

  • IP address, device/browser type, login logs, error logs, and operational data necessary for platform security and service improvement.

4) How We Collect Data

We collect data from:

  • Data you provide directly during registration or while using the Service;

  • Data uploaded by the school to activate and operate the Service (e.g., student and parent/guardian data via a data template);

  • Service providers involved in delivering the Service to the minimum necessary extent (e.g., payment providers or OTP messaging providers).

 

5) Why We Use Your Data (Purposes of Processing)

We use personal data for the following purposes:

  • Creating the account, activating the Service, and verifying users;

  • Operating school services within Maqsafy (Canteen / Store / Trips / Activities / Automated Call);

  • Executing financial transactions and issuing necessary operational reports;

  • Technical support, customer service, and handling complaints and inquiries;

  • Protecting the platform, preventing fraud, and enhancing cybersecurity;

  • Compliance with legal requirements and responding to official requests from competent authorities.

5.1) Legal Basis for Processing

We process personal data based on applicable legal bases, including: (1) providing the Service and fulfilling contractual obligations with the user and/or the school, (2) complying with applicable legal obligations, and (3) your consent where required by law for certain purposes (such as certain marketing or personalisation activities, where implemented).

6) Sharing Data with Others

We may share your data—to the minimum necessary extent—with the following categories:

  • School / on-site school operators: to operate the services (e.g., preparing a canteen/store order or managing trips/activities);

  • Electronic payment providers: to process payments, verification, and documentation;

  • OTP / messaging providers: to send verification codes and operational notifications;

  • Hosting, infrastructure, and technical support providers within the Kingdom: to operate and maintain the Service;

  • Competent authorities: where required by law, a court order, or an official request.

6.1) Scope of Sharing

We share only what is necessary, depending on the service. For example:

  • With payment providers: transaction data necessary to process and verify payments.

  • With OTP providers: the mobile number and delivery data necessary to send verification codes.

  • With the school/operators: order/fees operational data necessary to deliver the service within the school.

We commit to taking organisational and contractual measures to protect personal data with service providers, where legally applicable.

7) Cross-Border Data Transfer

We do not transfer your personal data outside the Kingdom of Saudi Arabia. Data is hosted and processed within the Kingdom.

 

8) Data Retention and Disposal

We retain personal data for the period necessary to achieve the purposes stated in this Privacy Policy and to comply with applicable legal requirements. We then delete, destroy, or anonymise the data in accordance with our approved disposal policies.

Retention examples (may vary depending on applicable requirements and case):

  • Financial records and settlements: retained for periods required by applicable laws and regulations.

  • Security and operational logs: retained as needed for platform security, incident investigations, and service improvement.

  • Account data: retained for as long as the account is active, then deleted/disposed of under our disposal policy unless retention is legally required.

9) Information Security

We implement organisational and technical security controls to protect personal data (such as access control, logging and monitoring, backups, and incident response procedures) in alignment with the Essential Cybersecurity Controls (ECC 2-2024) as a minimum baseline reference.

 

10) Security Incidents

If a security incident affects personal data, we handle it through incident response, investigation, and remediation procedures, and we provide any legally required notifications when applicable.

11) Data Subject Rights and How to Exercise Them

A data subject may request to exercise their rights under the PDPL and its regulations (such as requesting access, correction, or other applicable rights).

To submit a privacy-related request:

We may request additional information to verify identity before fulfilling the request.

12) Messages and Notifications

We may send operational messages necessary to provide the Service (such as OTP codes, payment notifications, and transaction alerts).
Marketing messages (if any) will include an option to opt out through notification settings or by contacting us.

 

13) E-Invoicing (ZATCA) – Where Applicable

When issuing invoices or credit/debit notes related to services or tax requirements, this will be done in accordance with the ZATCA E-Invoicing (FATOORA) requirements and the applicable implementation phases.

 

14) Updates to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be published on the website/app, and continued use of the Service after publication will be deemed acceptance of the updates.

 

15) Contact Information

Commercial Settlement Company (Closed Joint-Stock Company) – Kingdom of Saudi Arabia
Email: info@maqsafy.com

Mobile: 00966556044457

bottom of page