Privacy, the YAP Way
At YAP, your data belongs to you. We just help keep it safe, secure, and used
responsibly, exactly how you’d expect from your fintech partner.
1. Introduction
At YAP Pakistan (“YAP Pakistan,” “we,” “our,” or “us”), your privacy matters. We are committed to safeguarding the personal information of all customers and visitors to our websites, mobile apps, and branchless-banking services (collectively, the “Services”). This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the choices you have. If you have any questions, please contact us at privacy@yappakistan.com.
By accepting this Privacy Policy and our Terms & Conditions during registration or by using our Services, you express consent to the collection, processing, storage, use, and disclosure of your personal information as described below. You may withdraw your consent at any time (except where the information is required to provide the Services), exercise your privacy rights, or ask questions by emailing us at the address above.
We process your information in accordance with all applicable Pakistani laws and regulations, including (but not limited to) the SBP Branchless Banking / EMI regulations (https://www.sbp.org.pk/psd/2023/C3-Enclosure-Regulations-EMIs.pdf) issued on April 2019, revised June 2023, and any relevant data-protection requirements.
2. Information We Collect
When you sign-up for our products & services from YAP Pakistan, we collect the information you choose to provide. Our primary goals are to offer a safe, efficient, and customised experience and to protect your interests. The information we may collect includes, but is not limited to:
Identifying data
Name, CNIC number, date of birth, residential address, contact numbers, email address, father’s / mother’s / spouse’s name
Biometric & identity data
Selfie or live-liveness capture via camera (mandatory under SBP “Customers’ Digital On-Boarding Framework,” Rev. 30 Apr 2022, sections 4a–4b), optional photo uploads (with in-app permission), fingerprints, signatures
Financial data
Debit/credit-card details, bank-account numbers, transactional history, lifestyle or spending patterns
Usage data
Transaction type, date, time, location, IP address, browser type, device information, page-view statistics, traffic logs, and data
Correspondence
Emails, in-app messages, Push notifications, SMS, customer-support calls, feedback, ratings, or complaints
Additional verification data
Utility bills, employment information, proof of incomes / source of funds, official work address, or other documents we may request to authenticate your identity & compliance or investigate policy violations
Camera & TrueDepth API (Liveliness Check & Biometric)
Our mobile app uses the device’s camera and Apple’s TrueDepth API solely to confirm liveness for identity verification. We DO NOT share any captured data through this API with any third party.
3. How We Use Your Information
We never sell or rent your personal data to third parties for marketing without your explicit consent. We may combine your information with data from our affiliates or service providers to improve our Services and better understand your needs. We use your information to:
- Provide, operate, and maintain the Services
- Deliver products (physical or digital) that you order
- Authenticate and verify your identity, including liveliness checks and biometric validation
- Facilitate payments, collections, and settlements
- Detect, prevent, or investigate fraud, money-laundering, or other illegal activities
- Resolve disputes, troubleshoot issues and secure payments
- Personalise and enhance your user experience, content and advertising
- Notify you of new or existing promotions, products, services, and features
- Enforce our Terms & Conditions and other policies
- Comply with legal obligations and requests from regulators or law-enforcement agencies
4. Sharing & Disclosure
We disclose personal information only in accordance with Pakistani law and this Policy:
- Service Partners & Affiliates – Banks, payment gateways, telecom operators, vendors and other partners that perform services on our behalf (e.g., transaction processing, account verification, customer-support functions).
- Regulators & Law Enforcement – State Bank of Pakistan, FIA, courts or other governmental bodies when required by law, regulation, or a valid legal request.
- With Your Consent – Third parties to whom you explicitly direct us to disclose information (e.g., billers, merchants or loyalty-programme partners).
We take reasonable steps to ensure all recipients only process your data for authorised purposes, maintain confidentiality and apply adequate security controls.
5. Your Choices & Rights
Your Privacy Rights
Subject to applicable law, you have several important rights regarding your personal information.
Subject to applicable law, you may:
- Access, correct or update certain personal information in your account settings.
- Withdraw consent or request deletion (where we do not have overriding legal grounds to retain the information).
- Object to or restrict processing of your information for direct-marketing purposes.
- Request a copy of the personal data you provided in a portable format.
To exercise these rights, email privacy@yappakistan.com or use the in-app privacy tools. We will respond within the time limits prescribed by the law.
6. Account & PIN Protection
Keep Your PIN Safe
Your 4-digit PIN is the key to your account. Never share it with anyone, including YAP Pakistan staff.
Your 4-digit PIN is the key to your account. Choose a strong MPIN (avoid sequences such as “12345” or repeating digits), do not store it on your device, and never share it—even with us. Certain transactions also require a unique reference number or passcode, which must similarly remain confidential. If your MPIN, passcode, or SIM is lost or compromised, notify YAP Pakistan immediately so we can suspend or block the Service; you’ll be liable for transactions authorised before such notification.
7. Data Security
Customer data is stored on secure servers and is encrypted. We treat your information as a critical asset and protect it using industry-standard security measures, including encryption, firewalls, role-based access controls and physical safeguards. Despite robust measures, no system is completely foolproof; therefore, you also play a vital role in safeguarding your credentials and devices.
We periodically review and update our security practices. If we make material changes to this Policy, we will notify you via email or in-app notification and post the revised Policy with an updated “Last updated” date.
8. Retention
We retain personal information only as long as necessary for the purposes described above, to comply with legal or regulatory requirements, or to resolve disputes. Once data is no longer required, we securely destroy or anonymise it.
We periodically review and update our security practices. If we make material changes to this Policy, we will notify you via email or in-app notification and post the revised Policy with an updated “Last updated” date.
9. Contact Us
If you have questions, concerns, or complaints about this Privacy Policy or YAP Pakistan’s privacy practices, please reach out to:
