Privacy Policy

Effective Date: 31/03/2026

Paywise LLC (doing business as Dibsy) (“Dibsy”, “we”, “our”, “us”) processes personal data as part of the services we provide to our merchants, their customers (consumers), business partners, and users of our website and applications.

Dibsy is a financial services company regulated by the Qatar Central Bank (QCB) and registered with the Qatar Financial Centre (QFC). We process personal data in full compliance with:

  • Law No. (13) of 2016 on the Protection of Personal Data Privacy (Qatar)
  • QFC Data Protection Regulations and Rules 2021
  • QCB Payment Services Regulations
  • Applicable international data protection standards

This Privacy Statement explains how we collect, use, share, and protect your personal data.

1. Who is Dibsy?

Dibsy is a payment service provider based in Qatar. We help businesses (our merchants) accept online and in-person payments from their consumers via credit/debit cards, wallets, and other methods.

You may interact with Dibsy when:

  • You sign up as a merchant or business partner
  • You make a payment via a business using Dibsy
  • You use our website or mobile app
  • You contact our customer support

We are a licensed PSP under QCB and follow both financial sector regulations and data protection laws applicable in Qatar and within the QFC.

2. Dibsy’s Responsibilities

Dibsy acts as a Data Controller for the majority of our processing activities. This includes:

  • Deciding what personal data is collected and how it is used
  • Ensuring data is processed lawfully and securely
  • Complying with obligations under QCB and QFC regulations

Dibsy may act as a Data Processor only in specific services, such as hosted checkout or invoicing solutions, where we process data under instructions from the merchant.

3. What Personal Data We Process

Dibsy processes personal data depending on your interaction with our services:

Merchant
Full name, phone, email, CR number, legal form, IBAN, login credentials, transaction logs, IP, browser/device info

UBO/Legal Rep
Full name, QID/passport, date/place of birth, face photo (for verification)

Consumer (Payer)
Card/wallet details, amount, device info, IP, name/email (if provided), purchased items (if relevant)

Business Partner
Contact details, ID (if required), communication history

Website User
IP address, browser/device, session data, location (via cookies)

Customer Support
All of the above, depending on inquiry type

4. Does Dibsy Process Sensitive Personal Data?

No. Dibsy does not intentionally collect special categories of personal data (e.g. race, religion, health) or data from minors. Our services are not intended for children. We advise parents/guardians to supervise online activity to prevent the submission of children’s data.

5. Why Does Dibsy Collect and Use Your Personal Data?

We process personal data for the following purposes:

For merchants and business partners

  • To assess and onboard your business
  • To verify your identity and company documents
  • To set up and manage your Dibsy account
  • To process payments and issue settlements
  • To comply with AML/CFT and QCB regulations
  • To communicate service updates and legal changes
  • To detect and prevent fraud or financial crime
  • To analyze and improve our services

For consumers (payers)

  • To process payments on behalf of a Dibsy merchant
  • To comply with legal obligations and fraud detection
  • To respond to inquiries or disputes
  • To log consent and receipt information
  • To enhance the payer experience and conversion

For website/app users

  • To enable login and preferences
  • To analyze site usage and performance
  • To personalize user experience
  • To send relevant marketing (with consent)

Dibsy limits the collection of personal data to what is necessary to provide its services and to comply with legal and regulatory requirements.

6. Why We Process Your Personal Data

We only process your personal data for lawful and clearly defined purposes, in line with Article 10 of QFC Data Protection Regulations and QCB AML/CFT Instructions.

  • Onboarding and verifying merchants — Contractual necessity / Legal obligation
  • Processing payments — Contractual necessity
  • Complying with QCB, AML/CFT & QFC laws — Legal obligation
  • Managing customer support and dispute resolution — Contractual necessity / Legitimate interest
  • Fraud detection and financial crime prevention — Legal obligation / Legitimate interest
  • Service improvements and analytics — Legitimate interest
  • Marketing communications — Consent

We do not use your data for any purpose that is incompatible with the original reason we collected it.

7. Retention Periods

We retain personal data in accordance with QCB Data Handling and Protection Regulation requirements, applicable AML/CFT laws, and QFC regulations. Retention periods are defined based on legal, regulatory, and business requirements.

  • Personal Data, PII and SPI: Minimum of 10 years
  • Sensitive Financial Information (SFI): Minimum of 10 years
  • Technical information (e.g. logs, system data): Minimum of 1 year
  • Transaction and merchant-related records: Retained in line with applicable regulatory and business requirements, which may extend beyond minimum regulatory periods
  • Cookies and usage logs: Up to 24 months
  • Marketing preferences: Until consent is withdrawn

Where required, Dibsy retains data for longer periods to comply with legal, regulatory, or contractual obligations.

Dibsy applies secure data deletion and destruction procedures once retention periods expire, ensuring data is irreversibly removed in accordance with regulatory requirements.

8. Your Rights

Under QFC Articles 13–20, you have the following rights:

  • Access to your personal data
  • Correction of inaccuracies
  • Erasure where appropriate
  • Objection to processing
  • Portability of your data
  • Restriction of certain processing
  • Contest automated decisions
  • Withdraw consent for optional processing
  • File a complaint with the QFC Data Protection Office

We respond to rights requests within 30 days, extendable to 60 days in complex cases.
Send requests to: privacy@dibsy.one.

9. Automated Decision-Making

In specific cases (e.g., fraud detection or onboarding risk scoring), Dibsy may use automated systems. You will be informed if an automated decision affects your rights, and you may:

  • Request human review
  • Object to the decision
  • Receive an explanation of the logic involved

We implement safeguards in line with QFC Rule 3(9).

10. Security Measures

Yes.In accordance with QFC Article 29, QCB Cybersecurity Framework, and PCI-DSS standards, we have adopted:

Technical Measures

  • Encrypted communication to ensure data is only accessible to intended parties
  • Tokenization to replace sensitive card data with secure substitutes
  • Firewalls and network segmentation to restrict and control access
  • Monitoring systems to detect unusual or potentially risky activity
  • Secure storage and management of credentials and encryption keys

Organizational Measures

  • Role-based access controls
  • Background checks for staff
  • Security and privacy training
  • Incident response plans
  • Periodic risk assessments and testing

11. Sharing Your Personal Data

Dibsy shares your personal data only when necessary and with safeguards in place:

  • Banks and card networks — Payment processing
  • Verification services — AML/KYC identity checks
  • Infrastructure/analytics providers — Hosting and system optimization
  • QCB, QFC, and law enforcement — Legal obligations
  • Business acquirers — M&A transactions (with notice)

Where required, Dibsy obtains consent before sharing personal data with third parties, unless such sharing is necessary for legal, regulatory, or contractual purposes.

Breach Notification

If a data breach occurs that may impact your rights, Dibsy will:

  • Notify QFC’s Data Protection Office within 72 hours (if required)
  • Inform affected individuals when there’s a high risk
  • Take steps to contain and prevent future breaches

12. International Transfers

If we transfer personal data outside Qatar or QFC:

  • We ensure the destination has adequate protection (per QFC Article 26)
  • Or we use Standard Contractual Clauses (SCCs)
  • Or obtain your explicit consent

Dibsy ensures that primary storage and processing of sensitive data is conducted within the State of Qatar, unless otherwise approved by the Qatar Central Bank.

We maintain a full list of cross-border processors available upon request.

13. Cookies

We use cookies for:

  • Necessary — Login, session, security
  • Functional — UI preferences
  • Analytics — Traffic and usage insights
  • Marketing — Targeted ads (only with consent)

We request your consent before placing any non-essential cookies. You can adjust preferences via your browser or our cookie banner.

14. Contact Details

Email: privacy@dibsy.one

If you believe your rights were violated, you may file a complaint with the QFC Data Protection Office at dataprotection@qfc.qa.

15. Changes to This Statement

We revise this policy as needed. Updates will be posted at www.dibsy.one/privacy-policy. If changes materially affect your rights, we will notify you by email or banner.