Sign up

Privacy Policy

This Privacy Policy explains how Toward Technology Company (“Toward Technology”, “TowardPay”, “we”, “our”, or “us”) collects, uses, stores, shares, and protects personal data when merchants, users, customers, partners, or visitors use our websites, mobile applications, ECR/POS services, support channels, and related business services (collectively, the “Services”).

This policy is intended to be a simple privacy notice for our business and application users in the Kingdom of Saudi Arabia. It should be read together with any contract, service agreement, or user terms that apply to a specific product or service.

1. Personal Data We May Collect

Depending on the Service used, we may collect the following types of personal data:

  • Merchant and business information, such as company name, branch details, commercial details provided to us, tax/VAT information, national address, and authorized contact persons.
  • User and contact information, such as name, work email address, mobile number, job role, username, account role, and support contact details.
  • Application and device information, such as device ID, terminal ID, app version, operating system, IP address, login activity, audit logs, error logs, and security events.
  • Transaction and operational information, such as sale/refund records, receipt and invoice data, item details, prices, taxes, timestamps, settlement or reconciliation references, and payment status information.
  • Customer support information, such as inquiries, complaints, call/email/chat records, attachments, feedback, and troubleshooting information.
  • Website information, such as cookies, browser type, pages visited, visit time, and basic analytics information, when our website is used.

We do not intentionally collect or store card PINs, CVV codes, or full payment card numbers in our ECR application. Where card or digital payments are used, payment information may be processed by authorized payment service providers, banks, acquirers, or terminal providers according to their own security and regulatory requirements.

2. How We Collect Personal Data

  • Directly from you when you register, sign a contract, create an account, contact support, or use our Services.
  • From merchant administrators or business partners who create or manage user accounts for their organization.
  • Automatically from our applications, terminals, servers, systems, cookies, logs, and security tools.
  • From third-party service providers or integration partners where required to deliver, support, verify, secure, or improve the Services.

3. Why We Use Personal Data

  • To provide, operate, maintain, and improve our ECR, POS, payment-related, reporting, and support services.
  • To create and manage merchant accounts, user roles, branches, devices, terminals, and application access.
  • To process operational records such as receipts, invoices, refunds, reconciliations, reports, and service logs.
  • To provide customer support, respond to requests, fix errors, and investigate complaints or service issues.
  • To protect our Services against unauthorized access, misuse, fraud, cyber threats, or service disruption.
  • To comply with applicable laws, regulations, contracts, audit requirements, tax/accounting obligations, and lawful requests from competent authorities.
  • To send important notices about service updates, security, policy changes, or account-related matters.
  • To analyze usage and improve product quality, performance, reliability, and user experience.

4. Legal Basis for Processing

Where required by applicable law, we process personal data based on one or more of the following grounds: performance of a contract, compliance with legal obligations, the legitimate business interests of Toward Technology or our merchant customers, your consent, or other lawful grounds permitted under the applicable privacy and data protection laws of the Kingdom of Saudi Arabia.

5. Sharing and Disclosure of Personal Data

We do not sell personal data. We may share personal data only when needed for legitimate and lawful purposes, including with:

  • Merchant owners, administrators, or authorized users who manage their organization, branches, devices, staff, transactions, and reports.
  • Payment service providers, banks, acquirers, card schemes, terminal providers, or integration partners where required for payment-related processing and reconciliation.
  • Technology, cloud hosting, cybersecurity, analytics, support, maintenance, and communication service providers that help us operate the Services.
  • Professional advisers, auditors, insurers, and legal representatives where needed for business, legal, or compliance purposes.
  • Government, regulatory, law enforcement, court, or other competent authorities when required or permitted by law.
  • A successor entity in connection with a merger, acquisition, restructuring, or transfer of business, subject to appropriate confidentiality and legal safeguards.

6. Data Protection and Security

We apply reasonable administrative, technical, and organizational safeguards to protect personal data from unauthorized access, loss, misuse, alteration, disclosure, or destruction. These safeguards may include access controls, authentication, encryption where appropriate, monitoring, backups, staff awareness, logging, and security reviews. However, no system or internet transmission can be guaranteed to be completely secure.

7. Data Retention and Deletion

We retain personal data only for as long as reasonably needed for the purposes described in this policy, including service delivery, support, contracts, accounting, tax, audit, security, dispute handling, and legal or regulatory requirements. When personal data is no longer required, we will delete, anonymize, archive, or securely restrict it according to our internal procedures and applicable law.

Users or merchant administrators may request deletion or correction of personal data by contacting us at rnd@towardpay.com. We may need to verify the requester’s identity and authority before processing the request. Some records may be retained where required by law, contract, security, accounting, tax, audit, or regulatory obligations.

8. Data Transfers

We primarily process data in the Kingdom of Saudi Arabia or through service providers used to deliver our Services. If personal data is transferred or accessed outside the Kingdom of Saudi Arabia, we will take steps to ensure that the transfer is lawful and protected according to applicable data protection requirements, contracts, and safeguards.

9. Your Privacy Rights

Subject to applicable law and verification requirements, you may have the right to:

  • Be informed about how your personal data is collected and used.
  • Request access to your personal data.
  • Request correction of inaccurate, incomplete, or outdated personal data.
  • Request deletion of personal data where legally permitted.
  • Withdraw consent where processing is based on consent.
  • Request restriction of processing in certain cases.
  • Submit a complaint or objection regarding how your personal data is handled.

To exercise these rights, contact us at rnd@towardpay.com and include enough information for us to identify your account, company, branch, user ID, or related device/terminal, if applicable.

10. Cookies and Website Analytics

Our website may use cookies and similar technologies to keep the website functioning, remember basic preferences, improve performance, understand website usage, and support security. You can control cookies through your browser settings, but disabling certain cookies may affect website functionality.

11. Children

Our Services are intended for businesses, merchants, and authorized business users. They are not directed to children, and we do not knowingly collect personal data from children through our business Services.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our Services, business operations, legal requirements, or data protection practices. The updated version will be effective from the date stated at the top of the policy or from the date it is published, unless otherwise stated.

13. Contact Us

For privacy questions, requests, complaints, or account/data deletion requests, please contact:

Company Toward Technology Company
Email rnd@towardpay.com
Address Building 2887, Al Ubairid Ibn Almaedhir, Al Khalidiyah District, Jeddah 23422, Kingdom of Saudi Arabia
Short Address JEKB2887