Privacy Policies:

1. Data Privacy
1.1. End Customers

We provide payment solution to Businesses where they connect our payment platform to their websites with their own payment gateway obtained from bank. We collect only the necessary information required for processing a payment like merchant order number, amount, currency and email id. Any other information is optional and is completely subjected to Merchant’s decision. We do not collect or capture any critical or sensitive information like cardholders data.

1.2. Merchants

As we provide SaaS based payment solution to merchants, we collect very basic information from merchants required for onboarding which are Merchant Legal name, Merchant Business name, Authorized signatory name and contact details, domain where merchant wants to install our application. Merchants create users who will have access to our Ottu application for regular operations. We generate the necessary logs for the user activity.

1.3. Transactions

We collect only the required information for processing transactions through payment gateway. We store the transaction information like request logs, gateway response logs and the response disclosed to merchants. Request logs are the transaction request details sent by the merchant to our application, Gateway response logs are the transaction details sent by the payment gateway after processing the transaction that includes transactional data only and Disclosed data includes the response that we send to the merchants based on transaction is successful or failed. We do not capture, transmit or store any card information from the end customers.

2. Data Security and Retention

We make reasonable efforts to secure data required for payment processing. We make organizational, technical and administrative efforts to protect any misuse of data. Data is limited for access to only designated employees in the organization. We also take adequate measure to protect data during transmission and storage. Data is transmitted securely through https by SSL - (Secure Sockets Layer) and TLS 1.2 which is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral Data is retained based on the merchant’s requirement and at their discretion. Customer data is encrypted when electronically stored. Customers data are not stored in any local hard drives, or other external or mobile media. We do not use customer data for any other use other than the payment processing.

3. Data protection rights

We make reasonable efforts to provide you the necessary rights and choices

a. The right to request Ottu for your personal data processing activities. b. The right to request us to make any corrections on the data c. The right to request us to erase any personal data d. The right to request us to restrict use of any personal data
4. Updates

We will post any changes or updates in our privacy policies in this page time to time.

5. Jurisdiction

We are a registered company in Kuwait and fall under the jurisdiction of Kuwait laws.

6. Contact Us

If you have any complaints or concerns you can email us or directly call us using the information in our Contact Us Page. You can also visit our office premise in the address mentioned in the contact us page.