At NolCard.org, we take your digital privacy and financial security with the utmost seriousness. This comprehensive policy outlines our stringent practices regarding the collection, use, retention, and protection of your personal and transactional information when interacting with our payment ecosystem.

1. Strict Data Minimization & Collection

We operate on a strict "Data Minimization" philosophy. We only collect the data absolutely necessary to process your transaction securely and provide required customer support. This specific data includes:

• Transaction Specifics: The 10-digit Nol Tag ID and the requested top-up fiat amount.
• Communication Data: Your Email address, utilized solely for the automated dispatch of digital tax receipts and critical transaction alerts.
• Technical Telemetry: IP addresses, browser user-agents, device fingerprints, and timestamp data. This is collected automatically by our firewalls exclusively for fraud prevention, server diagnostics, and DDoS mitigation.

2. Financial Data Handling & PCI Compliance

We categorically do not collect, process, or store full credit card numbers on our servers. All sensitive payment processing is offloaded to Level 1 PCI-DSS compliant payment gateways (e.g., Stripe, Checkout.com). When you enter payment details, the input fields communicate directly with the acquiring bank's encrypted network via iframes. Our servers only receive an opaque token confirming the success or failure of the charge.

3. Authorized Use of Information

The highly restricted information we collect is utilized exclusively in the following operational capacities:

• To programmatically process and route your top-up request via API to the central transport system ledger.
• To generate and email you an official, legally compliant receipt for your accounting purposes.
• To analyze aggregated, strictly anonymized technical data to improve UI/UX routing.
• To aggressively prevent fraudulent transactions, chargebacks, and comply with international Anti-Money Laundering (AML) standards.

4. Zero-Sale Policy & Third-Party Disclosure

We maintain a "Zero-Sale" policy. We do not sell, trade, broker, or rent your personal identification information to marketing agencies or third parties. We may share generic aggregated demographic information (e.g., "30% of traffic originates from mobile devices") with business partners. We will only release specific user information when legally compelled by a valid court order from UAE authorities, or to enforce our site policies against cyber attacks.

5. Cookie Policy & Session Management

Our application utilizes essential "cookies" to maintain secure user sessions during the multi-step checkout process. Furthermore, we may use strictly necessary analytical cookies to monitor server load. You retain the right to configure your web browser to refuse cookies; however, be advised that the payment gateway session management may critically fail without them.

6. User Consent & Data Rights

By engaging with our platform, you explicitly consent to this privacy policy framework. If you reside in a jurisdiction with specific data rights (e.g., GDPR), and wish to request a full export of your transaction history or request total data erasure (Right to be Forgotten), please formally contact our designated Data Protection Officer at info@nolcard.org.