Privacy Policy

Welcome to DATALOOM (“we,” “us,” or “our”). We are committed to safeguarding your privacy and maintaining the confidentiality, integrity, and security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and protect your data when you interact with our platform, products, or services.

Scope of this Policy

This policy applies to personal information collected by DATALOOM directly from sub-merchants and, to a limited extent, from their customers through our API services. It does not cover data independently collected by sub-merchants, for which they remain solely responsible.

Information We Collect

We collect only minimal personal data, and strictly for technical and operational purposes. The data we collect includes:

  • Customer Name
  • Customer Phone Number

Note: Sub-merchants may collect and store additional data (e.g., CNIC, email, address, transactional history). DATALOOM does not collect, store, or process such additional data. Customers should refer to the respective sub-merchant’s privacy policy for information on how that data is handled.

Purpose of Data Collection
  • To enable and operate our API-based services used by sub-merchants
  • To ensure transactional continuity, security, and operational integrity of the platform
  • To communicate with sub-merchants regarding API performance, security incidents, or misuse

We do not use customer information for marketing, profiling, or resale purposes.

Data Sharing and Disclosure

We do not sell, lease, or trade customer information. However, we may disclose limited data (name and phone number) under the following circumstances:

  • Legal Obligations: Where required by applicable law, regulation, court order, or lawful request from government agencies.
  • Service Providers: To third-party infrastructure or cybersecurity providers involved in the secure maintenance of our systems, under strict confidentiality agreements.
  • Audit or Compliance Requirements: Where essential to protect our systems or ensure legal compliance.

DATALOOM expects all sub-merchants to independently ensure the privacy and lawful handling of their customer data in accordance with applicable laws.

Data Security

We implement industry-standard and regulatory-compliant security measures to protect personal information, including:

  • End-to-end encryption of API communications
  • Access controls and authentication for internal system access
  • Secure data storage practices
  • Regular security audits and infrastructure hardening

While we take all reasonable precautions, no data transmission over the internet can be guaranteed to be 100% secure. Users acknowledge this inherent risk.

User Rights

Individuals whose data (name and phone number) is collected may request the following from DATALOOM:

  • Access to their stored information
  • Correction of inaccurate data
  • Erasure of their data, subject to lawful data retention requirements

To exercise these rights, users may contact us via the email provided below. For any data outside DATALOOM’s scope, users should directly contact the sub-merchant from whom the data was originally collected.

Sub-Merchant Obligations

All sub-merchants utilizing DATALOOM APIs and infrastructure are contractually bound to:

  • Collect and process customer data in accordance with applicable laws, including data protection regulations (e.g., PECA 2016, GDPR where applicable)
  • Maintain their own comprehensive privacy policy
  • Disclose their data handling practices transparently to customers
  • Take reasonable security measures to prevent unauthorized access, loss, or misuse of customer data

DATALOOM reserves the right to suspend or terminate API access in case of breach of data protection obligations.

Retention of Data

We retain minimal customer data only for as long as necessary to:

  • Fulfill the operational purpose for which it was collected
  • Comply with applicable legal, tax, regulatory, or contractual obligations
  • Investigate fraud or abuse (if necessary)

After the retention period expires, data is securely deleted or anonymized.

Changes to This Privacy Policy

DATALOOM may update this Privacy Policy from time to time. Material changes will be notified via email or platform notice, and the “Effective Date” will be revised accordingly. Continued use of our services after such updates constitutes acceptance of the revised policy.

Contact Us

If you have any questions, concerns, or requests regarding this policy, please contact us at:

Effective Date: 09-10-2024