Payment Processing
Payments are processed via [[Payment Gateway (e.g., HyperPay/Tap/PayTabs)]] with mada and international schemes, using tokenization and 3-D Secure where applicable. We do not store full card data; processors maintain PCI DSS certification.
Security Measures
- Tokenization: Card data is tokenized for secure processing
- 3-D Secure: Additional authentication layer for card transactions
- PCI DSS Compliance: All payment processors maintain PCI DSS certification
- No Card Storage: We do not store full card data on our servers
- Encryption: All payment transactions are encrypted in transit
Information Security Program
We operate an information security program aligned to SAMA Cybersecurity Framework. This includes:
- Regular security assessments and audits
- Access controls and authentication mechanisms
- Incident response and monitoring procedures
- Employee security training and awareness
- Data protection and privacy safeguards
Accepted Payment Methods
- Mada Cards: Accepted through our payment gateway
- International Cards: Visa, Mastercard, and other major schemes
- Digital Wallets: Where available through our payment processor
Electronic Contracts & Signatures
Electronic contracts, invoices and signatures are valid under KSA law. All electronic documents are legally binding and enforceable.
Transaction Security
Every transaction is protected by:
- Secure socket layer (SSL) encryption
- Fraud detection and prevention systems
- Real-time transaction monitoring
- Secure payment gateway integration
Your Responsibilities
To help maintain security:
- Keep your account credentials confidential
- Do not share your payment information with others
- Report any suspicious activity immediately
- Use secure networks when making payments
- Keep your devices and software updated
Data Protection
We are committed to protecting your payment information. All payment data is handled in accordance with:
- PCI DSS standards
- SAMA Cybersecurity Framework
- KSA data protection regulations
KSA Legal References:
- PDPL & Implementing Regulations; Personal Data Transfer Regulation (SDAIA).
- E‑Commerce Law & Implementing Regulations (Ministry of Commerce).
- Electronic Transactions Law & Implementing Regulations (Digital Government Authority).
- Telehealth/Telemedicine Rules (MOH / Saudi Health Council).
- SAMA Cybersecurity Framework & PCI DSS payment security requirements.
← Back to Home