Skip to main content

Privacy Policy

Effective Date: 10/12/2025

Our Commitment to Privacy (Serious Privacy Commitment)

At Masarat for IT and Financial Services, we treat your privacy and data security with the utmost seriousness. We are committed to maintaining the confidentiality and integrity of your financial and personal information. Our commitment goes beyond mere compliance; it is fundamental to the trust you place in us as a financial technology provider. We strictly adhere to best practices, industry standards (including ISO 27001), and all applicable Libyan banking regulations to ensure your data is always protected.

1. Introduction

This Privacy Policy explains how Masarat for IT and Financial Services (“Masarat”, “we”, “us”, or “our”) collects, uses, discloses, and protects your information when you use the Msarfey Plus mobile application (“Application” or “Service”).

By using the App, accessing your account, or clicking “I Agree” during the registration process, you acknowledge and agree to the terms of this Privacy Policy, including the collection, use, sharing, and retention of your personal and financial data for the purposes of service provision, identity verification (KYC), and regulatory compliance, as detailed herein.

2. Definitions

  • Account: A unique profile created for accessing the Service.
  • App / Application: The Msarfey Plus mobile app provided by Masarat.
  • Bank: Jumhouria Bank (A Libyan bank owned by the government).
  • Company: Masarat for IT and Financial Services, Tripoli, Libya.
  • Personal Data: Any information relating to an identifiable individual.
  • KYC: Know Your Customer identity verification.

3. Data We Collect

We collect different types of information to provide our services, verify your identity, and comply with banking regulations.

3.1. Personal Data You Provide

We collect the following information directly from you when using the App:

  • Name, email, phone number
  • Passport / national ID details
  • Beneficiary information
  • Transaction data and account-related information
  • Images and videos (for KYC)

3.2. Usage Data (Automatic)

This includes:

  • Device information
  • IP address
  • System activity logs
  • Diagnostic data

4. App Permissions & Device Access (Bulleted List)

To provide core banking and regulatory services, the App may request access to specific device features. These permissions are only used for the features you choose to use.

  • Camera: Used for capturing selfies for identity verification, taking photos of IDs, passports, and documents, scanning QR codes for payments, and Mobile check deposit. The camera is never used for any other purpose.
  • Photos / Media (Read Images & Video): Used to read the selfie or document images you submit for identity verification and liveness detection. The App only reads the specific photo or video you select and does not browse or scan your gallery.
  • Location: Used to display nearby ATMs and branches. Location data is not stored.
  • Microphone (Record Audio): Used exclusively for the Voice Assistant feature to process spoken commands. Audio is not stored or shared.
  • Audio (Read Audio Files): Used only to support accessibility and ensure the proper functioning of the voice assistant. The App does not collect or process your personal audio files.
  • NFC: Used to enable features such as contactless payments, if your device supports it.

5. How We Use Your Personal Data

We use personal data to:

  • Provide and operate the Service.
  • Authenticate users and secure their accounts.
  • Perform KYC identity verification using your selected images and liveness videos, and compare your selfie to your passport/ID image.
  • Detect fraudulent or suspicious activity.
  • Process payments and transactions.
  • Comply with banking, local, and audit obligations.

6. Data Sharing and Third Parties

We do not sell or trade your personal information. We may share minimal required data with:

  • The Bank: Jumhouria Bank, for processing transactions, maintaining accounts, and KYC compliance.
  • Central Bank of Libya (LyPay & OnePay): Data for IBAN transfers (LyPay) and OnePay transactions may be shared securely with authorized payment processors and Regulators for Central bank of Libya.
  • Regulatory Authorities: As required by law or regulation.

7. Data Retention

We retain data only for:

  • Legal obligations.
  • Transaction history.
  • AML/KYC rules.
  • Fraud monitoring.

8. Security of Data (ISO 27001 Compliance)

We apply advanced security controls to protect your data:

  • Encryption in transit and at rest.
  • Multi-layer authentication.
  • Secure storage compliant with ISO 27001.
  • Regular audits and vulnerability assessments.

9. Your Rights and Data Deletion (Regulatory Compliance)

You have the right to request access, correction, restriction, and, where legally permissible, the deletion of your Personal Data.

Data Deletion Request Procedure:

  • Deletion Request: You may submit a request to delete your account and associated Personal Data by contacting the Bank or our support team (details below).
  • Regulatory Priority: Please be advised that the deletion of certain transaction, identity, and security-related data is subject to mandatory minimum retention periods established by the Central Bank of Libya (CBL).
  • CBL Compliance: We must comply with the proper legal channels and retention regulations, including those outlined in Statement Number (18) of the Central Bank of Libya’s retention regulations. Data required for anti-money laundering (AML), fraud prevention, and audit purposes will be retained until the legally mandated period has expired.

10. Children’s Privacy

The App is not intended for users under 18. If data from a minor is discovered, it will be deleted.

11. Updates to This Policy

We may update this Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page. Significant changes will also be communicated via email and/or a prominent notice on Our Service, prior to the change becoming effective, and we will update the “Effective Date” at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

12. Contact Us

If you have any questions about this Privacy Policy, You can contact us:

Used By Dorcas Theme