Masarat for IT and Financial Services (“Masarat”), located in Tripoli, Libya, is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our mobile banking application, Musrfy Business (the “App”).

December 15th, 2024

This Privacy Policy covers existing features and services within the App, including:

• Money transfers for business accounts across Libyan banks via IBANs.
• NFC payment for contactless, secure, and fast transactions.
• The ability to generate and scan QR codes for an improved user experience.

We are constantly working on enhancing our services to provide a better user journey.

As part of our commitment to information security, Masarat has adopted ISO/IEC 27001:2022 standards to protect your data. Key measures include:

• Information Security Management System (ISMS): We have implemented an ISMS to manage and safeguard data comprehensively.
• Risk Management: We assess and mitigate risks related to the confidentiality, integrity, and availability of user data.
• Access Controls: Only authorized personnel have access to sensitive information.
• Regular Audits: We conduct regular internal and external audits to ensure compliance with ISO 27001 standards.
• Incident Management: A formal process is in place to handle security incidents effectively.

We may collect the following information to improve the performance and functionality of the App:

1. Personal Information

We may collect and process the following personal data:

• Account credentials: Username.
• Contact information: Name, phone number, email address.
• Camera access: To enable QR code scanning.

2. Non-Personal Information

We also collect non-personal information automatically:

• Device information: Model, operating system, device identifiers.
• App usage data: Includes information such as IP address, usage duration, activity logs, and diagnostic data.

To ensure the App functions as intended, it may request certain permissions. Below is an outline of these permissions and their purposes:

Required Permissions

• android.permission.INTERNET: Allows the App to connect to the internet for core functionalities like account verification and transaction processing.
• android.permission.READ_EXTERNAL_STORAGE: Allows reading external storage to display and generate PDF files (e.g., transfer receipts or account statements).
• android.permission.READ_MEDIA_IMAGES: Enables the App to access media files required for some functionalities.
• android.permission.USE_FINGERPRINT: Allows fingerprint authentication for secure logins.

Optional Permissions

You may deny these permissions if you are not using the associated features:

• Camera permission: For QR code scanning.
• Flashlight permission: Enables flashlight functionality during QR code scanning.
• Notification permissions: To receive account-related notifications.
• Vibration permission: To alert you via device vibration for critical notifications.

We use the collected data to:

• Improve the quality and functionality of our services.
• Facilitate seamless and secure banking transactions.

We do not share your personal information with third parties or store your financial data externally.

Masarat implements industry-standard security measures to protect your information from unauthorized access, alteration, or misuse. These measures include:

• Encryption: Data transmitted between your device and our servers is encrypted using HTTPS.
• Access controls: Only authorized personnel with legitimate business needs have access to user data.
• Regular security reviews: We conduct periodic security assessments to identify and mitigate potential vulnerabilities.
• Incident response: We have a defined process for identifying, investigating, and responding to security incidents.

While we strive to protect your information, please note that no security system is infallible.

We do not share your personal or non-personal information with any third parties unless required by law or with your explicit consent.

We may update this Privacy Policy from time to time to reflect changes in the App’s features or legal requirements. We encourage you to review this page periodically for updates.

If you have any questions or concerns about this Privacy Policy, please contact us:

• Email: support@masarat.ly
• Phone: +218 90 030 0900