Services / Privacy Policy

Privacy Policy

This Privacy Policy (“Policy”) is issued in compliance with Circular No. 12 of 2024 promulgated by the Securities and Exchange Commission of Pakistan (“SECP”), which mandates the public disclosure of a privacy policy by any entity engaged in the collection, processing, or use of personal information, including sensitive personal data or information, through digital platforms. Access to or use of Aitemaad mobile application and/or its allied website or related web-based platforms (“Aitemaad”), and any interaction with the services offered thereon (“Services”), shall constitute express and informed consent by the data subject (“User”) to the collection, use, processing, retention, and disclosure of Data (as defined herein) by Aitemaad, in accordance with the terms of this Privacy Policy and applicable law. This Privacy Policy shall be deemed to be incorporated into, and shall form an integral component of, the Terms of Use governing access to the Application. Any person who does not accept or agree with any provision of this Privacy Policy is advised to refrain from accessing Aitemaad or availing the Services.

Collection of Personally Identifiable Information

  1. Aitemaad, in its capacity as data controller, collects, processes, and retains personally identifiable information (“Personal Data”) from users of Aitemaad in accordance with applicable law, and with the informed consent of the User.
  2. Personal Data is collected for, among others, purposes of providing, enhancing, or customizing the Services (or overall experience); ensuring operational efficiency; maintaining the integrity and security of Aitemaad; resolving disputes; troubleshooting problems; analytical analysis; measuring consumer interest; informing User of offers (including products, Services, and updates); detecting or protecting against suspicious or illegal activity (without assuming any risk or liability thereof); enforcing Aitemaad’s terms and conditions (or contractual obligations); compliance with applicable regulatory or contractual obligations; conducting credit profiling; risk assessment, and loan facilitation services; enabling Aitemaad and its partners (including third parties) to offer customised financial products and services; facilitating onboarding and due diligence for third-party financial partners; and/or to exercise any other authorised use.
  3. Users may, subject to the requirements of specific functionalities or services, be required to provide certain categories of Personal Data at the time of registration, account creation, or while accessing specific features on Aitemaad. The categories of Personal Data that may be collected include, without limitation, the following: 

    a) Full name;
    b) Email address; 

    c) Residential or mailing address;
    d) Postal code; 

    e) Family information; 

    f) Educational institution details (e.g., university or college affiliation); 

    g) Telephone or mobile contact number;
    h) Computerized National Identity Card (CNIC) or Smart National Identity Card (SNIC) number;
    
i) Contact list from the User’s device;
    
j) Occupation or professional affiliation; 

    k) Age or date of birth; 

    l) Gender; 

    m) Account registration credentials (including passwords, security questions and responses); and 

    n) Personal descriptions, photographs, or biometric identifiers (where applicable).
  4. Where appropriate, Aitemaad may distinguish between mandatory and optional fields of data input. Users retain the right to withhold the provision of non-mandatory Personal Data; however, any refusal to provide mandatory Personal Data required for the operation of core functionalities may result in limited access to or unavailability of certain Services.
  5. In general, Users may access and browse certain portions of Aitemaad without disclosing Personal Data. However, the use of personalized or account-based services (including, without limitation, financial offerings facilitated through third-party service providers) require registration and the disclosure of specified Personal Data.
  6. Aitemaad may also collect additional transactional or behavioral data generated through the User’s activity on Aitemaad, including but not limited to browsing history, transaction records, and usage patterns, for purposes of service enhancement and regulatory compliance.

Collection of Primary Contact Information

  1. At the time of registration on Aitemaad, the User shall be required to furnish a valid mobile phone number and email address. These identifiers are collected for the primary purpose of uniquely verifying the identity of the User and ensuring that no unauthorized individual or device engages in access or transactions on the User’s behalf.
  2. Such contact details may further be utilized for the transmission of security alerts, onetime passwords (OTPs), transaction confirmations, service notifications, and other communications deemed necessary for the secure and uninterrupted provision of Services.
  3. The User acknowledges and agrees that the provision of accurate and current contact information is a precondition to the continued use of Aitemaad. Failure to provide or maintain valid credentials may result in the suspension, restriction, or termination of access to Aitemaad or the Services.

Device Permissions and Access

In order to ensure the secure and effective operation of Aitemaad and to comply with applicable legal and regulatory obligations, Aitemaad may request access to certain device-level features and data. Such access shall be requested through systemgenerated permission prompts. The categories of permissions and the purposes for which they are sought are set out below:

A. Camera Access: Access to the device’s camera may be required for, inter alia:

1. Capturing facial images for biometric identity verification;
2. Scanning official identification documents (e.g., CNIC, SNIC); and
3. Facilitating real-time video interactions in compliance with Know Your
4. Customer (KYC) regulations.

B. Microphone Access: Access may be required to, among others, conduct audiovisual KYC sessions or verbal authorizations where permitted.

C.Location Services (Geolocation Access): Aitemaad may access and process
geolocation data (GPS, cell tower triangulation, or Wi-Fi signal-based location data) for the purpose of, among others:

1. Verification of the User’s current or declared residential address as part of mandatory due diligence checks; Assessment of geographic consistency in User behavior to detect anomalies indicative of fraud or impersonation;
2. Credit scoring and location-based risk modelling, including the identification of high-risk zones or regions where Service provisioning may be restricted; and
3. Compliance with regulatory reporting obligations where the provision of location data is mandated by the financial regulator.

D.Contact List Access: Aitemaad may access the contact directory stored on the User’s device for the purpose of, inter alia:

1. Verification of identity by cross-referencing contact-based identifiers during onboarding or loan processing;
2. Credit risk profiling using network-based analysis, where such methodology is consistent with applicable legal and regulatory frameworks; and
3. Facilitating the identification of guarantors, or emergency contacts

E. Storage Access: Aitemaad may request permission to access the internal or external storage of the User’s device for the purposes of, among others


1. Uploading scanned identification documents, photographs, or other evidentiary materials required for regulatory compliance or service activation;
2. Downloading user-generated reports, account statements, or confirmations; and
Caching essential application data for improved performance and offline access, where applicable

The User may manage any of the aforementioned permissions at any time through device-level settings, to the extent enabled and subject to protocols of relevant platform. The User is advised, however, that revocation of essential permissions may result in degraded functionality or the unavailability of Services that are contingent upon such device-level access.

Collection and Use of Device Information

Aitemaad collects information from the User’s device in order to enable service functionality, ensure device-level security, and comply with regulatory and contractual obligations. The scope of such collection depends on, among others, the permissions granted by the User and the privacy controls configured on the device.

Upon installation of Aitemaad, Aitemaad may collect and store device-specific data tied to a unique device identifier. The categories of information collected from the User’s device may include, without limitation (“Device Information”):
a) Unique device identifiers, such as IMEI or Android ID;
b) Operating system version and SDK version;
c) Mobile network and carrier details, including SIM serial number and SIM slot
information;
d) Wi-Fi network metadata (e.g., SSID, MAC address);
e) Device profile and behavioral attributes;
f) List of installed applications;
g) Device metadata and identifiers, including but not limited to device type/model;
and
h) Session logs.

The Device Information collected may be processed and used for, inter alia, the
following purposes:
a) To establish and verify the User’s identity and device integrity;
b) To administer, improve, and secure Aitemaad and Services;
c) To conduct credit profiling, risk assessment, and loan facilitation services;
d) To enable Aitemaad and its third-party lending partners to offer customised
financial products and services;
e) To analyse usage patterns and technical diagnostics, and maintain operational
security;
f) To send service-related communications, including notifications and responses
to user queries;
g) To manage the User relationship and provide updates on relevant offerings;
h) To conduct data analytics aimed at service improvement and innovation;
i) To ensure compliance with applicable laws and regulatory directives;
j) To facilitate onboarding and due diligence for third-party financial partners; and
k) To exercise any other authorised use.

Device Information may be retained for such duration as is deemed necessary by Aitemaad, including to provide the Services, comply with legal obligations, resolve disputes; and enforce contractual agreements.

Data Security and Hosting

  • Aitemaad adopts and implements appropriate technical and organizational measures designed to ensure the security of Data collected through Aitemaad. All communications between the User’s device and Aitemaad’s servers, including the transmission of Data are secured using 256-bit Secure Socket Layer (SSL) encryption and are conducted over Hypertext Transfer Protocol Secure (HTTPS) channels.Further, Aitemaad, among others, offers security features like OTP verification, and takes active steps intended to enhance Data security. 
  • Data collected through Aitemaad is stored on secure cloud infrastructure physically located within Pakistan. As of the date hereof, cloud hosting services are provided by Cyber Internet Services (Private) Limited. Aitemaad reserves the right to engage other or alternative service providers for Data hosting purposes
  • Notwithstanding the foregoing, the User acknowledges that no Data transmission over the internet or method of electronic storage is entirely secure. Aitemaad disclaims, to the extent permitted by law, any liability for unauthorized access, disclosure, loss, or destruction of Data arising from risks inherent in the use of digital platforms, and/or those arising from any action, omission, or lack of diligence of User.

Collection of Application Usage and Installed App Dat

  • Aitemaad may collect metadata regarding the applications installed on the User’s device (“App Usage Data”) for, inter alia, behavioural analysis, fraud prevention, creditworthiness assessment, and risk modelling.
  • The data so collected may include, without limitation, the names, categories, and installation timestamps of applications present on the User’s device.
  • All App Usage Data is transmitted to Aitemaad’s designated servers, currently hosted at https://www.4sightpk.com. This information is processed for legitimate business purposes aligned with this Privacy Policy.
  • All processing of App Usage Data is intended to comply with provisions of this Privacy Policy and applicable law.

Collection of Non-Personal and Behavioral Informatio

  • Aitemaad may automatically collect and process certain non-personally identifiable information (“Non-Personal Data”) generated through the User’s interaction with Aitemaad, or associated web interfaces. Such data may be collected through direct interaction, system logs, browser identifiers, or automated tracking technologies.
  • The categories of Non-Personal Data collected may include, without limitation:
a) The Internet Protocol (IP) address assigned to the User’s device;
b) The uniform resource locator (URL) of the webpage visited immediately prior to accessing or after exiting Aitemaad, regardless of whether such page is hosted by Aitemaad;
c) Browser type, version, language preferences, and access timestamps;
d) Clickstream data, including navigation patterns and feature usage within Aitemaad; and
e) Aggregated or anonymized metrics regarding user demographics, preferences, and device activity.
  • The foregoing information is used to, among others, perform internal research, develop statistical insights, assess system performance, improve user experience, and enhance the security and functionality of Aitemaad.
  • In addition, Aitemaad may use cookies or similar tracking technologies (such as local storage, beacons, or session identifiers) to collect technical and behavioral information during the User’s visit to Aitemaad, or its web-based services. Cookies are small text files placed on the User’s browser or device that facilitate session continuity, user preferences, authentication, analytics, and personalization of content.
  • The User may choose to disable cookies via their browser settings; however, doing so may impair or restrict access to certain functionalities of Aitemaad or website. By continuing to use Aitemaad without disabling cookies, the User consents to the use ofcookies in accordance with this Privacy Policy.
  • If a User initiates a transaction via Aitemaad, including through third-party interfaces, Aitemaad may collect anonymized information related to the User’s purchasing or financial behavior for, inter alia, service provision, transaction tracking, and dispute resolution.
  • Any personal or non-personal correspondence submitted by the User to Aitemaad (including through email, letters, or in-app communication), or received by Aitemaad from third parties concerning the User’s use of Aitemaad, may be retained in a Userspecific file for period deemed appropriate by Aitemaad to enable, among others, record-keeping, support, or legal compliance.

Disclosure and Transfer of Data to Third Parties

Aitemaad may disclose, share, or otherwise transfer any Data (including Personal Data, primary contact information, Device Information, App Usage Data, and/or NonPersonal Data – Collectively, “Data”) collected through Aitemaad to third parties for the purpose of, among others:
a) where such disclosure is necessary for the performance of the Services or functionality of Aitemaad;
b) where it is required by law or a regulatory authority; or
c) where the User has provided express and informed consent



Data may also be shared or disclosed under following circumstances:

A. Authorized Financial and Technology Partners: Aitemaad may share Data with duly authorized service providers and financial partners including mobile wallet operators, licensed credit institutions, credit bureaus, and affiliated fintech platforms for identity verification, loan processing, payment facilitation, credit profiling,and other services directly linked to the functionality of Aitemaad.
B. Data Analytics and Platform Enhancement: Data may be disclosed to third-party partners engaged to support application analytics, usage optimization, and the development of user-oriented features
C. Compliance with Legal and Regulatory Obligations: Aitemaad may disclose Data
to governmental agencies, regulatory bodies, law enforcement authorities, or other competent institutions where such disclosure is:
i. mandated under applicable laws, rules, or directives;
ii. necessary to respond to lawful requests, subpoenas, or court orders;
iii. required to prevent or investigate suspected illegal activity or fraud; or
iv. necessary to enforce Aitemaad’s Terms of Use or protect its legal rights, systems, or users.
D. Corporate Restructuring and Transfers: In the event of a merger, acquisition, reorganization, or sale of business assets, Aitemaad may transfer Data to the relevant third party as part of the transaction.
E. Integration with Third-Party SDKs: Aitemaad includes integration with a registered third-party software development kit (SDK) that enables the collection of technical and behavioral data for credit risk assessment and fraud detection. Aitemaad requires that SDK integration partners implement appropriate data protection safeguards, however, Aitemaad does not assume liability for the independent actions of such third parties.
F. Credit Assessment and Verification Partners: Aitemaad includes integration with a registered third-party software development kit (SDK) that enables the collection of technical and behavioral data forData may be shared with authorized third-party verification and data source providers, including licensed credit bureaus and scoring platforms, for purpose of conducting creditworthiness assessments or fulfilling due diligence obligations related to loan or facility applications
G. Monitoring and Technical Support Partners: Data may be shared with technology
vendors and operational support providers tasked with monitoring application usage,
conducting system diagnostics, ensuring cybersecurity, and maintaining service
continuity.
H. Verification Partners: Aitemaad may share Data with its partners, affiliates, subsidiaries, associate companies, and/or other related parties to, among others, enable Service provision, enhancement, customization, integration, and/or improvement.

Links to Third-Party Website

  • Aitemaad and associated website may contain hyperlinks or references to external websites, platforms, or applications (“External Sites”), including those that are owned, operated, or controlled by third-parties.
  • Users are advised that External Sites may have their own privacy policies and data collection practices that differ from those of Aitemaad. The inclusion of a link to any External Site does not imply endorsement or assumption of responsibility by Aitemaad for the content, practices, or policies of such site.
  • Aitemaad disclaims any liability for the privacy practices, security standards, or content of External Sites. Users who choose to access such links do so entirely at their own risk, and are strongly encouraged to review the privacy policies and terms of use applicable to each such External Site prior to disclosing any personal data.

Amendments to this Privacy Policy

  • Aitemaad reserves the right, at its sole discretion, to revise, amend, alter, modify, or update this Privacy Policy, in whole or in part, at any time and for any reason including, without limitation, to reflect changes in legal or regulatory requirements, technological advancements, operational purposes, or business needs or practices
  • Unless otherwise specified, revised versions of the Privacy Policy shall take effect immediately upon amendment being incorporated therein. Continued access to or use of Aitemaad or Services following the effective date of any amendment shall constitute conclusive acceptance by the User of the revised Privacy Policy
  • Users are encouraged to review this Privacy Policy periodically to remain informed of their rights and obligations, and of any changes in Aitemaad’s Data handling practices.

Amendments to this Privacy Policy

By accessing or using Aitemaad, and by voluntarily providing Data through any interactive feature, form, or process, the User hereby confirms and affirms their free, informed, and explicit consent to the collection, use, processing, retention, and disclosure of their Data in accordance with the terms of this Privacy Policy.
  • Such consent shall include, without limitation, consent to:
a) the processing of Data for the purposes specified herein;
b) the disclosure of Data to third parties as outlined herein; and
c) any cross-border transfer, data profiling, or analytics-based processing of Data as may be required for the performance of the Services, or other reasons deemed necessary by Aitemaad.
  • The User may revoke consent at any time, but any such revocation shall not apply in respect of any information collected, used, processed, retained, and/or disclosed by Aitemaad prior thereto, and/or in respect of any use or processing of already collected or retained information. Revocation of consent may be affected by disabling relevant permissions, adjusting account settings (where applicable), or submittinga written request to Aitemaad in accordance with the contact details provided below.
  • Any withdrawal of consent may result in partial or complete restriction of access to the Services

Contact Information

For any inquiries, concerns, requests, or complaints regarding this Privacy Policy, the processing of Data, or the operation of Aitemaad, you may contact Aitemaad using the following channels:

Application: Aitemaad (available on supported mobile platforms)

Customer Support Email:
aitemaad@4sightpk.com
cs@aitemaadloan.com

Business Hours: 10:00 a.m. to 6:00 p.m., Monday through Friday (excluding public holidays observed in Pakistan)

Aitemaad endeavors to respond to all queries and requests within a reasonable time period, in accordance with applicable law and internal policy.

Limitation of Liability

  • By accepting the terms of this Privacy Policy, User agrees to indemnify, release, and hold Aitemaad, its affiliates, and each of their officers, directors, other users, employees, attorneys and agents from and against any and all claims, costs, damages, losses, liabilities and expenses (including attorneys’ fees and costs) arising out of or in connection with User’s violation or breach of the terms of use of Aitemaad; any applicable law or regulation, whether or not referenced herein; violation of any rights of any third party; supply of incorrect, inaccurate, or incomplete Data; and/or matters related to, arising out of, or connected with use or misuse of the Aitemaad or Services.
  • The information, recommendations, and content provided to are for general information purposes only and do not constitute advice. Use of the Aitemaad and/or Services are at User’s own sole risk. Aitemaad shall not be liable for any damages resulting from the use of (or inability to use) Aitemaad or Services, including damages caused by malware, viruses or any incorrectness or incompleteness of the Data. Aitemaad shall further not be liable for damages resulting from the use of (or the inability to use) electronic means of communication including but not limited to, damages resulting from failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses. Without prejudice to the foregoing, and insofar as allowed under law, Aitemaad’s aggregate liability (including general, tortious, or special damages) to User shall, under no circumstances, exceed the cumulative loan amount extended to respective User.