Nami Logo

Privacy Policy

Last Updated: 7 May 2026

This Privacy Policy clarifies the framework of commitment of Lunar Space Financial Company (Nami) to the governance and protection of personal data, including its collection, use, storage, and disclosure when you use the service, and also clarifies the rights of data subjects and the mechanisms for exercising them, in accordance with the provisions of the Personal Data Protection Law issued by Royal Decree No. (M/19) dated 09/02/1443H and amended by Royal Decree No. (M/148) dated 05/09/1444H, and its Executive Regulations issued by the Saudi Data and Artificial Intelligence Authority (SDAIA), in addition to any relevant regulatory controls or instructions issued by the Saudi Central Bank (SAMA).

The Company is also committed to applying best practices and approved standards to ensure the confidentiality, integrity, and availability of personal data, and to reduce the risks of unauthorized access, use, or unlawful disclosure, in a manner that achieves compliance with the relevant legal and regulatory requirements.

We use your personal data to provide and improve the service. By using the service, you agree to the collection and use of information in accordance with this policy.

Company Introduction

Lunar Space Financial Company (Nami) is a Saudi payments company established in 2020, licensed and supervised by the Saudi Central Bank, specializing in enabling the retail sector through innovative payment solutions and advanced digital services. We help merchants simplify their financial operations and accelerate the growth of their businesses through easy and smart solutions within the Kingdom of Saudi Arabia.

Interpretation and Definitions

Interpretation

Words whose first letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for you to access our service or parts of our service.

Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares or ownership interests or other securities entitled to vote for the election of directors or other managing authority.

Company (referred to in this policy as “the Company” or “We” or “Us” or “Our”) refers to Nami Pay, Building No. 6367, Olaya Street, Al Wurud District, P.O. Box 12251, Riyadh, Kingdom of Saudi Arabia.

Cookies are small files placed on your computer or mobile device or any other device by a website, containing details of your browsing history on that website among its many uses.

Country refers to the Kingdom of Saudi Arabia.

Device means any device that can access the service such as a computer, a mobile phone, or a digital tablet.

Personal Data means any information that relates to an identified or identifiable individual directly or indirectly.

Service refers to the website and the related services.

Service Provider means any natural or legal person who processes the data on behalf of the Company, including third-party companies or individuals employed by the Company to facilitate the service or provide it or analyze how it is used.

Usage Data refers to data collected automatically, either generated by the use of the service or from the service infrastructure itself, such as the duration of a page visit.

Website refers to Lunar Space Financial Company – Nami, which can be accessed from:

 https://www.namipay.com.sa

You means the individual who accesses or uses the service, or the company or other legal entity on behalf of which such individual accesses or uses the service, as applicable.

Methods of Collecting Personal Data

We collect personal data through two main methods:

First: Collecting data directly from the data subject through the following methods:

  • Online registration forms.
  • Creating accounts or personal profiles.
  • Entering data in electronic fields, such as name, mobile number, and email.
  • Communicating with us through the website or customer service.
  • Submitting requests, inquiries, or complaints.
  • Your use of the services or products provided by the Company.

Second: Collecting data indirectly through the following methods:

  • Cookies and similar tracking technologies.
  • System logs.
  • Website analytics tools.
  • Device and browser information.
  • Internet Protocol (IP) address.
  • Data that may be obtained from service providers, partners, or other entities, when necessary to provide the service and in accordance with applicable laws.

Collection and Use of Your Personal Data

Types of Data Collected

Personal Data

While using our service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Such information may include, but is not limited to:

  • Account data: such as name, mobile number, email, and account/profile creation data.
  • Contact data: such as phone number, email, and address.
  • Payment and transaction data: such as financial transaction data, payment amounts, and transaction details related to the service.
  • Usage data: such as IP address, device type, browser type, visited pages, and date and time of use.
  • Cookies data: such as data collected through cookies or similar technologies.
  • Location data: when location services are enabled or when required to provide the service.
  • Data obtained from third parties: when necessary to provide the service or comply with legal requirements.
  • Any other data provided by you when using the service.

It will be clarified whether providing the data is mandatory or optional at the time of collection, depending on the nature of the service and the purpose of processing.

Usage Data

Usage Data is collected automatically when using the service.

Usage Data may include information such as your device’s Internet Protocol address (IP address), browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

When you access the service through a mobile device, we may collect certain information automatically, including the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use, unique device identifiers, and other diagnostic data.

We may also collect information that your browser sends whenever you visit our service or when you access the service through a mobile device.

Tracking Technologies and Cookies

We use cookies and similar tracking technologies to monitor activity on our service and store certain information. The tracking technologies used include beacons, tags, and scripts to collect and track information and to improve and analyze our service.

The technologies we use may include:

Cookies or Browser Cookies: A cookie is a small file placed on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our service.

Web Beacons: Certain sections of our service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Cookies can be “Persistent” or “Session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser.

We use both session and persistent cookies for the purposes set out below:

Necessary / Essential Cookies

Type: Session Cookies

Administered by: Us

Purpose: These cookies are essential to provide you with services available through the website and to enable you to use some of its features, such as authenticating users and preventing fraudulent use of user accounts.

Cookies Policy / Notice Acceptance Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These cookies identify if users have accepted the use of cookies on the website.

Functionality Cookies

Type: Persistent Cookies

Administered by: Us

Purpose: These cookies allow us to remember choices you make when you use the website, such as remembering your login details or language preference. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use the website.

Use of Your Personal Data

The Company may use personal data for the following purposes:

  • To provide and maintain our service: including to monitor the usage of our service.
  • To manage your account: to manage your registration as a user of the service. The personal data you provide can give you access to different functionalities of the service that are available to you as a registered user.
  • For the performance of a contract: the development, compliance, and undertaking of the purchase contract for the products, items, or services you have purchased or of any other contract with us through the service.
  • To contact you: by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including security updates, when necessary or reasonable for their implementation.
  • To provide you with news, special offers, and general information about other goods, services, and events which we offer: that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
  • Marketing communications consent: your personal data will not be used for direct marketing purposes unless your explicit prior consent is obtained. You have the right to withdraw this consent at any time through account settings or through approved communication channels, without affecting the lawfulness of processing based on consent before its withdrawal.
  • To manage your requests: to attend and manage your requests to us.
  • For business transfers: we may use your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets.
  • For other purposes: such as data analysis, identifying usage trends, determining the effectiveness of promotional campaigns, and evaluating and improving our service, products, services, marketing, and your experience.

We may share your personal information in the following situations:

  • With Service Providers: We may share your personal information with service providers to monitor and analyze the use of our service, as well as to contact you.
  • For Business Transfers: We may share or transfer your personal information in connection with any merger, sale of company assets, financing, or acquisition of all or part of our business by another company, or during negotiations for such transactions.
  • With Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to comply with this Privacy Policy. Affiliates include our parent company, any other subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
  • With Business Partners: We may share your information with our business partners to offer you certain products, services, or promotions.
  • With Other Users: When you share personal information or otherwise interact in public areas with other users, all users may view that information, and it may be publicly distributed outside the platform.
  • With Your Consent: We may disclose your personal information for any other purpose with your consent.

Disclosure of Your Personal Data

We may disclose your personal data in the following cases:

  • With service providers: such as technical service providers, hosting services, technical support, analytics providers, or other providers necessary for operating the service.
  • With regulatory or governmental authorities: such as the Saudi Central Bank or any competent authority, whenever required by law.
  • With affiliates: when necessary to provide the service, provided that they are bound by this Privacy Policy or equivalent data protection obligations.
  • With business partners: when needed to provide products, services, or offers related to the service.
  • In cases of business transfers: such as mergers, acquisitions, or asset sales, with notice to you where applicable.
  • With your consent: we may disclose your personal data for any other purpose based on your consent.

Personal data may be disclosed within the Kingdom of Saudi Arabia, and will not be transferred or disclosed outside the Kingdom except in accordance with applicable laws and after fulfilling the required legal requirements.

Disclosure may be one-time or periodic depending on the nature of the service and purpose.

The Company is committed not to disclose personal data except to the extent necessary to achieve the specified purpose.

Data Storage and Processing Location

Personal data is stored and processed within the Kingdom of Saudi Arabia or through approved service providers, in compliance with applicable legal and regulatory requirements.

In the event that it is necessary to store, process, or transfer personal data outside the Kingdom of Saudi Arabia, this will be carried out in accordance with the provisions of the Personal Data Protection Law, its implementing regulations, and any requirements issued by the competent authorities, ensuring an adequate level of protection for personal data.

Retention of Your Personal Data

The Company will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, or for as long as required to comply with legal and regulatory requirements, resolve disputes, or enforce legal agreements and policies.

The retention period varies depending on the type of data, the purpose of its collection, and applicable regulatory requirements. In general, data is retained for the duration of your relationship with us or for as long as necessary to provide the service. After that, it will be deleted or destroyed once the purpose of collection has been fulfilled, unless there is a legal requirement to retain it for a longer period.

The Company will also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to enhance security or improve the functionality of the service, or when the Company is legally obligated to retain it for longer periods.

After the purpose of data collection or the applicable retention period has expired, the Company will delete or securely destroy personal data in a manner that prevents access, recovery, or further use.

Rights of Personal Data Subjects

The data subject has the right to exercise their rights under the Personal Data Protection Law and its Implementing Regulations, including:

  • The right to be informed: This includes knowing the legal or practical basis for collecting their personal data and the purpose of such collection.
  • The right to access their personal data.
  • The right to request a copy of their personal data.
  • The right to request correction, completion, or updating of their personal data.
  • The right to request deletion of their personal data, where legal conditions apply.
  • The right to withdraw consent to the processing of personal data, where processing is based on consent.
  • The right to file a complaint with the competent authority.

These rights can be exercised by contacting the Company through the communication channels specified in this Policy, or through the channels approved by the Company.

The Company is committed to responding to data subject requests and fulfilling them without undue delay and within a period not exceeding 30 days from the date of receiving the request.

This period may be extended for an additional period not exceeding 30 days in cases where fulfilling the request requires disproportionate effort, or in the event that multiple requests are received from the data subject, provided that the data subject is notified in advance of the extension, with an explanation of the reasons for the delay and the expected timeframe for response.

Deletion of Your Personal Data

You have the right to delete or request our assistance in deleting the personal data we have collected about you, where applicable legal conditions are met.

Our service may allow you to delete certain information about yourself directly within the service.

You may update, modify, or delete your information at any time by logging into your account, if you have one, and visiting the account settings section, which allows you to manage your personal information. You may also contact us to request access to, correction of, or deletion of any personal information you have provided to us.

Please note that we may need to retain certain information when we have a legal obligation or lawful basis to do so.

Security of Your Personal Data

The security of your personal data is important to us. The Company is committed to taking appropriate administrative, technical, and organizational measures to protect personal data against loss, damage, leakage, unauthorized access, unlawful use, or unlawful disclosure.

These measures include, but are not limited to:

  • Data encryption where appropriate.
  • Access control and permission management.
  • Restricting access to data to authorized personnel only.
  • Implementing security procedures and policies to protect systems and networks.
  • Using appropriate technical safeguards.
  • Monitoring systems and handling security incidents.
  • Applying anonymization, pseudonymization, or data minimization measures where appropriate.

The level of protection is determined based on the nature, sensitivity, volume, and risks associated with the processing of personal data.

Although we strive to use appropriate measures to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure.

Transfer of Your Personal Data

Your information, including personal data, is processed at the Company’s operating offices, with approved service providers, or in any other locations where the parties involved in the processing are based, in accordance with applicable laws and regulations.

The Company will not transfer your personal data outside the Kingdom of Saudi Arabia unless there is a lawful basis permitting such transfer, and with the implementation of necessary safeguards to protect your personal data, in compliance with the Personal Data Protection Law and the requirements of the competent authorities.

Children’s Privacy

Our services are not intended for children or individuals under the legal age, and we do not knowingly collect their personal data.

If you are a parent or guardian and you become aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from a child without a lawful basis or the required consent, we will take the necessary steps to delete such information.

Links to Other Websites

Our service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s website. We strongly advise you to review the privacy policy of every website you visit.

We have no control over the content, privacy policies, or practices of any third-party websites or services, and we assume no responsibility for them.

Competent Authority

If you are not satisfied with how your complaint is handled or with the Company’s processing of your personal data, you have the right to submit a complaint to the competent authority in the Kingdom of Saudi Arabia, which is the Saudi Data and Artificial Intelligence Authority, or any other competent authority designated under applicable laws and regulations.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date at the top of the policy.

We may also notify you via email or through a prominent notice on our service, where necessary.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, or if you wish to exercise your rights regarding your personal data, you can contact us through:

E-mail

Website

Phone number

Address

info@namipay.com.sa

namipay.com.sa

8001230011

Building No. 6367, Olaya Street, Al Wurud District, P.O. Box 12251, Riyadh, Kingdom of Saudi Arabia

E-mail

info@namipay.com.sa

Website

namipay.com.sa

Phone number

8001230011

Address

Building No. 6367, Olaya Street, Al Wurud District, P.O. Box 12251, Riyadh, Kingdom of Saudi Arabia

We are here for you

Take your time to get the right documents. Need help? Let us give you a call.

No thanks, I got this
How easy was it for you to find the information you need?
(1) Very Difficult - (7) Very Easy
Want to give a suggestion or report a bug?

Click here

Great! Let’s make sure you have these ready:

1- Mobile and national ID number of business owner
2- Commercial registration number or a scanned copy of freelance ID
3- Certified copy of bank account information and IBAN of business owner

Sign me Up
Call Me Later
Nami Logo

Request Form

Nami Logo