What we collect, why and for how long.

What we collect

• Transit-card number you typed (ten digits).
• Card type you picked (Silver, Personal, Gold).
• Amount you chose, in AED.
• Optional email address for the receipt.
• A masked record of the card-of-card returned by the payment processor (first six and last four digits, brand, country of issue).
• Standard server log entries: IP address, user agent, time of the request.

What we do not collect

• The full Visa or Mastercard PAN, the CVV or the expiry date — those go to the processor only.
• The cardholder name on the payment card.
• Any identity document.
• Any third-party analytics or advertising identifier.

Why we collect it

To deliver the top-up you asked for, to email you the receipt if you asked for one, to respond to your support enquiries, and to comply with UAE accounting and AML obligations.

How long we keep it

Order metadata for the period set by UAE accounting law (currently five years). Server log entries for ninety days. Email correspondence for as long as the support thread is active plus two years.

Who we share it with

• The payment processor — only the data they need to approve the card.
• The transit-card balance system — only the data they need to credit the card.
• Competent authorities in the UAE on a written, lawful request.

Your rights

You can request a copy of the order metadata we hold about you, request a correction, or request deletion once the legal retention period has passed. Email care@dubaicardrefill.org from the address that received the receipt.

Contact

Privacy queries: care@dubaicardrefill.org, telephone +971 4 344 1729, address 3 41A St, Jumeirah, Jumeira First, Dubai.