The short version of how we handle data.

Transport

All traffic to dubaicardrefill.org and to the payment companion at pay.dubaicardrefill.org is served over TLS. The TLS configuration follows modern profiles — current cipher suites, no deprecated TLS versions, and HSTS on responses from the payment companion.

Card data

The Visa or Mastercard PAN, CVV and expiry date are entered on the payment companion only. Those fields are submitted directly to the payment processor’s endpoint. The processor returns a tokenised reference and the transaction outcome; our server sees the reference and the outcome, not the card.

Order metadata

For each top-up we keep the transit-card number, the amount, the time, the optional email and a masked record of the card-of-card. The records are kept for the period set by UAE accounting law and the privacy page. After that period they are deleted.

Access controls

Access to the order metadata is limited to the operational team. The list of accounts with access is reviewed periodically and revoked when a person leaves the team. Logs are kept for actions on the metadata store.

What to do if something looks wrong

If you receive an email receipt for a top-up you did not request, or you see a charge on your card statement that you do not recognise, contact your card issuer to dispute the charge and write to care@dubaicardrefill.org with the masked details. We will pull the record and either confirm the transaction or send a chargeback approval to the issuer.

Reporting a vulnerability

If you have found a technical issue you believe affects the service, please write to care@dubaicardrefill.org with the steps to reproduce. We acknowledge within one business day. We do not run a bug bounty programme.