← Back to Home

Privacy Policy

This Privacy Policy describes how A1-Soft Company collects, uses, and protects your information when you use the A1-PaymentGateway service.

Last Updated: April 2026

1. Our Data-Minimization Commitment

Security and privacy are at the core of a payment service. For this reason, A1-PaymentGateway is designed to minimize data to the minimum needed to process payments securely. Specifically:

• No Full Card Storage: We do not store the full card number or the verification code (CVV) on our servers; this data is processed within a PCI-DSS compliant environment and replaced with secure tokens.
• Purpose Limitation: We use transaction data only to complete the payment and settlement, to fight fraud, and for legal compliance.
• Data Segregation: Your data as a merchant is isolated from that of other merchants within a multi-tenant architecture.
• Secured Audit Trails: We keep transaction audit trails to the extent needed for settlement, fraud prevention and compliance, protected by strict access controls.

2. Information We Collect

We collect the minimum data necessary to manage your account and license and to operate the Service. The categories of data we collect include:

2.1 Account Information

• Email Address: Used for account authentication, service notifications, and billing.
• Password: We store a hashed version of your password; we never store passwords in plain text.
• Account Preferences: Your language and notification settings.

2.2 License and Site Data

• License: Your plan type (Monthly, Yearly, or Lifetime), its status, and expiry date.
• Site & API Identifiers: An identifier for each registered site and its API keys, used to enforce your plan's site limit and to secure the integration.

2.3 Payment Information

• Payment Method: Your payment details are collected and processed by a third-party payment processor. We do not store your card numbers on our servers.
• Transaction Records: Records of purchases, subscription changes, and refund requests.

2.4 Limited Operational Data

To operate the platform and prevent fraud and abuse, we may process limited operational data, such as transaction counts and statuses, IP addresses used in fraud screening, and server health. This data is used solely for security and reliability purposes.

3. How We Use Your Data

• To create, maintain, and secure your account.
• To validate your license and enforce the device limit of your plan.
• To process payments and manage subscriptions and refunds.
• To send essential service notifications, such as billing confirmations, password resets, and subscription-expiry alerts.
• To detect, prevent, and respond to fraud, abuse, and security threats.
• To comply with legal obligations where required by law.

We do not sell, rent, or trade your personal data. All of your data is processed solely by A1-Soft Company and its authorized service providers.

4. Data Storage and Security

4.1 Data Storage

Your account and license data is stored on secure servers operated by A1-Soft Company and our authorized hosting providers. Our infrastructure is designed around data minimization: we store only what is necessary to manage your account.

4.2 Security Measures

• Encryption in Transit: All data between your site and our servers, and between our platform and the banks, is encrypted via TLS/mTLS connections from A1SSL.
• Encryption at Rest: Sensitive account data stored on our servers is encrypted at rest using industry-standard algorithms.
• Access Controls: Strict role-based access controls limit who within our organization can access data, based on the principle of least privilege.
• Password Hashing: Passwords are stored using strong, salted cryptographic hashing. We never store passwords in plain text.

4.3 No Absolute Guarantee

While we implement robust security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data and shall not be held liable for any unauthorized access that occurs despite our reasonable security efforts.

5. Third-Party Services

Our Service relies on a limited number of third-party services, each of which has its own privacy policy:

5.1 Payment Processor

We use a third-party payment processor to handle payments. When you make a purchase, your payment information is collected and processed by that processor in compliance with PCI DSS standards. We receive only limited transaction information (such as transaction ID, amount, and status).

5.2 Infrastructure Hosting

Our servers are hosted with authorized infrastructure providers and protected by the A1 Guard firewall. Payment data is processed within a PCI-DSS compliant environment.

5.3 Other Services

We may integrate with additional services for purposes such as account email delivery, performance monitoring, and customer support. We evaluate the privacy practices of third-party providers before integration. A current list of sub-processors is available upon request.

6. Cookies

The A1-PaymentGateway website uses essential cookies for authentication and session management, and preference cookies to store your language choice. We do not use third-party advertising trackers on your merchant dashboard.

Cookie Type	Purpose	Duration
Essential	Required for authentication, session management, and core account functionality.	Session / Up to 30 days
Preference	Store your settings, such as language selection and display mode.	Up to 1 year

Most web browsers allow you to control cookies through their settings. Blocking essential cookies may prevent you from using certain features of the site.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by applicable law:

• Account Information: Retained for the duration of your active account and for up to two (2) years after account closure, unless a longer retention period is required by law.
• Billing Data: Retained for up to seven (7) years after the transaction date, as required for tax, accounting, and legal compliance purposes.
• Transaction Logs: Transaction and settlement logs are retained for the period required by card-network rules, anti-money-laundering requirements and financial compliance.

8. International Data Transfers

A1-Soft Company is based in Kuwait. If you access the Service from outside Kuwait, your account data may be transferred to, stored, and processed in Kuwait or other countries where our servers or third-party service providers are located. We take appropriate safeguards to protect your data in accordance with this Privacy Policy and applicable data protection laws.

9. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Correction: Request that we correct any inaccurate or incomplete personal data.
• Right to Deletion: Request the deletion of your personal data, subject to certain legal exceptions.
• Right to Data Portability: Receive your personal data in a portable format where technically feasible.
• Right to Object: Object to the processing of your personal data for certain purposes, including direct marketing.

To exercise any of these rights, please contact us at it@a1-soft.com. We may ask you to verify your identity, and we will respond to verified requests within thirty (30) days.

10. Children's Privacy

The A1-PaymentGateway service is intended for businesses and not for individuals under the age of sixteen (16) years old. We do not knowingly collect personal information from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take reasonable steps to promptly delete such data.

11. GDPR Compliance

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following legal bases apply to our processing of your data under the General Data Protection Regulation (GDPR):

• Contract Performance: Processing necessary to provide the Service as described in our Terms of Service.
• Legitimate Interests: Processing necessary to secure the Service and prevent fraud.
• Consent: Where we rely on your consent (such as for marketing communications), you may withdraw it at any time.
• Legal Obligation: Processing necessary for compliance with a legal obligation to which A1-Soft Company is subject.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last Updated" date, post a notice, and send an email notification for significant changes. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: