Niqati is built from the ground up with security-first principles. Every piece of customer data is encrypted, access is strictly controlled, and our systems are designed to keep your information private at all times.
Security is not a single feature. It is the entire foundation. Here is what keeps your data safe every second of every day.
All personal data is encrypted using AES-256, the same standard used by banks and governments. Data is encrypted before it ever leaves your device and remains encrypted at rest.
Every database record, loyalty card, and customer profile is stored with full encryption at the storage level. Even in the unlikely event of a breach, raw data remains unreadable.
Encryption keys are managed through a dedicated secrets management system, rotated regularly, and never stored alongside the data they protect. Access is strictly audited.
Every connection between your device and our servers is protected by TLS 1.3, the latest and most secure transport layer standard. No data travels in plaintext, ever.
We do not sell, share, or broker your personal data to advertisers or data brokers. Customer data is used only to deliver the loyalty experience. Nothing more.
We collect only what's strictly necessary to run your loyalty program. We don't collect location in the background, read contacts, or track browsing behavior outside Niqati.
Niqati processes loyalty passes for businesses across Saudi Arabia. Our infrastructure is built to handle high-volume operations without ever compromising on data integrity or security.
Every piece of data passes through multiple security checkpoints, from the moment it enters our system to the moment it is displayed on your screen.
All data entering Niqati is validated and sanitised at the API boundary. Malformed or suspicious inputs are rejected before they reach any storage layer.
Every request is authenticated using short-lived, signed tokens. Merchants can only access their own customers' data. Cross-account access is architecturally impossible.
Data is written to storage with AES-256 encryption. Personally identifiable information (PII) is stored in isolated, access-controlled vaults separate from operational data.
Every read and write to customer data is logged with a full audit trail. Unusual access patterns trigger automatic alerts to our security team for immediate review.
Our systems undergo regular security assessments and code reviews. Critical dependencies are kept up to date, and known vulnerability feeds are monitored continuously.
We maintain a documented incident response plan. In the event of any suspected breach, affected users are notified promptly and transparently in accordance with PDPL obligations.
Niqati is built in full alignment with Saudi Arabia's Personal Data Protection Law (PDPL). You have the right to access, correct, and delete your personal data at any time. We never transfer your data outside approved jurisdictions without explicit consent, and our data retention policies are strictly enforced.
Loyalty cards in Niqati live inside Apple Wallet and Google Wallet, among the most security-hardened environments on any mobile device.
Passes stored in Apple Wallet are protected by the Secure Enclave on every iPhone. Niqati signs every pass with a certified private key. Unsigned or tampered passes are rejected automatically by iOS.
Google Wallet passes are cryptographically signed using JWT tokens before issuance. Only our verified service account can create or update passes, preventing forgery or unauthorized edits.
When a customer earns or redeems points, the pass is updated through official, authenticated platform APIs. Any attempt to modify a pass outside these channels is blocked at the wallet level.
We take security reports seriously and respond quickly. If you've discovered a potential security issue in Niqati, please reach out to us responsibly. We commit to acknowledging your report within 24 hours and keeping you updated throughout our investigation.
security@niqati.com · we respond within 24 hours
