Last Updated: January 15, 2025

Effective Date: January 15, 2025

Who we are

Novatra Solutions (SMC-Private) Limited ("Novatra", "we", "us") is an IT services provider. We do not provide financial services, payment processing, wallet services, or custody of client funds.

1) Purpose

This policy defines what activity is allowed on our website, systems and services, and how we perform Know Your Customer (KYC) and Anti-Money Laundering/Counter-Terrorist Financing (AML/CFT) checks when necessary (e.g., for enterprise projects or when integrating third-party PSPs).

2) Prohibited use (examples, not exhaustive)

  • Conduct or promote illegal activity under the laws of Pakistan or your local jurisdiction.
  • Sell, market, or facilitate high-risk/regulated items without valid licenses (e.g., drugs, weapons, adult content, gambling, multi-level marketing, pyramid/Ponzi schemes).
  • Offer or imply investment returns, "get-rich" schemes, or unlicensed forex/crypto brokerage/advisory.
  • Infringe on intellectual property, distribute malware, spam, phishing, or data harvesting without consent.
  • Misrepresent your identity, company, approvals, or affiliations.
  • Use our deliverables to process payments outside of approved PSP flows or to hide/obfuscate transaction beneficiaries.

We reserve the right to refuse projects that violate this policy or create compliance risk.

3) KYC/AML checks

For certain projects we may ask for:

  • Company details: legal name as per SECP, registration number, registered address.
  • Tax: FBR NTN (and STRN if applicable).
  • Authorized signatory: name, role, official email on company domain.
  • Business model & use case for any PSP integration.
  • Website/app URLs and key pages (T&Cs, Privacy, Refunds, Delivery, AUP).
  • Licenses/permits if your industry requires them.

We verify using official docs/screenshots and may request updated information periodically.

4) Data handling

  • We store only what's needed to evaluate the project and implement integrations.
  • We do not store card data; any payment data is handled by PSPs (e.g., Easypaisa/JazzCash) under their certifications.
  • Retention: KYC records typically 12–24 months after project end, unless law or contracts require longer.

5) Sanctions & geography

We do not engage with parties on applicable sanctions lists or where export/control rules prohibit cooperation.

6) Breach & consequences

Violations may result in project suspension/termination, refusal of future services, and—if required—reporting to relevant authorities/PSPs.

Contact (Compliance)

compliance@novatrasolutions.com.pk