Mobilelyft
PECA 2016 · PDPB 2025 Compliant

Privacy Policy

At mobilelyft, your privacy is not an afterthought — it is foundational to how we operate Pakistan's most trusted phone marketplace. This policy explains exactly what data we collect, why we need it, and how it is protected.

Effective Date: March 22, 2026

1. Introduction & Jurisdictional Scope

This Privacy Policy governs how mobilelyft — Pakistan's trusted marketplace for buying and selling used smartphones — collects, processes, stores, and protects your personal data. We operate under the jurisdiction of the Islamic Republic of Pakistan and comply fully with the Prevention of Electronic Crimes Act (PECA) 2016, the directives of the Pakistan Telecommunication Authority (PTA), and the forthcoming Personal Data Protection Bill (PDPB) 2025.

By using our website, mobile app, or doorstep buyback services, you explicitly consent to the practices described in this policy. This includes our sell-phone-Pakistan and refurbished mobile buyback services, where personal identification and device data are necessarily collected to execute safe, legally compliant transactions.

2. Data We Collect

We collect only the data strictly necessary to fulfil our services and meet our legal obligations under Pakistani law. Below is a complete, transparent breakdown.

Identity & Contact
  • Full legal name
  • Primary mobile number
  • Email address
  • Residential / delivery address
  • Precise GPS coordinates for doorstep pickup
Government ID & Tax
  • CNIC or Passport number & scan
  • National Tax Number (NTN) where applicable
  • Active / Non-filer FBR tax status
  • Required for FBR Finance Act 2025-26 compliance
Device & Hardware
  • IMEI number(s) — all SIM slots
  • MAC address
  • Battery health percentage
  • Hardware diagnostics report
  • PTA DIRBS compliance status
Financial
  • Bank account IBAN
  • JazzCash / EasyPaisa / Raast wallet details
  • Transaction amount & payment method
  • Withholding tax records (FBR)
Technical & Analytics
  • IP address & browser type
  • Session timestamps & duration
  • Device type & OS version
  • Page interaction events (analytics)
  • Network traffic data (PECA §29 — 1 year retention)
User-Generated
  • Device condition self-assessment answers
  • Customer support chat logs
  • Product reviews and ratings
  • Account profile information

3. How We Use Your Data

3.1
Service Execution

To generate instant device valuations for our sell-used-mobile-phone-Pakistan service, dispatch verified logistics personnel for doorstep pickup across Faisalabad, Lahore, Karachi, and Islamabad, and process fast cash payouts to your registered payment method.

3.2
PTA DIRBS & Legal Compliance

To cross-check every submitted IMEI against the PTA's Device Identification Registration and Blocking System (DIRBS) — ensuring devices are not stolen, counterfeit, or network-blocked. This is a mandatory legal obligation, not optional.

3.3
Tax Withholding (Finance Act 2025-26)

To calculate and deduct statutory withholding taxes (1% for digital payments, 2% for cash) as mandated under Section 153(2A) of the Income Tax Ordinance and S.R.O. 1429(I)/2025. Tax deduction summaries are provided in your transaction receipt.

3.4
Fraud Prevention & Platform Security

To monitor transaction patterns, detect anomalous behaviour, and prevent the sale of devices with patched IMEIs or false condition representations — fulfilling cybercrime prevention obligations under PECA 2016.

3.5
Customer Support & Order Tracking

To provide real-time order updates via SMS and WhatsApp, respond to support queries, and maintain records of disputes through our 72-hour grievance redressal system as required by the National E-Commerce Policy 2.0 (2025-2030).

3.6
Platform Improvement

To analyse anonymised usage patterns and improve our pricing algorithms, device grading models, and UI/UX experience. This analytics processing uses aggregated, non-identifiable data only.

4. Data Sharing & Disclosure

We do not sell, rent, or monetise your personal data to third-party advertisers or data brokers. Ever.

Data is shared only under the following controlled, legally necessary circumstances:

🚚
Logistics Partners
Data shared: Name, phone number, and pickup address only
Why: To execute doorstep pickup and device transit across Pakistan
🏦
Payment Gateways & Banks
Data shared: Financial settlement data via PCI-DSS encrypted channels
Why: To process digital payouts and remit withholding taxes to FBR
⚖️
FBR, PTA & Judicial Authorities
Data shared: CNIC, IMEI, and transaction records upon lawful warrant
Why: Legally mandated disclosure under PECA 2016 §29 and tax laws
🔍
FIA (Cybercrime Division)
Data shared: Seller identity and device data in fraud/stolen-device cases
Why: To report suspected stolen devices, patched IMEIs, or financial fraud

5. Retention & Data Localisation

Retention Periods
Financial records (FBR audit)5 years
Network traffic data (PECA §29)1 year minimum
CNIC & device transaction logs3 years
Support chat logs1 year
Analytics (anonymised)Indefinite
Inactive account dataDeleted after 2 years
Data Localisation

In compliance with Pakistan's data sovereignty requirements and the PDPB 2025, all critical personal data — including CNIC scans, financial records, and IMEI transaction logs — is processed and stored on servers physically located within the territorial jurisdiction of Pakistan.

Any cross-border data transfer (e.g., analytics tools) is governed by Standard Contractual Clauses approved by the National Commission for Personal Data Protection (NCPDP).

6. Your Rights Under Pakistani Law

In alignment with the Personal Data Protection Bill (PDPB) 2025, you hold the following legally enforceable rights over your personal data. Click each right to learn more:

To exercise any of the above rights, contact us at support@mobilelyft.shop or WhatsApp +92-325-7756777.

7. Security Measures

SSL / TLS Encryption

All data in transit is encrypted using industry-standard SSL/TLS protocols.

Application Firewall

Multi-layer WAF protection against SQL injection, XSS, and bot attacks.

Role-Based Access

Strict internal access controls — only authorised personnel can access sensitive data.

While we employ enterprise-grade security protocols, no internet transmission is 100% infallible. In the unlikely event of a data breach affecting your rights, we will notify you within 72 hours as required by the PDPB 2025.

8. Cookies & Tracking Technologies

Essential CookiesRequired

Session management, authentication, and cart functionality. Cannot be disabled.

Analytics CookiesOptional

Anonymised usage data to improve platform performance (e.g., Google Analytics). No personal identifiers.

Preference CookiesOptional

Remembers your city selection, language preferences, and UI settings across sessions.

You can manage optional cookies through your browser settings at any time. Disabling analytics cookies does not affect core platform functionality.

9. Policy Changes

We may update this Privacy Policy to reflect changes in Pakistani law (including FBR tax codes, PTA directives, or PDPB enactment), our services, or industry best practices. We will notify you of material changes via:

  • A prominent notice on our homepage and app for 30 days
  • An email notification to your registered address
  • An in-app push notification

Your continued use of mobilelyft after the effective date of any update constitutes acceptance of the revised policy.

10. Contact & Grievance Redressal

For privacy questions, data requests, or complaints, contact our Data Protection Officer:

Email
support@mobilelyft.shop
WhatsApp
+92-325-7756777
Contact Page
Submit a request

We are committed to a 72-hour initial response for all privacy complaints, as required by the National E-Commerce Policy 2.0 (2025-2030). If you remain unsatisfied, you may escalate to the National Commission for Personal Data Protection (NCPDP) or the relevant Provincial Consumer Court.

Terms & Conditions Contact Us