How card data and personal data are handled.

Transport encryption

All traffic to platenumberup.org and to the payment companion is served over HTTPS with current TLS settings. HTTP requests are redirected to HTTPS. The payment page never accepts a card on an unencrypted connection.

Card data lifecycle

The full card number, expiry and verification value are only entered on the payment companion. They are submitted directly to the upstream payment network. The full card number is not stored on our infrastructure, is not written to our logs and is not sent back to the top-up site.

The payment network may return a tokenised reference to us for the order. The token is enough to issue a refund or to trace a payment with the bank, but it does not allow a charge.

Personal data we keep

For each submission we keep the order reference, the chosen amount in AED, the plate details you entered, the email address and the mobile number. These records exist for as long as the refund window is open and for the period required by accounting and tax rules afterwards.

What we do not collect

No identification documents, no tracking pixels from social networks, no behavioural ad-tech profiles. The site uses one small first-party cookie to remember the language choice and a banner-acknowledgement flag.

Reporting an issue

If you believe a payment was processed incorrectly, or that someone without permission submitted a top-up against your toll account, write to support@platenumberup.org with the order reference and a short description. We acknowledge security reports on the same business day.