Memberly is a membership management and payment facilitation application operated by Payable Pvt Ltd ("Payable", "we", "our", or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Memberly mobile application ("App"). By using the App, you agree to the practices described in this Policy.

1. Scope of This Policy

This Privacy Policy applies to:

• Business Operators (Merchants) using Memberly
• Members whose data is processed through Memberly
• Visitors to our website and mobile application

2. Information We Collect

2.1 Information Provided by Business Operators

Business Operators may provide personal information relating to members, including but not limited to:

• Full name
• Email address
• Phone number
• National Identity Card (NIC) or Passport number
• Membership details
• Billing and invoice information

Such information is provided as part of the Business Operator's relationship with Memberly.

2.2 Payment Information

Payment transactions are processed through secure, PCI DSS-compliant payment gateways hosted by partner banks and card networks. Saved card details are tokenized and securely stored within Mastercard payment gateway services. Neither Memberly nor Payable stores credit card numbers, debit card numbers, CVV codes, or bank account details.

2.3 Automatically Collected Information

We may automatically collect certain information, including:

• IP address
• Device ID
• Browser type
• Operating system
• App usage statistics
• Access times and session activity

We use cookies and similar technologies for functionality, analytics, and performance enhancement.

3. Lawful Basis for Processing

We process personal data in accordance with applicable law under one or more of the following legal bases:

• Performance of a contract (to provide membership and payment services)
• Compliance with legal and regulatory obligations
• Legitimate interests, including fraud prevention, security monitoring, and service improvement
• Consent, where required by law

4. How We Use Information

We use personal data for the following purposes:

4.1 Service Delivery

• Account creation and management
• Identity verification
• Payment processing
• Transaction record maintenance
• Customer support

4.2 Communication

• Payment notifications
• Security alerts
• Service updates
• Customer service responses

4.3 Personalization

• Customizing user experience
• Enhancing platform features

4.4 Security and Compliance

• Fraud detection and prevention
• Risk monitoring
• Regulatory compliance
• Internal audits

4.5 Analytics and Platform Improvement

• Monitoring usage trends
• Enhancing system performance

5. Data Controller and Data Processor Roles

For personal data provided by Business Operators:

• The Business Operator acts as the Data Controller, determining the purpose and means of processing member data.
• Memberly and Payable act as a Data Processor, processing data solely to provide platform services in accordance with the Business Operator's instructions.

In certain cases, Memberly may act as a Data Controller, including:

• Platform analytics
• Fraud monitoring
• Security enforcement
• Legal and regulatory compliance

6. Sharing of Information

We do not sell personal data.

We may share personal information under the following circumstances:

6.1 Service Providers

• Payment processors
• Hosting providers
• SMS and email communication providers
• Analytics providers

All service providers are contractually obligated to protect personal data.

6.2 Legal Requirements

Where required by law, regulation, court order, or lawful request from authorities in Sri Lanka.

6.3 Business Transfers

In connection with a merger, acquisition, restructuring, or asset sale, subject to legal safeguards.

6.4 With Consent

Where explicit consent has been obtained.

7. International Data Transfers

Personal data may be transferred to, stored, or processed in jurisdictions outside Sri Lanka where our service providers or infrastructure are located. Where international transfers occur, appropriate safeguards are implemented in compliance with applicable data protection laws.

8. Cookies and Tracking Technologies

We use:

• Session cookies
• Persistent cookies
• Functional cookies
• Analytics cookies

Cookies improve functionality and user experience. You may control or disable cookies through your browser or device settings. Disabling cookies may affect platform functionality.

9. Data Protection and Security

We implement reasonable technical and organizational safeguards, including:

• Two-Factor Authentication (email and mobile verification)
• Encryption of sensitive data
• Tokenization of card details
• PCI DSS-compliant payment processing
• Access controls restricting data to authorized personnel
• Periodic security reviews and audits

While we use industry-standard safeguards, no electronic transmission or storage system can be guaranteed to be completely secure.

10. Data Retention

10.1 Active Accounts

Data is retained while the account remains active and associated with a Business Operator.

10.2 Account Disconnection

Tokenized card data is deleted upon merchant disconnection or user self-deletion.

10.3 Regulatory Retention

Transaction records, invoices, and financial documentation may be retained for up to six (6) to seven (7) years to comply with tax, audit, financial, and regulatory requirements.

10.4 Backup and Security Logs

Certain logs and backups may be retained temporarily for fraud detection, audit, and system recovery purposes.

11. Children's Privacy

Memberly is not intended for individuals under the age of eighteen (18). We do not knowingly collect personal data from minors. If such data is identified, we will take reasonable steps to delete it.

12. Your Rights

Subject to applicable law, you have the right to:

• Access your personal data
• Request correction of inaccurate or incomplete data
• Withdraw consent (where applicable)
• Request deletion, subject to legal limitations
• Object to certain processing activities
• Request restriction of processing
• Lodge a complaint with the relevant regulatory authority in Sri Lanka

To exercise these rights, please contact us using the details below. Identity verification may be required. We aim to respond within twenty-one (21) business days.

13. Corporate Relationship

Memberly is fully owned and operated by Payable Pvt Ltd. All data processing activities are conducted under Payable's governance framework, infrastructure, and compliance standards.

14. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification. Continued use of Memberly following updates constitutes acceptance of the revised policy.

15. Contact Information

If you have questions or concerns regarding this Privacy Policy or your personal data, please contact: