Back to Home

Privacy Policy

Last updated: February 24, 2026

At CircleXplorer (Pvt) Ltd, we are committed to protecting your privacy and ensuring the security of your personal information. This policy explains how we collect, use, and safeguard your data when you use CirclePay.

1. Information We Collect

Personal Information

  • Full name, date of birth, and National Identity Card (NIC) number
  • Email address, phone number, and residential address
  • Employment details and income information for credit assessment

Financial Information

  • Bank account details for direct debit setup
  • Transaction history and payment records
  • Credit assessment data and scoring information

KYC & Verification Data

  • NIC or passport copies for identity verification
  • Proof of address documents
  • Selfie photographs for face verification (liveness detection)

Technical Data

  • Device identifiers, operating system, and app version
  • IP address and approximate location data
  • App usage analytics and session information

2. How We Use Your Information

  • Verify your identity and complete KYC requirements as mandated by the Central Bank of Sri Lanka and the Financial Intelligence Unit (FIU)
  • Process Buy Now Pay Later (BNPL) transactions and manage your payment schedules
  • Assess creditworthiness and determine appropriate credit limits
  • Set up and manage direct debit mandates through our banking partners
  • Provide customer support and respond to inquiries
  • Send transaction confirmations, payment reminders, and important account updates
  • Detect and prevent fraud, unauthorized access, and other security threats
  • Improve our services, develop new features, and enhance user experience
  • Comply with applicable laws, regulations, and legal obligations

3. Data Security

Encryption & Protection

  • All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
  • Sensitive data at rest is encrypted using AES-256 encryption standards
  • Payment card and bank account data is tokenized — we never store raw financial credentials

Biometric Data

  • Face verification data is processed in real-time and is not permanently stored after verification is complete
  • Biometric templates are encrypted and handled in compliance with data protection standards

Infrastructure & Access

  • Our infrastructure is hosted on AWS with industry-standard security controls
  • Access to personal data is restricted to authorized personnel on a strict need-to-know basis
  • We implement multi-factor authentication and role-based access controls for all internal systems
  • Regular security audits and vulnerability assessments are conducted

4. Data Sharing & Third Parties

Banking Partners

  • We share necessary account details with our banking partners solely to process direct debit mandates and payment transactions
  • Payment processing is handled through PCI DSS compliant payment gateways

Regulatory & Legal

  • We may share data with credit bureaus as required for credit assessments and regulatory compliance
  • We may disclose information when required by law, court order, or regulatory authority

What We Do NOT Do

  • We do NOT sell, rent, or trade your personal information to third parties for marketing purposes
  • We do NOT share your data with unrelated third parties for their own use
  • All service providers who process data on our behalf are contractually bound to protect your information

5. Your Rights

  • Right to Access — Request a copy of the personal data we hold about you
  • Right to Correction — Request correction of inaccurate or incomplete data
  • Right to Deletion — Request deletion of your account and personal data, subject to legal retention requirements
  • Right to Withdraw Consent — Withdraw your consent for data processing at any time
  • Right to Data Portability — Receive your data in a structured, machine-readable format
  • Right to Object — Object to processing of your data for specific purposes
  • Right to Restrict Processing — Request limitation of how we process your data

How to Exercise Your Rights

  • Contact our Data Protection Officer at privacy@circlexplorer.com
  • Submit a request through the CirclePay app under Settings > Privacy
  • We will respond to all valid requests within 30 calendar days

6. Cookies & Tracking

  • Our website uses essential cookies required for basic functionality and security
  • Analytics cookies help us understand how visitors interact with our website to improve the experience
  • You can manage cookie preferences through your browser settings at any time
  • Our mobile application collects device identifiers solely for security, fraud prevention, and crash reporting
  • We do not use cookies or tracking for targeted advertising

7. Data Retention

  • Active account data is retained for the duration of your account plus 7 years, as required by financial regulations in Sri Lanka
  • KYC documents are retained as mandated by the Financial Intelligence Unit (FIU) of Sri Lanka
  • Transaction records are retained for a minimum of 10 years per the Payment & Settlement Systems Act
  • Upon account closure, non-regulated personal data will be deleted within 90 days
  • You may request early deletion of non-regulated data by contacting our Data Protection Officer

8. Children's Privacy

  • CirclePay services are not intended for individuals under the age of 18
  • We do not knowingly collect personal information from minors
  • If we become aware that we have collected data from a minor, we will take immediate steps to delete it

9. Changes to This Policy

  • We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements
  • Material changes will be communicated via email or in-app notification at least 14 days before taking effect
  • Continued use of CirclePay after changes take effect constitutes acceptance of the updated policy
  • Previous versions of this policy are available upon request

10. Contact Us

  • Data Protection Officer: privacy@circlexplorer.com
  • General Inquiries: dinith@circlexplorer.com
  • Phone: +94 70 444 6969
  • Address: 148, Moratuwa Piliyandala Road, Piliyandala, Sri Lanka

By creating an account or using CirclePay services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with any part of this policy, please do not use our services.

© 2026 CircleXplorer (Pvt) Ltd. All rights reserved. Registered in Sri Lanka.