Legal
Privacy Policy
1. Introduction
Membrelo (we, us, our) operates the Membrelo membership management platform, including our mobile application and related services (collectively, the Platform). We are committed to protecting the privacy of our users and handling personal information responsibly, transparently, and in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act.
This Privacy Policy explains how we collect, hold, use, and disclose personal information, and how you can access, correct, or make a complaint about our handling of your information.
By using the Platform, you agree to the collection and use of your information in accordance with this Policy.
2. Who This Policy Applies To
This Policy applies to:
- Members who use the Membrelo app to manage their venue memberships
- Venue operators and their staff who use Membrelo to manage member relationships
- Visitors to our website and other individuals who interact with us
3. What Personal Information We Collect
We collect personal information that is reasonably necessary for us to provide the Platform and its services. The types of personal information we collect include:
3.1 Identity and Contact Information
- Full name
- Email address
- Phone number (including for SMS verification purposes)
- Mailing address
3.2 Location Data
- General location data derived from your device when you use the Platform (e.g. to identify nearby venues or confirm venue check-ins)
- Venue-level location data (e.g. check-in records at participating venues)
We only collect precise location data where you have granted the Platform permission to do so through your device settings.
3.3 Usage and Behavioural Data
- App usage patterns and feature interactions
- Membership activity records (e.g. visit frequency, redemptions, tier status)
- Device information, including device type, operating system version, and unique device identifiers
- Log data, including access timestamps, app version, and error reports
- Push notification engagement data
3.4 Information from Venue Systems
Where a venue you are a member of uses integrated point-of-sale or venue management software (such as SwiftPOS, H&L, or SENPOS), we may receive transactional or membership data from those systems on behalf of that venue. In those cases, the venue is the primary data controller for that information and we act as a service provider.
We do not collect sensitive information (as defined under the Privacy Act, including health, financial account details, or government identifiers) unless you separately and explicitly provide it and consent to its collection.
4. How We Collect Personal Information
We collect personal information in the following ways:
- Directly from you — when you register an account, update your profile, contact us, or interact with the Platform
- Automatically — through the Platform's usage and logging systems as you interact with our app and services
- From your device — location and device data collected through the app, subject to the permissions you grant
- From venue operators — membership and transactional data passed to us through venue integrations on behalf of participating venues
- From third-party services — for example, identity verification via SMS (Twilio Verify), cloud infrastructure providers (Google Cloud / Firebase), and analytics services
Where it is lawful and practicable to do so, you may interact with us anonymously or using a pseudonym. However, certain features of the Platform (such as membership registration and venue check-in) require you to be identifiable.
5. Why We Collect and Use Personal Information
We collect and use your personal information for the following purposes:
- Providing the Platform — creating and managing your account, processing memberships, and enabling venue check-ins
- Identity verification — confirming your identity via SMS at account registration and when required by venue operators
- Service communications — sending transactional messages, membership updates, and notifications relevant to your use of the Platform
- Improving our services — understanding usage patterns, diagnosing technical issues, and developing new features
- Safety and security — detecting, investigating, and preventing fraud, abuse, or other harmful activity
- Legal and compliance obligations — meeting our obligations under applicable laws and regulations
- Aggregated analytics — generating de-identified, aggregated insights for venue operators about membership trends and engagement (this does not identify individual members)
We will not use your personal information for a purpose that is unrelated to the above without first obtaining your consent, unless otherwise permitted by the APPs.
6. Direct Marketing
We may use your contact information to send you promotional communications about Membrelo features, partner venues, or offers that may be of interest to you.
You can opt out of marketing communications at any time by:
- Using the unsubscribe link included in our emails
- Adjusting notification preferences within the app
- Contacting us directly at the details provided in section 12
We will process opt-out requests promptly and will not send marketing communications to you after you have opted out, except as required by law or for essential service communications.
7. Disclosure of Personal Information
We may disclose your personal information to the following categories of third parties:
7.1 Venue Operators
When you hold a membership with a venue that uses the Platform, we share relevant membership information with that venue. This allows the venue to manage your membership, process check-ins, and provide member benefits. The venue's own privacy policy governs their use of this data.
7.2 Service Providers
We engage third-party service providers who assist us in operating the Platform, including:
- Cloud hosting and infrastructure (Google Cloud Platform / Firebase)
- SMS verification services (Twilio)
- Analytics and crash reporting tools
- Payment processing (where applicable)
These providers are contractually required to handle your information only as directed by us and in accordance with applicable privacy laws.
7.3 Legal and Regulatory Disclosure
We may disclose personal information where required or authorised by law, including to comply with a court order, regulatory requirement, or law enforcement request.
7.4 Business Transfers
If Membrelo is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you of any such change and the applicable privacy protections.
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
8. Cross-Border Disclosure
Our Platform uses infrastructure and services that may involve your personal information being processed or stored outside of Australia, including in the United States (Google Cloud, Twilio) and other countries where our service providers operate.
Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles that information in a manner consistent with the APPs, including through contractual obligations with those recipients.
By using the Platform, you acknowledge that your personal information may be transferred and stored outside Australia as described in this section.
9. How We Hold and Protect Personal Information
We take the security of your personal information seriously. We implement a range of technical and organisational measures to protect your information from misuse, interference, loss, unauthorised access, modification, or disclosure. These measures include:
- Encryption of data in transit (TLS) and at rest
- Row-level security and per-venue data isolation in our database
- Access controls restricting staff access to personal information on a need-to-know basis
- Secure credential management and code signing practices
- Regular review of our security practices
While we take reasonable steps to protect your information, no method of transmission over the internet or electronic storage is completely secure. We encourage you to use strong, unique passwords and to notify us immediately if you suspect any unauthorised use of your account.
We retain personal information for as long as necessary to fulfil the purposes described in this Policy, or as required by law. When information is no longer required, we take reasonable steps to destroy or de-identify it securely.
10. Your Rights — Accessing and Correcting Your Information
10.1 Access
You have the right to request access to the personal information we hold about you. To make an access request, please contact us using the details in section 12. We will respond within 30 days. In some limited circumstances, we may be permitted to deny or limit access (for example, where providing access would unreasonably impact the privacy of another individual).
We will not charge a fee for making an access request, but we may charge a reasonable fee for the cost of providing access where the request involves significant effort.
10.2 Correction
If you believe that personal information we hold about you is inaccurate, out of date, incomplete, or misleading, you have the right to request that we correct it. We will respond to correction requests within 30 days. Many details (such as your name, email, and phone number) can also be updated directly within the Platform.
11. Privacy Complaints
If you believe we have breached the APPs or mishandled your personal information, you have the right to make a complaint.
Step 1 — Contact us directly
Please contact our Privacy Officer in the first instance using the details in section 12. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.
Step 2 — Office of the Australian Information Commissioner (OAIC)
If you are not satisfied with our response, you may lodge a complaint with the OAIC:
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
12. Contact Us
For any privacy-related enquiries, access or correction requests, or complaints, please contact our Privacy Officer:
Privacy Officer
Membrelo
Email: privacy@membrelo.com
Website: www.membrelo.com
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we make material changes, we will notify you via email or a prominent notice within the Platform, and update the "Last updated" date at the top of this document.
We encourage you to review this Policy periodically. Your continued use of the Platform after any changes constitutes your acceptance of the updated Policy.
14. Glossary
| Term | Meaning |
|---|---|
| APPs | Australian Privacy Principles, contained in Schedule 1 of the Privacy Act 1988 (Cth) |
| Personal information | Information or an opinion about an identified individual, or an individual who is reasonably identifiable |
| Sensitive information | A subset of personal information including health, biometric, racial or ethnic origin, criminal record, and other categories defined in s 6 of the Privacy Act |
| Platform | The Membrelo mobile application, website, and related services |
| Venue operator | A pub, club, or other venue that uses Membrelo to manage its membership program |
This Privacy Policy has been prepared with reference to the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth). It is not legal advice. You should seek independent legal advice if you require certainty about your compliance obligations.