GuidePro

Privacy Notice

Last updated: 11 May 2026

1. Who we are

GuidePro is operated by M P Umagiliya, an individual sole proprietor trading as "GuidePro" ("we", "us"). We are the data controller responsible for personal data processed through the Service.

2. Personal data we collect

  • Account data: name, email, password (hashed), phone, profile photo.
  • Professional details: NIC or guide license number, vehicle details, brand information you choose to add.
  • Banking details you enter for settlements (stored to populate your statements).
  • Business records you create: tours, companies, commissions, expenses, feedback.
  • Support communications you send us.
  • Technical data: IP address, device and browser information, usage logs.

3. Why we use your data & legal basis

  • To provide the Service (contract performance) — creating your account, storing your records, generating PDFs.
  • To process payments (contract performance) — via Paddle, our Merchant of Record.
  • To keep the Service secure (legitimate interest) — fraud prevention, abuse detection.
  • To improve the product (legitimate interest) — usage analytics in aggregate.
  • To provide support (legitimate interest / contract).
  • Where required by law (legal obligation) — tax, accounting, lawful requests from authorities.

4. Who we share data with

  • Paddle — our Merchant of Record, for processing payments, subscription management, tax compliance, invoicing, and refunds.
  • Service providers — hosting, database, email, and analytics providers acting as our processors.
  • Professional advisers — legal and accounting, where strictly necessary.
  • Authorities — where required by law or to protect our rights.

We do not sell your personal data.

5. International transfers

Some of our service providers are located outside Sri Lanka. Where personal data is transferred internationally, we rely on appropriate safeguards such as standard contractual clauses or equivalent mechanisms.

6. Retention

We retain your personal data for as long as your account is active and for a reasonable period afterwards to comply with legal, tax, and accounting obligations. Data that is no longer needed is deleted or anonymised.

7. Your rights

You may, subject to applicable law:

  • access, rectify, or delete your personal data;
  • restrict or object to certain processing;
  • request a portable copy of data you provided;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with your local data protection authority.

To exercise these rights, contact us at the email address shown in your account settings. We aim to respond within one month.

8. Security

We use appropriate technical and organisational measures including encryption in transit, access controls, and regular security reviews to protect your data.

9. Cookies

We use essential cookies required to keep you signed in and to operate the Service. We do not currently use marketing cookies.

10. Contact

Privacy questions or requests? Contact M P Umagiliya at the email address shown in your account settings.