1. Introduction
This Privacy Policy explains how MR Digital Services ("we," "us," or "Member Portal"), a sole proprietorship registered in Morocco, collects, uses, stores, and protects your personal data when you use our subscription management services available at https://my-member-portal.com.
We are committed to protecting your privacy and handling your data transparently, in compliance with the General Data Protection Regulation (GDPR), Morocco's Law 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data, and other applicable data protection laws.
2. What Data We Collect
Account Information
- Full name
- Email address
- Phone number (optional)
- Account credentials (passwords stored as hashed values only)
Payment Information
- Billing address
- Payment method type (e.g., card, bank transfer)
- Transaction history and amounts
- Note: Full payment card numbers are processed by our payment providers and never stored on our servers.
Usage Data
- Subscription plan details and status
- Feature usage patterns
- Login timestamps
- Email interaction data (opens, clicks for transactional emails)
Device Information
- IP address
- Browser type and version
- Operating system
- Device identifiers
3. How We Use Your Data
- To create and manage your account
- To process payments and manage subscriptions
- To send transactional notifications (billing, security, account updates)
- To provide customer support
- To detect and prevent fraud
- To improve our services
- To comply with legal obligations
4. How We Handle Email Communications
Email is a critical part of our subscription management service. This section details exactly how we use email and which providers process your data.
Types of Emails We Send
- Renewal reminders — Sent before your subscription renews to ensure you are aware of upcoming charges.
- Payment receipts — Confirmation of successful payments with transaction details.
- Payment failure notifications — Alerts when a payment cannot be processed, with instructions to update payment methods.
- Security alerts — Notifications about login attempts, password changes, and other security-related events.
- Account updates — Important changes to your account, plan, or our services.
Email Service Providers (ESPs)
We use the following GDPR-compliant email service providers to deliver transactional emails:
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Zoho ZeptoMail | Primary transactional email delivery | zoho.com/zeptomail |
| Amazon SES | High-volume transactional email delivery | aws.amazon.com/ses |
| Mailgun | Backup transactional email delivery | mailgun.com |
Each ESP operates as a GDPR-compliant data processor under Article 28 of the GDPR. We have Data Processing Agreements (DPAs) in place with each provider.
Data Shared with ESPs
- Email address
- First name (for personalization)
- Subscription metadata (plan name, renewal date, amounts — as needed for the specific notification)
Data NOT Shared with ESPs
- Payment card details or bank information
- Passwords or authentication credentials
- IP addresses or device fingerprints
- Support messages or ticket history
5. Legal Basis for Processing (GDPR Article 6)
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| Account creation and management | Performance of contract | Art. 6(1)(b) |
| Payment processing | Performance of contract | Art. 6(1)(b) |
| Transactional email notifications | Performance of contract | Art. 6(1)(b) |
| Security monitoring and fraud prevention | Legitimate interest | Art. 6(1)(f) |
| Service improvement and analytics | Legitimate interest | Art. 6(1)(f) |
| Legal and regulatory compliance | Legal obligation | Art. 6(1)(c) |
6. Data Retention Schedule
| Data Category | Retention Period | Notes |
|---|---|---|
| Account data (active account) | Duration of account | Retained while account is active |
| Account data (after closure) | 90 days then anonymized | Allows account recovery within grace period |
| Payment records | 7 years | Required for tax and financial compliance |
| Email logs | 12 months | Delivery status, timestamps, metadata |
| Suppression list (unsubscribed emails) | Permanent | Required to honor unsubscribe requests |
| Support communications | 24 months | Deleted after 24 months unless legally required |
| Server logs | 90 days | IP addresses, request logs |
7. Data Sharing and Third Parties
We do not sell your personal data. We share data only with the following categories of third parties, and only to the extent necessary:
- Payment processors — To process transactions securely (e.g., Stripe, PayPal).
- Email service providers — To deliver transactional notifications (see Section 4 above).
- Cloud infrastructure providers — To host and operate our platform securely.
- Legal authorities — When required by law, court order, or governmental regulation.
8. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all processors
- Adequacy decisions where applicable
9. Your Rights
Under the GDPR and applicable data protection laws, you have the following rights:
- Right of access — Request a copy of your personal data.
- Right to rectification — Correct inaccurate or incomplete data.
- Right to erasure — Request deletion of your data ("right to be forgotten").
- Right to restrict processing — Limit how we use your data.
- Right to data portability — Receive your data in a structured, machine-readable format.
- Right to object — Object to processing based on legitimate interest.
- Right to withdraw consent — Where processing is based on consent.
To exercise any of these rights, visit our GDPR Rights page or email privacy@my-member-portal.com. We will respond within 30 days.
10. Cookies
We use cookies and similar technologies to operate our service. For full details, see our Cookie Policy.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. If changes are significant, we will notify you via email or a notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.
12. Company Identification
- Legal name: MR Digital Services
- Business type: Sole proprietorship
- Country: Morocco
- Privacy contact: privacy@my-member-portal.com
- EU representative: For EU-based inquiries, please contact privacy@my-member-portal.com and we will route your request appropriately.