AbstercoAbsterco Pay
← All policies

Privacy Policy

Last updated: March 27, 2026

1. Who We Are

Absterco (Pvt) Ltd ("Absterco", "we", "our", "us") operates the Absterco Pay payment infrastructure platform. We are incorporated in Sri Lanka. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.

2. Information We Collect

  • Account information — name, email address, organisation name, and contact details provided during onboarding.
  • Transaction data — payment amounts, timestamps, status, and masked card metadata. We never store raw card numbers; tokenisation is handled by Mastercard.
  • API usage data — request logs, IP addresses, and usage metrics for security and abuse prevention.
  • Device and browser data — collected automatically when you access the dashboard (browser type, OS, screen resolution).

3. How We Use Your Information

  • To provide, operate, and maintain the Absterco Pay platform.
  • To process payments and manage recurring billing on your behalf.
  • To detect, investigate, and prevent fraudulent transactions and abuse.
  • To communicate service updates, security alerts, and support messages.
  • To comply with applicable laws and regulations, including financial reporting obligations.

4. Data Sharing

We share data only as necessary to deliver our services:

  • Mastercard / Seylan Bank — to process card transactions under PCI DSS compliance.
  • Infrastructure providers — cloud hosting and database services under strict data processing agreements.
  • Legal authorities — when required by law, court order, or to protect the rights of Absterco or its clients.

We do not sell your personal data to third parties.

5. Data Retention

Transaction records are retained for a minimum of seven (7) years to comply with financial regulations. Account data is retained for the duration of the contractual relationship and for up to five (5) years thereafter unless longer retention is required by law.

6. Security

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest for sensitive fields, API key hashing, and access controls. Payment tokenisation is handled by Mastercard and we are PCI DSS compliant.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or request deletion of your personal data. To exercise these rights, contact us at info@absterco.com.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or a prominent notice on the dashboard. Continued use of the platform after changes constitutes acceptance.

9. Contact

Absterco (Pvt) Ltd
Email: info@absterco.com