Privacy
Framework

Document Ref: MVO-2026-PRIV-V3

1. WHO WE ARE & SCOPE

Memovo ("we", "us", or "our") operates memovo.co.uk as an online directory and platform for care homes, care agencies, service providers, families, care seekers and related organisations.

For the personal information we collect and use through the Memovo website, dashboard, directory, enquiry forms, reviews, claim forms, report forms, subscription flows and related platform tools, Memovo generally acts as a Data Controller under UK data protection law.

This Privacy Framework explains what personal information we collect, why we use it, the lawful bases we rely on, who it may be shared with, how long we keep it, and the rights available to individuals.

2. WHAT INFORMATION WE COLLECT

Depending on how you use Memovo, we may collect and process the following types of information:

• Identity Data: name, business name, organisation name, job title, provider type, account role and profile role.
• Contact Data: email address, phone number, enquiry details, support messages, claim requests and report submissions.
• Account Data: login details, authentication status, dashboard access, provider settings, subscription status and account preferences.
• Listing Data: provider descriptions, logos, images, videos, service details, region, postcode, care types, specialisms, availability, fees, gallery content, brochures, public links and profile information.
• Review Data: reviewer name, email address, rating, review text, review date, moderation status and any verification or follow-up information connected with a submitted review.
• Enquiry and Lead Data: names, email addresses, phone numbers, messages, provider contacted, listing ID, consent status, enquiry status and related metadata.
• Payment and Subscription Data: plan type, subscription status, billing history, invoice information, Stripe customer references and payment status. We do not store full card details on our own servers.
• Technical Data: IP address, device type, browser type, operating system, login timestamps, page requests, security logs, session tokens, cookie data and traffic metadata.
• Marketing Preference Data: newsletter preferences, audience type, contact preferences and unsubscribe or opt-out records.

3. HEALTH-RELATED OR SENSITIVE INFORMATION

Memovo operates in the care and dementia sector, so users may sometimes choose to include information about health, care needs, dementia, disability, mobility, safeguarding, family circumstances or other sensitive matters when submitting enquiries, reviews, reports or support messages.

Please only share information that is necessary for your enquiry or request. You should avoid including unnecessary medical records, detailed health histories, safeguarding allegations, financial details, information about children, or information about another person unless you have a lawful reason and appropriate authority to do so.

Where health-related or other special category information is submitted to Memovo, we process it only where necessary to handle the enquiry, review, report, support request, platform safety issue, legal obligation or other specific purpose for which it was provided. Where required, we rely on an appropriate lawful basis under UK GDPR and a separate condition for special category data.

4. WHY WE USE PERSONAL INFORMATION

We use personal information for the following purposes:

• to operate the Memovo website, directory and dashboard;
• to create, manage and secure user accounts;
• to display provider profiles, listing content and provider-supplied information;
• to process enquiries and send them to relevant providers where appropriate;
• to process claim listing requests, report listing forms and support requests;
• to check, moderate and publish reviews where appropriate;
• to provide subscription, billing, trial and payment functionality;
• to send service emails, notifications and administrative messages;
• to maintain platform security, prevent abuse and detect suspicious activity;
• to improve platform performance, accessibility, usability and reliability;
• to comply with legal, tax, accounting, regulatory and dispute-handling obligations;
• to send updates or marketing communications where permitted or where consent has been given.

5. LAWFUL BASES FOR PROCESSING

Under UK GDPR, we must have a lawful basis for using personal information. Depending on the context, we may rely on:

• Contract: where processing is needed to provide an account, subscription, dashboard, listing, enquiry feature or requested service.
• Legitimate Interests: where processing is needed to operate and improve the platform, manage enquiries, support users, prevent abuse, moderate content, handle reports, protect our business, maintain security, and provide useful directory functionality, provided those interests are not overridden by individual rights.
• Consent: where users choose to receive newsletters, optional marketing updates, certain cookies, or submit information for a specific optional purpose.
• Legal Obligation: where processing is needed for accounting, tax, fraud prevention, regulatory, legal or compliance reasons.
• Vital Interests or Substantial Public Interest: in rare cases where information suggests an urgent risk of harm, safeguarding concern or serious safety issue and limited processing or sharing may be necessary.

6. PROVIDER CONTENT, REVIEWS & PUBLIC INFORMATION

Provider-supplied information: Provider profiles may include information supplied by the provider or organisation connected with the listing. This may include descriptions, images, logos, availability, fees, services, gallery content, videos, brochures, contact details and links.

Reviews: Reviews may be checked before publication. To help keep reviews fair and useful, we may process reviewer name, email address, review text, rating, submission date, moderation status and related verification information.

Public directory information: Some listing information may be visible publicly on Memovo. If you publish or submit business profile information, you understand that it may be displayed on the directory, profile pages, search results, shared links or related platform areas.

7. ENQUIRIES, CLAIMS & REPORTS

When you submit an enquiry through Memovo, your name, contact details and message may be sent to the relevant provider or handled through Memovo systems depending on the listing and feature used.

When you submit a claim listing request, we may use the information provided to review your connection with the provider, business or organisation. This may include your name, work email address, phone number, role, proof link, listing name, listing ID and message.

When you report a listing or review concern, we may use the information provided to review the issue, contact you for more information, contact the provider where appropriate, or take moderation action.

8. INFRASTRUCTURE, SECURITY & CLOUDFLARE

Memovo uses Cloudflare infrastructure for DNS, SSL, firewall protection, traffic management, performance, security, platform hosting and abuse prevention. Cloudflare may process technical information such as IP addresses, request data, device information, security signals and traffic metadata to help protect the platform from abuse, downtime, malicious traffic and security threats.

We use reasonable technical and organisational measures to protect personal information. However, no online platform can guarantee absolute security. Users should keep passwords safe, avoid sharing unnecessary sensitive information and contact us promptly if they believe their account or information may be at risk.

9. PAYMENTS & STRIPE

Paid subscriptions, trials, billing flows, checkout sessions and invoices may be processed by Stripe. Stripe may process payment details, billing details, card information, payment status, fraud prevention signals and related transaction information under its own privacy and security terms.

Memovo does not store full card details on its own servers. We may store subscription status, plan type, payment references, customer references, invoice status and related billing records needed to operate paid accounts and meet tax or accounting obligations.

10. EMAIL, MEDIA & THIRD-PARTY SERVICES

We may use trusted third-party services to help operate Memovo. These may include infrastructure providers, payment providers, email delivery systems, database or storage tools, media hosting services, analytics or performance tools, authentication systems and support tools.

For example, Memovo may use services such as Cloudflare for infrastructure and security, Stripe for payments, email delivery tools for notifications, and media hosting tools for provider images, documents or uploaded content.

Where personal information is shared with service providers, it is shared only where reasonably necessary for the operation, security, support, billing or improvement of the platform.

11. INTERNATIONAL TRANSFERS

Some service providers used by Memovo may process information outside the United Kingdom. Where this happens, we aim to rely on appropriate safeguards, such as UK-approved transfer mechanisms, adequacy arrangements, contractual protections or service provider commitments designed to protect personal information.

12. COOKIES & TRACKING

Memovo uses strictly necessary cookies and similar technologies for login, security, session management, fraud prevention, platform stability and account functionality. We may also use functional cookies or local storage to remember preferences and improve the user experience.

We do not use third-party advertising pixels or remarketing cookies unless this Privacy Framework and our Cookie Policy are updated and appropriate consent controls are provided. For more detail, please read our Cookie Policy.

13. HOW LONG WE KEEP INFORMATION

We keep personal information only for as long as reasonably necessary for the purpose it was collected, including platform operation, account management, support, billing, security, dispute handling, review moderation, legal compliance and record keeping.

• Account and dashboard data: usually kept while the account is active and for a reasonable period afterwards.
• Provider listing data: kept while the listing is active, subscribed, archived or reasonably needed for platform records.
• Enquiries and lead records: kept for a reasonable period to support providers, users, audit trails and dispute handling.
• Reviews and moderation records: kept while the review remains relevant and for a reasonable period afterwards for moderation, dispute and platform integrity purposes.
• Payment and invoice records: kept for the period required for tax, accounting and legal obligations.
• Technical and security logs: kept for a limited period unless needed for investigation, security or legal reasons.

Where information is no longer needed, we will delete, anonymise or archive it where reasonably possible.

14. YOUR RIGHTS

Under UK data protection law, you may have the right to:

• request access to the personal information we hold about you;
• ask us to correct inaccurate or incomplete information;
• ask us to delete your information in certain circumstances;
• ask us to restrict how we use your information;
• object to certain types of processing;
• request portability of certain information;
• withdraw consent where processing is based on consent;
• complain to the UK Information Commissioner’s Office if you are unhappy with how your information is handled.

Some rights may not apply in every situation, and we may need to confirm your identity before responding to a request.

15. CHILDREN & VULNERABLE PEOPLE

Memovo is not designed for use by children. Because the platform relates to care, dementia and later-life support, users should take extra care when submitting information about vulnerable people, residents, relatives or service users.

If you submit information about another person, you are responsible for ensuring you have an appropriate reason, authority or consent to do so.

16. CHANGES TO THIS PRIVACY FRAMEWORK

We may update this Privacy Framework from time to time to reflect changes in platform features, legal requirements, service providers, data handling, cookies, subscriptions, reviews, enquiry tools or operational processes. The document reference above will be updated when material changes are made.