1. Introduction
Welcome to Apidenna ("we", "us", "our", "the Platform"). Apidenna.com LTD is a matrimony platform connecting members of the Sri Lankan diaspora and community. We are committed to protecting your personal data in accordance with the Personal Data Protection Act, No. 9 of 2022 of Sri Lanka (PDPA), the UK General Data Protection Regulation (UK GDPR), and all other applicable data protection laws.
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website, mobile application, and related services (collectively, "Services"). By registering for or using our Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.
If you do not agree with this Privacy Policy, you must not use our Services.
---
2. Who We Are
Apidenna.com LTD is the data controller responsible for your personal data collected through the Platform. For purposes of the PDPA and UK GDPR, Apidenna.com LTD determines the means and purposes of processing your personal data.
For any privacy-related inquiries, you may contact us at:
Data Protection Contact Email: legal@apidenna.com Website: www.apidenna.com
---
3. Personal Data We Collect
We collect personal data that you provide directly to us, as well as data generated through your use of our Services.
3.1 Registration and Profile Data
- Full name
- Date of birth and age
- Gender
- Nationality and ethnicity
- Religion and religious practices
- Country and city of residence
- Email address
- Phone number
- Profile photographs and images
- Height, weight, and physical description
- Educational qualifications
- Occupation and income range
- Marital status and family background
- Dietary preferences and lifestyle information
- Partner preferences and compatibility criteria
3.2 Identity Verification Data
To maintain a safe and authentic platform, we collect your National Identity Card (NIC) or equivalent government-issued identification document for identity verification purposes.
Important: NIC images and identity documents submitted for verification are processed solely for the purpose of verifying your identity. Once verification is completed by a member of our human verification team, your NIC image is automatically and permanently deleted from our systems. We do not retain copies of your identity documents after verification. This deletion is an automatic system process and does not require you to request it separately.
3.3 Profile Images and Media
- Profile photographs uploaded by you to the Platform
- Additional images shared within your profile
All images uploaded to the Platform are processed through our security system. Every image is stamped with a cryptographically hashed digital signature and watermark unique to our platform. This signature is used to verify the authenticity and origin of images within our system and to help identify unauthorised distribution of images from the Platform.
3.4 Communications Data
- Messages exchanged with other members through the Platform's messaging system
- Correspondence with our support team
- Feedback and survey responses
3.5 Payment and Subscription Data
- Subscription plan details
- Transaction history and billing dates
- Payment method type (card type, last four digits — processed by Revolut, not stored by us)
We do not store your full card details, bank account numbers, or any sensitive payment credentials. All payment processing is handled exclusively by Revolut, a regulated financial services provider. Revolut ensures end-to-end encrypted payment processing with no intermediaries. For information on how Revolut handles your payment data, please refer to Revolut's Privacy Policy.
3.6 Technical and Usage Data
- IP address
- Browser type and version
- Device type, operating system, and device identifiers
- Pages visited and features used
- Time and date of access
- Referral source and navigation paths
- Session duration and engagement metrics
4. Legal Bases for Processing
We process your personal data under the following legal bases, as required by the PDPA and UK GDPR:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and profile management | Performance of a contract / Your consent |
| Identity verification via NIC | Legal obligation / Legitimate interests |
| Displaying your profile to other members | Performance of a contract |
| Sending you matches and recommendations | Performance of a contract / Legitimate interests |
| Payment processing and subscription management | Performance of a contract |
| Security, fraud prevention, and anti-spam | Legitimate interests |
| Sending marketing communications | Your consent |
| Analytics and service improvement | Legitimate interests |
| Compliance with legal obligations | Legal obligation |
Where we rely on your consent, you have the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
---
5. Identity Verification
5.1 Human-Led Verification
Our identity verification process is carried out by trained human members of our team — not by automated bots or AI systems. Our verification team reviews submitted NIC images to confirm that profile information is genuine and consistent with the submitted document.
5.2 Automatic Deletion After Verification
Once your identity has been verified, your NIC image is automatically deleted from our systems without delay. You do not need to request this deletion — it is built into the verification workflow as a default system behaviour.
5.3 Failure to Verify
If you fail to complete identity verification, we reserve the right to restrict or suspend your access to certain features of the Platform or to terminate your account.
---
6. Profile Images and Content Security
6.1 Cryptographic Image Signing
All images uploaded to the Platform are processed and stamped with a cryptographically hashed digital signature and a platform watermark. This enables us to:
- Verify the origin and integrity of images within our system
- Help detect and respond to unauthorised distribution of images from the Platform
- Maintain a record of image provenance for security and abuse-prevention purposes
6.2 Limitation of Liability for Images
While we implement technical security measures to protect images within our Platform, we acknowledge certain limitations:
- Screenshots are beyond our control. We cannot prevent other users from taking screenshots of content on the Platform, and we bear no liability for the distribution of screenshots taken by third parties.
- User responsibility for uploaded content. You are solely responsible for the images and content you upload to the Platform. By uploading an image, you confirm that you have the right to do so and that it does not violate the rights of any third party.
- Deepfakes and manipulated media. We are not responsible for and cannot guarantee the detection of all deepfakes, AI-generated images, or otherwise manipulated media uploaded by users. While our team actively filters suspicious content, sophisticated deepfakes are beyond our technical ability to guarantee detection. If you suspect an image is a deepfake or manipulated, please report it immediately through our reporting tools.
6.3 Active Content Moderation
Our team actively monitors the Platform to filter and remove:
- Fake profiles and fraudulent accounts
- Fake or manipulated images
- Spam content and unsolicited communications
- Impersonation of other individuals or public figures
---
7. Impersonation and User Reporting Obligations
While we actively moderate the Platform, detecting impersonation entirely through automated or manual review is not always possible. Our monitoring systems are not designed to proactively identify every case of impersonation across the Platform.
You are responsible for reporting impersonation. If you believe that another user is impersonating you, a family member, or any other individual, you must report this to us immediately through our in-app reporting feature or by contacting us at abuse@apidenna.com.
Our system is not liable for failing to proactively detect impersonation that has not been reported to us. Upon receiving a report, we will investigate and take appropriate action, which may include suspending or permanently removing the offending account.
---
8. Subscriptions and Payments
8.1 Subscription Model
Apidenna operates on a subscription-based model. Subscriptions may be offered on a monthly, annual, or other periodic basis and will automatically renew at the end of each billing period unless you cancel before the renewal date.
You are solely responsible for managing and cancelling your subscription. We will not issue refunds for subscription periods that have already begun due to a failure to cancel. Instructions for cancelling your subscription are available in your account settings.
8.2 Payment Processing by Revolut
All payments are processed through Revolut under the Revolut Merchant API. Revolut provides:
- End-to-end encrypted payment processing
- PCI-DSS compliant card handling
- No storage of your full card details by Apidenna at any point
Apidenna does not act as a payment intermediary and does not have access to your full card number, CVV, or banking credentials. Recurring billing is managed through Revolut's secure payment infrastructure.
8.3 Payment Data Retention
We retain records of your subscription history, transaction identifiers, and billing dates for legal, accounting, and fraud prevention purposes in accordance with applicable financial regulations. These records do not include your full card information.
---
10. Database Security and Infrastructure
Our Platform's backend database is hosted and managed through Supabase. Data protection obligations at the infrastructure level — including database encryption at rest, encryption in transit, access control, and backup security — are governed by Supabase's security architecture and contractual commitments.
Apidenna is responsible for:
- Configuring appropriate access controls within our Supabase environment
- Implementing row-level security policies to ensure data isolation between users
- Ensuring that only authorised team members can access personally identifiable data
- Monitoring for unusual access patterns or potential breaches
You can review Supabase's security and compliance documentation at supabase.com/security.
---
11. Cross-Border Data Transfers
Your personal data may be transferred to and stored in countries outside of Sri Lanka and the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place, including:
- Transferring to countries that have been recognised as providing adequate data protection by the relevant authority
- Using standard contractual clauses or equivalent safeguard mechanisms as required under the PDPA and UK GDPR
- Ensuring that service providers processing data on our behalf are contractually bound to equivalent data protection standards
Where you have provided explicit consent and been informed of the risks, certain transfers may also be made on that basis.
---
13. Your Rights as a Data Subject
Under the PDPA and UK GDPR, you have the following rights regarding your personal data:
13.1 Right of Access
You have the right to request confirmation of whether we process your personal data and to obtain a copy of the personal data we hold about you.
13.2 Right to Rectification
You have the right to request the correction of inaccurate or incomplete personal data we hold about you.
13.3 Right to Erasure
You have the right to request deletion of your personal data where:
- The data is no longer necessary for the purpose for which it was collected
- You withdraw your consent and there is no other legal basis for processing
- The data has been processed in contravention of applicable law
Certain data may be retained for legal, regulatory, or legitimate business purposes notwithstanding an erasure request.
13.4 Right to Withdraw Consent
Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing prior to withdrawal.
13.5 Right to Object
You have the right to object to processing of your personal data where that processing is based on legitimate interests or is for direct marketing purposes.
13.6 Right to Restriction
You have the right to request that we restrict the processing of your personal data in certain circumstances (e.g. while a rectification request is being resolved).
13.7 Rights Regarding Automated Decision-Making
We do not make decisions that produce significant legal or similarly significant effects on you based solely on automated processing without human involvement. Where any automated process is used in matching or profile recommendations, human oversight is maintained.
13.8 How to Exercise Your Rights
To exercise any of the above rights, please contact us at:
Email: privacy@apidenna.com
We will respond to your request within 21 working days, in accordance with the PDPA. We may request proof of identity before processing your request. If your request is refused, you will be informed of the reasons and your right to appeal to the Data Protection Authority of Sri Lanka.
---
14. Data Retention
We retain your personal data for as long as your account remains active or as necessary to provide our Services. Specific retention periods:
| Data Type | Retention Period |
|---|---|
| Account and profile data | For the duration of the account, plus up to 2 years after deletion |
| NIC and identity documents | Deleted immediately upon completion of verification |
| Profile images | For the duration of the account; deleted upon account deletion request |
| Payment and transaction records | 7 years (for legal and accounting compliance) |
| Communications with support | Up to 3 years |
| Log and usage data | Up to 12 months |
| Cookie data | Varies by cookie type; session to 24 months |
---
15. Children's Privacy
Our Services are intended solely for adults of marriageable age. We do not knowingly collect personal data from children under the age of 16. If you are under 16, you must not use our Services or submit any personal data to us.
If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take immediate steps to delete that data.
---
16. Direct Marketing
We will only send you marketing communications where you have given your explicit consent to receive them. Every marketing communication will include a clear and free opt-out mechanism. You may withdraw your consent to marketing at any time by:
- Using the unsubscribe link in any marketing email
- Updating your communication preferences in your account settings
- Contacting us at =legal@apidenna.com
Withdrawal of marketing consent does not affect the receipt of transactional or service-related communications (e.g. subscription confirmations, account alerts).
---
17. Security Measures
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:
- Encryption of data in transit (TLS/SSL) and at rest
- Cryptographic signing of user images
- Role-based access controls limiting data access to authorised personnel only
- Regular security reviews and vulnerability assessments
- Automatic deletion of sensitive verification documents post-verification
- Human-led identity verification processes
- Active moderation and content filtering
Despite these measures, no system is completely secure, and we cannot guarantee absolute security of your data. If you become aware of any security breach or vulnerability relating to the Platform, please notify us immediately at legal@apidenna.com.
---
18. Personal Data Breaches
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Authority of Sri Lanka in the form and manner required by the PDPA. Where required and feasible, we will also notify affected data subjects without undue delay.
---
19. User Responsibilities
By using the Platform, you accept the following responsibilities:
- You will provide accurate and truthful information during registration and thereafter
- You will keep your account credentials secure and not share them with third parties
- You will only upload images of yourself and content that you have the right to share
- You will report impersonation, fake profiles, and suspicious activity to us promptly
- You will cancel your subscription before the renewal date if you do not wish to be charged for the next period
- You understand that screenshots and content shared outside the Platform are beyond our control
- You accept responsibility for any content you upload, including images that may later be claimed to be deepfakes or manipulated media, if you were aware of such manipulation
---
20. Limitation of Liability for User-Generated Content
Apidenna provides infrastructure and moderation tools but is not an editor or publisher of user-generated content. Accordingly:
- We are not liable for the accuracy, authenticity, or legality of content uploaded by users, including profile photographs, descriptions, and any other information provided by members.
- We are not liable for deepfake or AI-generated images uploaded to the Platform by users acting in bad faith.
- We are not liable for the distribution of screenshots or content taken from the Platform by other users, as this is outside our technical control.
- We are not responsible for the conduct of users outside the Platform or for what users do with information or images accessed through the Platform.
We take a proactive approach to moderation, but we cannot guarantee the detection of every instance of fraudulent, fake, or harmful content.
---
21. Third-Party Links and Services
The Platform may contain links to third-party websites or integrate with third-party services (including Revolut for payments and Supabase for infrastructure). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Platform.
---
22. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or the Services we offer. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify you by email (where we hold your email address) or through a prominent notice on the Platform
Your continued use of the Platform following notification of changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the updated policy, you must stop using the Services and may request deletion of your account.
---
24. Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:
Apidenna.com LTD Email: legal@apidenna.com Abuse & Impersonation Reports: abuse@apidenna.com Security Issues: support@apidenna.com Website: www.apidenna.com
---
*This Privacy Policy was last reviewed and updated on 13 June 2025 by Apidenna.com LTD.*
*Apidenna.com LTD reserves the right to amend this Privacy Policy at any time. The most current version will always be available at www.apidenna.com/privacy.*
Questions about this policy? Contact us at legal@apidenna.com.

