Legal

Privacy Policy

Apidenna.com LTD

Effective Date: 13 June 2025

Last Updated: 13 June 2025

Table of ContentsShow

1. Introduction

Welcome to Apidenna ("we", "us", "our", "the Platform"). Apidenna.com LTD is a matrimony platform connecting members of the Sri Lankan diaspora and community. We are committed to protecting your personal data in accordance with the Personal Data Protection Act, No. 9 of 2022 of Sri Lanka (PDPA), the UK General Data Protection Regulation (UK GDPR), and all other applicable data protection laws.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website, mobile application, and related services (collectively, "Services"). By registering for or using our Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.

If you do not agree with this Privacy Policy, you must not use our Services.

---

2. Who We Are

Apidenna.com LTD is the data controller responsible for your personal data collected through the Platform. For purposes of the PDPA and UK GDPR, Apidenna.com LTD determines the means and purposes of processing your personal data.

For any privacy-related inquiries, you may contact us at:

Data Protection Contact Email: legal@apidenna.com Website: www.apidenna.com

---

3. Personal Data We Collect

We collect personal data that you provide directly to us, as well as data generated through your use of our Services.

3.1 Registration and Profile Data

  • Full name
  • Date of birth and age
  • Gender
  • Nationality and ethnicity
  • Religion and religious practices
  • Country and city of residence
  • Email address
  • Phone number
  • Profile photographs and images
  • Height, weight, and physical description
  • Educational qualifications
  • Occupation and income range
  • Marital status and family background
  • Dietary preferences and lifestyle information
  • Partner preferences and compatibility criteria

3.2 Identity Verification Data

To maintain a safe and authentic platform, we collect your National Identity Card (NIC) or equivalent government-issued identification document for identity verification purposes.

Important: NIC images and identity documents submitted for verification are processed solely for the purpose of verifying your identity. Once verification is completed by a member of our human verification team, your NIC image is automatically and permanently deleted from our systems. We do not retain copies of your identity documents after verification. This deletion is an automatic system process and does not require you to request it separately.

3.3 Profile Images and Media

  • Profile photographs uploaded by you to the Platform
  • Additional images shared within your profile

All images uploaded to the Platform are processed through our security system. Every image is stamped with a cryptographically hashed digital signature and watermark unique to our platform. This signature is used to verify the authenticity and origin of images within our system and to help identify unauthorised distribution of images from the Platform.

3.4 Communications Data

  • Messages exchanged with other members through the Platform's messaging system
  • Correspondence with our support team
  • Feedback and survey responses

3.5 Payment and Subscription Data

  • Subscription plan details
  • Transaction history and billing dates
  • Payment method type (card type, last four digits — processed by Revolut, not stored by us)

We do not store your full card details, bank account numbers, or any sensitive payment credentials. All payment processing is handled exclusively by Revolut, a regulated financial services provider. Revolut ensures end-to-end encrypted payment processing with no intermediaries. For information on how Revolut handles your payment data, please refer to Revolut's Privacy Policy.

3.6 Technical and Usage Data

  • IP address
  • Browser type and version
  • Device type, operating system, and device identifiers
  • Pages visited and features used
  • Time and date of access
  • Referral source and navigation paths
  • Session duration and engagement metrics

5. Identity Verification

5.1 Human-Led Verification

Our identity verification process is carried out by trained human members of our team — not by automated bots or AI systems. Our verification team reviews submitted NIC images to confirm that profile information is genuine and consistent with the submitted document.

5.2 Automatic Deletion After Verification

Once your identity has been verified, your NIC image is automatically deleted from our systems without delay. You do not need to request this deletion — it is built into the verification workflow as a default system behaviour.

5.3 Failure to Verify

If you fail to complete identity verification, we reserve the right to restrict or suspend your access to certain features of the Platform or to terminate your account.

---

6. Profile Images and Content Security

6.1 Cryptographic Image Signing

All images uploaded to the Platform are processed and stamped with a cryptographically hashed digital signature and a platform watermark. This enables us to:

  • Verify the origin and integrity of images within our system
  • Help detect and respond to unauthorised distribution of images from the Platform
  • Maintain a record of image provenance for security and abuse-prevention purposes

6.2 Limitation of Liability for Images

While we implement technical security measures to protect images within our Platform, we acknowledge certain limitations:

  • Screenshots are beyond our control. We cannot prevent other users from taking screenshots of content on the Platform, and we bear no liability for the distribution of screenshots taken by third parties.
  • User responsibility for uploaded content. You are solely responsible for the images and content you upload to the Platform. By uploading an image, you confirm that you have the right to do so and that it does not violate the rights of any third party.
  • Deepfakes and manipulated media. We are not responsible for and cannot guarantee the detection of all deepfakes, AI-generated images, or otherwise manipulated media uploaded by users. While our team actively filters suspicious content, sophisticated deepfakes are beyond our technical ability to guarantee detection. If you suspect an image is a deepfake or manipulated, please report it immediately through our reporting tools.

6.3 Active Content Moderation

Our team actively monitors the Platform to filter and remove:

  • Fake profiles and fraudulent accounts
  • Fake or manipulated images
  • Spam content and unsolicited communications
  • Impersonation of other individuals or public figures

---

7. Impersonation and User Reporting Obligations

While we actively moderate the Platform, detecting impersonation entirely through automated or manual review is not always possible. Our monitoring systems are not designed to proactively identify every case of impersonation across the Platform.

You are responsible for reporting impersonation. If you believe that another user is impersonating you, a family member, or any other individual, you must report this to us immediately through our in-app reporting feature or by contacting us at abuse@apidenna.com.

Our system is not liable for failing to proactively detect impersonation that has not been reported to us. Upon receiving a report, we will investigate and take appropriate action, which may include suspending or permanently removing the offending account.

---

8. Subscriptions and Payments

8.1 Subscription Model

Apidenna operates on a subscription-based model. Subscriptions may be offered on a monthly, annual, or other periodic basis and will automatically renew at the end of each billing period unless you cancel before the renewal date.

You are solely responsible for managing and cancelling your subscription. We will not issue refunds for subscription periods that have already begun due to a failure to cancel. Instructions for cancelling your subscription are available in your account settings.

8.2 Payment Processing by Revolut

All payments are processed through Revolut under the Revolut Merchant API. Revolut provides:

  • End-to-end encrypted payment processing
  • PCI-DSS compliant card handling
  • No storage of your full card details by Apidenna at any point

Apidenna does not act as a payment intermediary and does not have access to your full card number, CVV, or banking credentials. Recurring billing is managed through Revolut's secure payment infrastructure.

8.3 Payment Data Retention

We retain records of your subscription history, transaction identifiers, and billing dates for legal, accounting, and fraud prevention purposes in accordance with applicable financial regulations. These records do not include your full card information.

---

9. How We Share Your Personal Data

We do not sell your personal data to third parties. We may share your data in the following circumstances:

9.1 With Other Platform Members

Your profile information, photographs, and preferences are visible to other registered members of the Platform as part of the matchmaking service. You can control the visibility of certain profile fields through your account privacy settings.

9.2 With Service Providers

We share data with trusted third-party service providers who assist in operating the Platform, including:

  • Supabase — our database and backend infrastructure provider. Your personal data stored in our database is subject to Supabase's data protection and security standards. Supabase maintains SOC 2 Type II compliance and implements industry-standard security controls. For more information, see Supabase's Privacy Policy.
  • Revolut — payment processing
  • Hosting and cloud infrastructure providers
  • Email and communication service providers
  • Analytics providers

All service providers are contractually bound to process your data only on our instructions and in compliance with applicable data protection laws.

9.4 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our assets, your personal data may be transferred to the acquiring entity, provided that the acquiring entity agrees to uphold this Privacy Policy or provide equivalent protections.

---

10. Database Security and Infrastructure

Our Platform's backend database is hosted and managed through Supabase. Data protection obligations at the infrastructure level — including database encryption at rest, encryption in transit, access control, and backup security — are governed by Supabase's security architecture and contractual commitments.

Apidenna is responsible for:

  • Configuring appropriate access controls within our Supabase environment
  • Implementing row-level security policies to ensure data isolation between users
  • Ensuring that only authorised team members can access personally identifiable data
  • Monitoring for unusual access patterns or potential breaches

You can review Supabase's security and compliance documentation at supabase.com/security.

---

11. Cross-Border Data Transfers

Your personal data may be transferred to and stored in countries outside of Sri Lanka and the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place, including:

  • Transferring to countries that have been recognised as providing adequate data protection by the relevant authority
  • Using standard contractual clauses or equivalent safeguard mechanisms as required under the PDPA and UK GDPR
  • Ensuring that service providers processing data on our behalf are contractually bound to equivalent data protection standards

Where you have provided explicit consent and been informed of the risks, certain transfers may also be made on that basis.

---

12. Cookies

We use cookies and similar tracking technologies to enhance your experience on the Platform, analyse usage, and support our security and fraud-prevention measures.

12.1 Types of Cookies We Use

Cookie TypePurpose
Essential CookiesRequired for the Platform to function. These cannot be disabled.
Authentication CookiesMaintain your logged-in session and account security.
Analytics CookiesHelp us understand how users interact with the Platform (e.g. page views, session duration).
Preference CookiesRemember your settings and preferences (e.g. language, display options).
Security CookiesDetect fraudulent activity and protect account integrity.
Marketing CookiesUsed to show you relevant advertisements or promotions, where you have consented.

13. Your Rights as a Data Subject

Under the PDPA and UK GDPR, you have the following rights regarding your personal data:

13.1 Right of Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of the personal data we hold about you.

13.2 Right to Rectification

You have the right to request the correction of inaccurate or incomplete personal data we hold about you.

13.3 Right to Erasure

You have the right to request deletion of your personal data where:

  • The data is no longer necessary for the purpose for which it was collected
  • You withdraw your consent and there is no other legal basis for processing
  • The data has been processed in contravention of applicable law

Certain data may be retained for legal, regulatory, or legitimate business purposes notwithstanding an erasure request.

13.5 Right to Object

You have the right to object to processing of your personal data where that processing is based on legitimate interests or is for direct marketing purposes.

13.6 Right to Restriction

You have the right to request that we restrict the processing of your personal data in certain circumstances (e.g. while a rectification request is being resolved).

13.7 Rights Regarding Automated Decision-Making

We do not make decisions that produce significant legal or similarly significant effects on you based solely on automated processing without human involvement. Where any automated process is used in matching or profile recommendations, human oversight is maintained.

13.8 How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

Email: privacy@apidenna.com

We will respond to your request within 21 working days, in accordance with the PDPA. We may request proof of identity before processing your request. If your request is refused, you will be informed of the reasons and your right to appeal to the Data Protection Authority of Sri Lanka.

---

14. Data Retention

We retain your personal data for as long as your account remains active or as necessary to provide our Services. Specific retention periods:

Data TypeRetention Period
Account and profile dataFor the duration of the account, plus up to 2 years after deletion
NIC and identity documentsDeleted immediately upon completion of verification
Profile imagesFor the duration of the account; deleted upon account deletion request
Payment and transaction records7 years (for legal and accounting compliance)
Communications with supportUp to 3 years
Log and usage dataUp to 12 months
Cookie dataVaries by cookie type; session to 24 months

---

15. Children's Privacy

Our Services are intended solely for adults of marriageable age. We do not knowingly collect personal data from children under the age of 16. If you are under 16, you must not use our Services or submit any personal data to us.

If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take immediate steps to delete that data.

---

16. Direct Marketing

We will only send you marketing communications where you have given your explicit consent to receive them. Every marketing communication will include a clear and free opt-out mechanism. You may withdraw your consent to marketing at any time by:

  • Using the unsubscribe link in any marketing email
  • Updating your communication preferences in your account settings
  • Contacting us at =legal@apidenna.com

Withdrawal of marketing consent does not affect the receipt of transactional or service-related communications (e.g. subscription confirmations, account alerts).

---

17. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These include:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Cryptographic signing of user images
  • Role-based access controls limiting data access to authorised personnel only
  • Regular security reviews and vulnerability assessments
  • Automatic deletion of sensitive verification documents post-verification
  • Human-led identity verification processes
  • Active moderation and content filtering

Despite these measures, no system is completely secure, and we cannot guarantee absolute security of your data. If you become aware of any security breach or vulnerability relating to the Platform, please notify us immediately at legal@apidenna.com.

---

18. Personal Data Breaches

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Data Protection Authority of Sri Lanka in the form and manner required by the PDPA. Where required and feasible, we will also notify affected data subjects without undue delay.

---

19. User Responsibilities

By using the Platform, you accept the following responsibilities:

  • You will provide accurate and truthful information during registration and thereafter
  • You will keep your account credentials secure and not share them with third parties
  • You will only upload images of yourself and content that you have the right to share
  • You will report impersonation, fake profiles, and suspicious activity to us promptly
  • You will cancel your subscription before the renewal date if you do not wish to be charged for the next period
  • You understand that screenshots and content shared outside the Platform are beyond our control
  • You accept responsibility for any content you upload, including images that may later be claimed to be deepfakes or manipulated media, if you were aware of such manipulation

---

20. Limitation of Liability for User-Generated Content

Apidenna provides infrastructure and moderation tools but is not an editor or publisher of user-generated content. Accordingly:

  • We are not liable for the accuracy, authenticity, or legality of content uploaded by users, including profile photographs, descriptions, and any other information provided by members.
  • We are not liable for deepfake or AI-generated images uploaded to the Platform by users acting in bad faith.
  • We are not liable for the distribution of screenshots or content taken from the Platform by other users, as this is outside our technical control.
  • We are not responsible for the conduct of users outside the Platform or for what users do with information or images accessed through the Platform.

We take a proactive approach to moderation, but we cannot guarantee the detection of every instance of fraudulent, fake, or harmful content.

---

22. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or the Services we offer. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you by email (where we hold your email address) or through a prominent notice on the Platform

Your continued use of the Platform following notification of changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the updated policy, you must stop using the Services and may request deletion of your account.

---

23. Governing Law and Regulatory Authority

This Privacy Policy is governed by and interpreted in accordance with the Personal Data Protection Act, No. 9 of 2022 of Sri Lanka and, where applicable, the UK General Data Protection Regulation (UK GDPR).

The primary supervisory authority for data protection matters under this policy is the Data Protection Authority of Sri Lanka. Where the UK GDPR applies, the relevant supervisory authority is the Information Commissioner's Office (ICO) of the United Kingdom.

Appeals against our decisions regarding data subject rights may be made to the Data Protection Authority of Sri Lanka within 21 working days of receiving our decision. Decisions of the Authority may be further appealed to the Court of Appeal within 21 working days.

---

24. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:

Apidenna.com LTD Email: legal@apidenna.com Abuse & Impersonation Reports: abuse@apidenna.com Security Issues: support@apidenna.com Website: www.apidenna.com

---

*This Privacy Policy was last reviewed and updated on 13 June 2025 by Apidenna.com LTD.*

*Apidenna.com LTD reserves the right to amend this Privacy Policy at any time. The most current version will always be available at www.apidenna.com/privacy.*

Questions about this policy? Contact us at legal@apidenna.com.