1. Introduction

Welcome to eventQR.lk ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital photo guestbook platform.

This Privacy Policy applies to all users of eventQR.lk, including event hosts, guests who upload photos, and visitors to our website. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide to Us

Account Information: When you create an account, we collect:

• Email address (required for account creation and verification)
• Password (stored securely using industry-standard hashing)
• Name (required for account creation)

Event Information: When you create an event, we collect:

• Event name
• Event date
• Customization preferences (colors, templates, etc.)
• Gallery settings (privacy, approval requirements, etc.)

Shipping Information: If you order printed QR code cards, we collect:

• Shipping name
• Shipping address (street, city, state, postal code, country)
• Shipping phone number

Payment Information: Payment processing is handled by PayHere, a licensed payment gateway in Sri Lanka. We do not store your credit card or bank account details. PayHere processes payments according to their own privacy policy and security standards.

2.2 Content You Upload

Photos and Videos: When photos or videos are uploaded to an event:

• We store the image/video files and associated metadata (file size, dimensions, content type)
• If enabled by the event host, we may collect the uploader's name
• We may collect a hashed version of the uploader's IP address for security and abuse prevention
• We may collect a session identifier to prevent spam uploads

2.3 Automatically Collected Information

When you use our Service, we automatically collect certain information, including:

• Device information (browser type, operating system)
• Usage data (pages visited, features used, time spent)
• IP address (may be hashed for security purposes)
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Provision: To create and manage your events, generate QR codes, and enable photo uploads
• Account Management: To create and maintain your account, verify your email address, and provide customer support
• Payment Processing: To process payments for event creation and optional services
• Shipping: To fulfill orders for printed QR code cards and track delivery status
• Security: To detect and prevent fraud, abuse, and unauthorized access
• Communication: To send you important updates about your events, account, or orders
• Improvement: To analyze usage patterns and improve our Service
• Legal Compliance: To comply with applicable laws and regulations in Sri Lanka

4. How We Share Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

4.1 With Your Consent

We may share your information when you explicitly consent to such sharing.

4.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating our Service, including:

• Cloud Storage Providers: To store photos and videos (e.g., AWS S3 or Cloudflare R2)
• Payment Processors: PayHere for processing payments
• Email Services: To send transactional and account-related emails
• Database Providers: To store and manage data
• Analytics Services: To understand how our Service is used (anonymized data)

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, government agencies) in Sri Lanka.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Storage and Security

Storage Location: Your data is stored on secure servers, which may be located outside of Sri Lanka. We use industry-standard security measures to protect your information.

Security Measures: We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (HTTPS/TLS)
• Secure password hashing (bcrypt)
• Access controls and authentication
• Regular security assessments
• IP address hashing for privacy protection

Data Retention:

• Event galleries are accessible for 12 months from the event date
• Account information is retained while your account is active
• We may retain certain information for legal, accounting, or security purposes even after account deletion
• Payment records are retained as required by Sri Lankan financial regulations

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

You have the following rights regarding your personal information:

6.1 Access and Correction

You can access and update your account information at any time through your account settings. You can also request a copy of your personal data by contacting us.

6.2 Deletion

You can delete your account at any time through your account settings. This will delete your account information, but:

• Event galleries may remain accessible to event hosts until the 12-month period expires
• We may retain certain information as required by law or for legitimate business purposes

6.3 Email Communications

You can opt out of marketing emails by clicking the unsubscribe link in any marketing email. However, we may still send you important transactional emails related to your account or events.

6.4 Cookies

Most web browsers accept cookies by default. You can modify your browser settings to decline cookies, but this may affect your ability to use certain features of our Service.

7. Guest Privacy

Guests who upload photos to events do not need to create accounts. We collect minimal information from guests:

• Uploaded photos and videos (owned by the guest but licensed to the event host)
• Uploader name (only if the event host has enabled this feature)
• Hashed IP address (for security and abuse prevention)
• Session identifier (to prevent spam)

Guests' uploaded content is accessible to the event host and, if the gallery is public, to other guests. Guests should only upload content they are comfortable sharing with the event host and other guests.

8. Children's Privacy

Our Service is not intended for children under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

9. International Data Transfers

Your information may be transferred to and stored on servers located outside of Sri Lanka. By using our Service, you consent to the transfer of your information to these servers.

We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy, regardless of where it is stored.

10. Third-Party Links

Our Service may contain links to third-party websites or services (such as PayHere for payments). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information to them.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date at the top of this page
• Sending you an email notification (for significant changes)

Your continued use of the Service after any changes constitutes your acceptance of the new Privacy Policy.

12. Compliance with Sri Lankan Laws

We comply with applicable data protection and privacy laws in Sri Lanka. While Sri Lanka does not currently have a comprehensive data protection law, we follow international best practices and standards for data protection.

If you have concerns about how we handle your personal information, you may contact us or file a complaint with relevant authorities in Sri Lanka.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through:

• Our contact page at /contact
• Email: hello@eventqr.lk