Privacy Policy
Last updated: April 2026
1. What we collect
We collect the following categories of data:
- Identity, name, date of birth, gender, National Identity Card (NIC) number and photos of both sides of the NIC, address proof when required, driving licence for Providers.
- Contact, email address, phone number, home or business address.
- Financial, bank account name, branch and account number (Providers only), payment slip images, transaction references.
- Listings, vehicle/item details, insurance and revenue licence information, photos, availability calendar.
- Transaction, bookings, handover videos/photos, ratings, reviews, disputes, audit log entries for admin actions.
- Technical, IP address, device/browser info, affiliate referral code, usage analytics.
2. How we use it
- Verify identity before allowing listings or bookings.
- Match Customers with Providers and process bookings.
- Hold and release deposits, pay Provider share, track affiliate commissions.
- Route communications between parties without exposing direct contact.
- Resolve disputes using the handover evidence you upload.
- Send transactional emails (confirmations, receipts, reminders).
- Detect and prevent fraud.
3. Who can see what
Your private details, NIC, phone number, bank account, are visible only to ABC Solution staff who need them to verify, process payments, or resolve disputes. Other users see only what's necessary:
- A masked version of your name (e.g. "Danushan J.") on public reviews.
- Your public listing code (e.g. CAR-8842), not your real name or contact.
- For workers, a public code (e.g. Worker #1234).
Direct phone numbers and email addresses are never exchanged between Customers and Providers.
4. Data storage & security
Data is stored on Supabase PostgreSQL (Singapore region) and files (NIC, handover videos, payment slips) in private Supabase Storage buckets. Access requires signed URLs that expire after one hour. Only authenticated admin roles can read KYC and payment-slip files. Every admin action is audit-logged with the actor, timestamp, and before/after values.
5. Third-party processors
We share necessary data with:
- Supabase (authentication, database, file storage).
- Dialog eSMS (phone OTP delivery, they receive only your mobile number and the message).
- Resend (transactional email delivery).
- Vercel (hosting the website).
- Railway (hosting the API).
We do not sell or rent your personal data to any third party.
6. How long we keep it
- Active accounts: for the life of the account plus 7 years for audit and tax.
- Cancelled / deleted accounts: identity data scrubbed within 30 days, except transaction records retained for regulatory compliance.
- Handover videos: retained 2 years after booking completion.
7. Your rights
You can, at any time:
- Access the data we hold on you (email privacy@abcsolution.lk).
- Correct your name, phone, email, or address from your dashboard.
- Request deletion of your account.
- Withdraw affiliate participation or stop receiving marketing messages.
8. Cookies
We use essential cookies to keep you logged in and remember affiliate referrals. We do not set third-party advertising or cross-site tracking cookies.
9. Children
ABC Solution is not available to users under 18. We do not knowingly collect data from anyone below 18. If we learn that we have, we will delete the account immediately.
10. Changes to this policy
Material changes will be notified to registered users at least 7 days before taking effect.
11. Contact
Data protection questions: privacy@abcsolution.lk · +94 75 550 7777
ABC Solution (PVT) LTD, 43/4 Udayar Lane, Potpathy Road, Jaffna 40000.