Privacy Policy

We collect information that you provide directly to us, information we collect automatically when you use our platform, and information from third-party services where you have given permission to share it.

We use the information we collect for the following purposes, always based on a lawful basis under applicable data protection law:

• To create and manage your account and provide access to our platform features.
• To process transactions for premium content purchases and send payment receipts.
• To personalise your experience — for example, remembering your grade selection and subject preferences.
• To send you important service communications, such as account confirmations, password resets, and security alerts. These cannot be opted out of while you hold an account.
• To send you optional promotional emails about new study materials, platform updates, or special offers — you may unsubscribe at any time.
• To analyse usage patterns so we can improve the quality, relevance, and performance of our study materials and platform.
• To detect, prevent, and respond to fraud, abuse, or security incidents.
• To comply with legal obligations under Sri Lankan law and other applicable regulations.

We will never sell your personal data to third parties or use it for purposes incompatible with those stated above without first obtaining your explicit consent.

We do not sell, trade, or rent your personal information. We may share your data only in the following limited circumstances:

• Service providers: We work with trusted third-party vendors (e.g., cloud hosting, payment processors, email delivery services) who process data on our behalf under strict data processing agreements.
• Analytics: We use privacy-respecting analytics tools to understand aggregate platform usage. Where possible, we anonymise data before sharing it with analytics providers.
• Legal requirements: We may disclose your information if required to do so by law or in response to valid legal processes, such as a court order.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

Protecting your data is one of our highest priorities. We implement a range of technical and organisational security measures to safeguard your personal information against unauthorised access, alteration, disclosure, or destruction.

• All data transmitted between your browser and our servers is encrypted using industry-standard TLS (HTTPS).
• Passwords are stored using strong, salted cryptographic hashing algorithms — we cannot view or recover your password.
• Access to personal data within our team is restricted on a strict need-to-know basis, with role-based access controls.
• Our infrastructure undergoes regular security reviews, and we apply software updates and security patches promptly.
• Payment transactions are processed by a PCI-DSS compliant payment gateway; we do not store payment card details.

While we take every reasonable precaution, no system is completely immune to risk. In the unlikely event of a data breach that may affect your rights or freedoms, we will notify you and the relevant authorities in accordance with our legal obligations, without undue delay.

We use cookies and similar technologies to make our platform work correctly, to improve your experience, and to understand how our services are used. A cookie is a small text file stored on your device by your browser.

You can manage or delete cookies through your browser settings at any time. Please note that disabling essential cookies may prevent some features of the platform from working correctly. For more information on managing cookies, visit allaboutcookies.org.

Depending on your location and applicable law, you may have the following rights regarding your personal data:

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may ask us to correct inaccurate or incomplete data.
• Right to erasure: You may request that we delete your personal data, subject to certain legal exceptions.
• Right to restriction: You may ask us to limit how we process your data in certain circumstances.
• Right to data portability: You may request your data in a structured, machine-readable format.
• Right to object: You may object to our processing of your data for direct marketing purposes at any time.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@apedanuma.lk. We will respond to your request within 30 days.

Our platform is designed for students preparing for the G.C.E. O/L examination, which typically includes students aged 14–16. We do not knowingly collect personal data from children under the age of 13 without verifiable parental consent. If you are a parent or guardian and believe your child under 13 has provided us with personal information without your consent, please contact us immediately and we will take steps to remove that data.

For users aged 13–17, we encourage parents and guardians to be involved in their child's use of the platform and to review this Privacy Policy together.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will notify you by email (if you have an account) and by posting a prominent notice on our platform for a reasonable period before the changes take effect.

We encourage you to review this page periodically. The “Last updated” date at the top of this policy indicates when it was most recently revised. Your continued use of the platform after changes become effective constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please do not hesitate to get in touch.