Privacy Policy
Last Updated: June 26, 2026
This Privacy Policy explains how KnotShare collects, uses, shares, and protects your personal data, and the rights you have over it. It is issued in compliance with the Personal Data Protection Act, No. 9 of 2022 of Sri Lanka (the “PDPA”).
1. Who We Are (Data Controller)
KnotShare (Pvt) Ltd (“KnotShare,” “we,” “us,” or “our”), incorporated in Sri Lanka, is the data controller responsible for your personal data when you use the knotshare.com platform.
For any privacy-related matter, including to exercise your rights, you can contact our Data Protection Officer:
- Data Protection Officer: K. B. Weerasena
- Email: binal@knotshare.com (or support@knotshare.com)
2. Data We Collect
Depending on how you use KnotShare, we collect the following categories of personal data:
- Couples (account holders): name, email address, phone number, and bank account details (used solely for settling the payout owed to you).
- Purchasers buying a gift certificate: first and last name, email address, and phone number (for receipting, payment processing, and sharing your name with the couple for “thank you” purposes).
- Guests responding to an RSVP: name, mobile number (optional), number of attendees, and any note you choose to add.
- Disposable camera feature: photographs you choose to capture and upload, and — only if you grant your browser’s location permission — your approximate location at the time of capture. Location is used only to confirm the photo was taken at the event venue (geofencing). Granting location is optional; you can still take photos if you decline.
- Analytics & technical data: with your consent, we collect usage data through Microsoft Clarity (see Section 7).
3. How and Why We Use Your Data (Purpose & Legal Basis)
We process your personal data only for the purposes below, each with a lawful basis under the PDPA:
- To provide the service — create wedding pages, process gift-certificate purchases, manage RSVPs, and deliver the disposable-camera gallery. Legal basis: performance of a contract.
- To settle payouts to couples and issue receipts. Legal basis: performance of a contract; legal obligation.
- To communicate with you about your account, transactions, and event. Legal basis: performance of a contract; legitimate interests.
- To run the camera geofence and site analytics. Legal basis: your consent.
We do not sell your personal data to third parties, and we do not use it for automated decision-making that produces legal effects on you.
4. Payment Security
We do not store credit or debit card information. Card payments are processed by OnePay, a licensed payment gateway, which handles your card and transaction details under its own security standards. We receive only the payment status and the purchaser details needed to issue a receipt and notify the couple.
5. Who We Share Data With
We share personal data only as needed to run the service, with:
- The couple — purchaser and RSVP names (and related details) for the event they are hosting.
- OnePay — for payment processing.
- Google Firebase / Google Cloud — our hosting, database, and storage infrastructure.
- Brevo — for sending transactional emails.
- Microsoft Clarity — for analytics, only with your consent.
6. International Data Transfers
Some of our service providers (including Google, Microsoft, and Brevo) process data on servers located outside Sri Lanka. Where personal data is transferred abroad, we take reasonable steps, consistent with Section 26 of the PDPA, to ensure it remains protected by appropriate safeguards.
7. Analytics & Cookies
With your consent, we use Microsoft Clarity to understand how visitors interact with our site. Clarity captures usage data such as page interactions, clicks, scrolling, and anonymised session recordings (heatmaps) to help us improve the experience. Text inputs and sensitive fields are masked by default and are not recorded.
Analytics cookies load only after you accept them via our cookie banner. You can decline at any time, and we will not load Clarity if you do. For details on how Microsoft processes this data, see the Microsoft Privacy Statement.
8. Data Retention
We keep personal data for up to 10 years from the date of collection, or until it is no longer needed to fulfil the purposes described above — whichever comes first. You may request earlier deletion at any time (see Section 9); we will honour such requests unless we are required by law to retain the records (for example, for tax or accounting purposes). Financial and transaction records may be retained for the full period to meet those obligations even where other data is erased.
9. Your Rights
Under the PDPA, you have the right to:
- Access the personal data we hold about you.
- Correct data that is inaccurate or incomplete.
- Request early deletion of your data before the standard 10-year retention period ends. We will comply unless we are legally required to retain specific records (e.g. financial/tax obligations).
- Withdraw consent at any time where processing is based on consent (for example, analytics).
- Object to certain processing of your data.
To exercise any of these rights, contact our DPO at binal@knotshare.com. We will respond within the timeframe required by the PDPA. If you are not satisfied with our response, you may lodge a complaint with the Data Protection Authority of Sri Lanka.
For questions regarding this Privacy Policy, please contact us at support@knotshare.com