Privacy Policy
Last updated: 4 July 2026
Digit Portal is operated by the Digital Trust Alliance, a non-profit organisation based in Sri Lanka. We are committed to protecting your privacy and handling your personal data responsibly, in line with Sri Lanka’s Personal Data Protection Act No. 9 of 2022 (PDPA) and, where applicable, the EU General Data Protection Regulation (GDPR).
1. Data We Collect
We collect only the data needed to operate Digit Portal and support the causes and communities we serve:
- Account details — your name, email address, and password (stored in encrypted form) when you register.
- Profile information — any optional details you choose to add, such as a photo or biography.
- Activity data — the causes you support, events you join, and volunteering you sign up for.
- Contribution records — the amount and status of contributions. Payment card details are handled by our payment providers and are never stored on our servers.
- Technical data — limited log data such as your IP address and browser type, used to keep the platform secure.
2. How We Use Your Data
We use your personal data to:
- Create and manage your account and authenticate your sessions.
- Process and record your contributions and volunteering.
- Communicate essential updates about causes and activity you engage with.
- Maintain the security, integrity, and reliability of the platform.
- Comply with our legal and regulatory obligations in Sri Lanka.
We do not sell your personal data, and we do not use it for third-party advertising.
3. Cookies
Digit Portal uses only essential cookies required to keep you signed in and to protect your session. We do not use marketing, advertising, or third-party tracking cookies. For full details, see our Cookie Policy.
4. Data Retention
We keep your personal data only for as long as your account is active or as needed to provide our services. When you delete your account, we remove or anonymise your personal data within a reasonable period, except where we are required to retain certain records (such as contribution receipts) to meet legal, accounting, or regulatory obligations.
5. Your Rights
Under the PDPA and, where applicable, the GDPR, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request erasure of your data (the “right to be forgotten”).
- Object to or restrict certain processing of your data.
- Request a copy of your data in a portable format.
- Withdraw consent at any time, where processing is based on consent.
To exercise any of these rights, please contact us using the details below. You also have the right to lodge a complaint with Sri Lanka’s Data Protection Authority.
6. Data Security
We use appropriate technical and organisational measures, including encryption in transit and access controls, to protect your data against unauthorised access, loss, or misuse. No system is perfectly secure, but we work continuously to safeguard your information.
7. Contact Us
For any privacy questions or to exercise your rights, contact our privacy team at privacy@digitaltrust.lk.
