Comprehensive Privacy Policy

Last Updated: February 21, 2026

1.1 Introduction and Scope

EventLK ("the Platform") is a smart event management system. This policy outlines our commitment to the Sri Lanka Personal Data Protection Act (PDPA) No. 9 of 2022 and international data standards. It applies to all data collected through our Android application, web interface, and backend services.

1.2 Information Collection and Origin

User-Provided Data: This includes registration details (name, verified email, phone number) and event-specific parameters (budget constraints, headcount, event nature, and aesthetic preferences).

Automatically Collected Data: We collect metadata including device identifiers, IP addresses, and interaction logs (e.g., which venue suggestions were clicked) to refine our recommendation engine.

Financial Data Persistence: We store expense logs and budget allocations locally and on our cloud servers. We do not process or store raw payment card data; all transactions are routed through encrypted, PCI-DSS compliant third-party gateways.

1.3 Algorithmic Processing and Machine Learning

EventLK utilizes automated processing to enhance the planning experience:

Predictive Modeling: We use XGBoost and Random Forest classifiers to analyze historical data trends. These models predict venue suitability and budget distributions based on user inputs.

Human Intervention: Users have the right to contest or override any automated suggestion provided by the AI. The models are assistive, not deterministic.

Data Minimization: We apply "feature selection" to ensure our models only process the minimum data points necessary to generate an accurate prediction.

1.4 Data Retention and Deletion

Data is retained only as long as the user account remains active. Upon a "Delete Account" request, all personally identifiable information (PII) is purged from our production databases within 30 days, though anonymized event metrics may be retained to improve global ML model accuracy.