Privacy Policy

1. Introduction

KDJ Lanka (Pvt) Ltd ("we," "our," or "us") is committed to protecting your privacy and ensuring compliance with international data protection regulations, including the General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications (including KDJ Singlish Android app), browser extensions (KDJ Singlish Chrome Extension), and AI-integrated services (KDJ AI Chat, KDJ Copy, KDJ Shorts).

Please read this Privacy Policy carefully. By accessing or using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

• Register for an account on our website or mobile applications
• Download and use our Chrome extension or mobile apps
• Express interest in obtaining information about us or our products
• Participate in activities on our services
• Contact customer support
• Subscribe to our newsletters or updates

Personal information may include:

• Name and username
• Email address
• Phone number
• Address or location data
• Username and password
• Device identifiers and app installation data

2.2 Mobile Application Data

When you use our KDJ Singlish mobile application, we may collect:

• Device Information: Device type, model, operating system version, unique device identifiers
• App Usage Data: Features used, frequency of use, app performance data
• Microphone Access: Voice input for speech-to-text conversion (processed locally, not stored permanently)
• Storage Access: To save your typed content and preferences locally on your device
• Network Information: For app updates and cloud synchronization features

2.3 Chrome Extension Data

Our KDJ Singlish Chrome Extension may collect:

• Text Input: Text you type for conversion purposes (processed in real-time, not permanently stored)
• Browser Information: Browser version, extension usage patterns
• Preferences: Your typing preferences and settings
• Website Interaction: Which websites you use the extension on (anonymized data only)

2.4 Voice Recognition and AI Processing

For our voice-enabled features and AI services (KDJ AI Chat):

• Voice Data: Audio recordings are processed in real-time for speech recognition and immediately discarded
• Conversation Data: AI chat interactions may be temporarily stored to improve response quality
• Learning Patterns: Anonymized usage patterns to enhance our AI algorithms

2.5 Website Usage Data

We automatically collect certain information when you use our website and services:

• IP address and geolocation data
• Browser type, version, and language preferences
• Pages visited, time spent, and navigation patterns
• Referring source and exit pages
• Device information (screen resolution, time zone)
• Cookies and similar tracking technologies

2.6 User Content

Our applications process text you input for translation, conversion, and coding purposes. While we may temporarily process this content to provide our services, we implement the following practices:

• Text inputs are processed in real-time and not permanently stored unless you explicitly save them
• Saved content is associated with your account and can be deleted at any time
• Temporary processing data is automatically purged within 24-48 hours
• We do not access or review your content unless required for technical support or legal compliance

3. How We Use Your Information

We use the information we collect for various lawful purposes, including:

3.1 Service Provision and Improvement

• Provide, operate, and maintain our website, mobile apps, and browser extensions
• Process your text inputs and provide translation/conversion services
• Synchronize your data across multiple devices (when enabled)
• Improve, personalize, and expand our services based on usage patterns
• Develop new products, services, features, and functionality

3.2 Communication and Support

• Communicate with you about updates, security alerts, and technical support
• Respond to your inquiries and provide customer service
• Send you newsletters and promotional content (with your explicit consent)
• Notify you about changes to our services or policies

3.3 Security and Legal Compliance

• Prevent fraud, abuse, and security breaches
• Monitor and analyze usage patterns to identify suspicious activity
• Comply with legal obligations and regulatory requirements
• Protect our rights, property, and safety, as well as that of our users

4. Legal Basis for Processing (GDPR Compliance)

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: For marketing communications and optional features
• Contract: To provide our services and fulfill our obligations to you
• Legitimate Interests: For service improvement, security, and analytics
• Legal Obligation: To comply with applicable laws and regulations

5. Data Retention and Deletion

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

5.1 Retention Periods

• Account Data: Retained while your account is active and for 2 years after account deletion
• Usage Analytics: Anonymized data retained for up to 3 years for statistical analysis
• Text Processing Data: Temporarily stored for 24-48 hours, then automatically deleted
• Voice Data: Processed in real-time and immediately discarded
• Support Communications: Retained for 5 years for quality assurance and legal compliance
• Backup Data: Retained for up to 90 days in encrypted backups, then permanently deleted

5.2 Data Deletion Process

When we no longer need personal information or when you request deletion:

• Active data is immediately removed from production systems
• Backup copies are marked for deletion and purged within 90 days
• Anonymized data that cannot identify you may be retained for statistical purposes
• You will receive confirmation once the deletion process is complete

6. Data Security

We implement comprehensive security measures to protect your personal information:

6.1 Technical Safeguards

• End-to-end encryption for data transmission
• AES-256 encryption for data storage
• Secure HTTPS connections across all services
• Regular security audits and penetration testing
• Multi-factor authentication for administrative access

6.2 Organizational Measures

• Strict access controls and need-to-know basis for employee access
• Regular staff training on data protection and privacy
• Incident response procedures for potential data breaches
• Privacy by design principles in all new developments

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

7. International Data Transfers

As a Sri Lankan company serving users globally through platforms like Google Play Store and Chrome Web Store:

• Your data may be transferred to and processed in countries outside your residence
• We ensure adequate protection through appropriate safeguards and security measures
• Data transfers comply with applicable data protection laws including GDPR
• We use secure cloud infrastructure with data center locations in secure jurisdictions

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

8.1 Types of Cookies We Use

• Essential Cookies: Required for basic website functionality
• Performance Cookies: Help us understand how you use our services
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Google Analytics and similar tools (anonymized data)

8.2 Managing Cookies

You can control cookies through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect the functionality of our services.

9. Third-Party Disclosure and Data Sharing

We may share your information with third parties only in the following specific situations:

9.1 Service Providers

We work with trusted service providers who assist us in:

• Cloud hosting and infrastructure (AWS, Google Cloud)
• Analytics and performance monitoring
• Customer support and communication tools
• Payment processing (if applicable)

9.2 Legal Requirements

• When required by law or legal process
• To protect our rights, property, or safety
• To prevent fraud or security threats
• In connection with a business transfer or acquisition

9.3 What We Never Do

• We never sell your personal data to third parties
• We do not share your content with advertisers
• We do not provide your data to marketing companies
• We do not allow unauthorized access to your information

10. Your Rights Under GDPR

If you are a resident of the European Union or other jurisdictions with similar data protection laws, you have the following rights:

10.1 Individual Rights

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data
• Right to Restrict Processing: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw your consent for specific processing activities

10.2 How to Exercise Your Rights

To exercise these rights, contact us at:

10.3 Account Management

You can also manage your data through your account settings:

• Update your personal information
• Download your data
• Delete your account and associated data
• Manage communication preferences
• Control data sharing settings

11. Children's Privacy

Our services are not intended for individuals under the age of 13. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us immediately.

For users between 13-18 years old, we recommend parental guidance when using our services, especially features involving voice input or AI interactions.

12. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms:

• We will notify relevant supervisory authorities within 72 hours
• Affected users will be informed without undue delay
• We will provide clear information about the nature of the breach and steps taken
• We will offer guidance on how to protect yourself

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• We will post the updated Privacy Policy on this page
• We will update the "Last Updated" date
• For significant changes, we will notify you via email or app notification
• We encourage you to review this Privacy Policy periodically

Your continued use of our services after changes become effective constitutes acceptance of the revised Privacy Policy.