Privacy Policy

1. Scope and Commitment

At invo.lk, we understand that your business data is sensitive. We are committed to protecting the privacy of our merchants and their customers in compliance with the Personal Data Protection Act (PDPA) of Sri Lanka.

2. Data We Collect

• Business Information: Business name, BR number (optional), address, and tax identification details.
• Transaction Data: Sales records, inventory levels, and invoice history generated through the POS system.
• Customer Data: Contact details of your customers added during billing (handled as per your instructions).

3. Data Sovereignty and Storage

Your data is stored securely on enterprise-grade cloud servers (AWS/Google Cloud). We implement End-to-End Encryption (E2EE) for sensitive transaction records, ensuring that only authorized users within your business can access the detailed financial data.

4. Non-Disclosure of Business Data

Our Guarantee: invo.lk does not sell, rent, or trade your business sales data to third-party marketing companies. We only use anonymized, aggregated data to improve system performance and features.

5. User Rights and Deletion

Under the PDPA, you have the right to access, rectify, or request the permanent deletion of your business data. Upon account termination, all your transaction history will be purged from our active databases after a 30-day grace period.

6. Contact for Privacy Matters

If you have any questions regarding your data privacy or want to exercise your rights, please contact our Data Protection Officer at:

privacy@invo.lk