Privacy Policy

Hashnate Software Engineering (Pvt) Ltd is committed to protecting the privacy and security of personal information we collect through our website, services, and business operations. This Privacy Policy explains what data we collect, why we collect it, how we use and protect it, and the rights you hold over your information.

This Policy is aligned with the Personal Data Protection Act No. 9 of 2022 of Sri Lanka (PDPA) and applicable international data protection principles.

  • 1. Who We Are
  • 2. Data We Collect
  • 3. Legal Basis for Processing
  • 4. How We Use Your Data
  • 5. Cookies and Tracking Technologies
  • 6. Data Sharing and Disclosure
  • 7. International Data Transfers
  • 8. Data Retention
  • 9. Data Security
  • 10. Your Rights Under the PDPA
  • 11. Third-Party Links
  • 12. Children's Privacy
  • 13. Changes to This Policy
  • 14. Contact

1. Who We Are

Hashnate Software Engineering (Pvt) Ltd is a private limited company registered in Sri Lanka, operating at #44, 1/1, Main Street, Kinniya, Trincomalee, Sri Lanka. We are the data controller for personal data collected through our website and service engagements.

Contact for privacy matters: hello@hashnate.com

2. Data We Collect

2.1 Information You Provide Directly
  • Contact form submissions — name, email address, and message content
  • Client onboarding — company name, contact details, billing address, and authorised representatives
  • Course enrolment — name, email, and payment confirmation data
  • Email and live chat communications — content of messages exchanged
2.2 Information Collected Automatically
  • IP address and approximate geographic location
  • Browser type, operating system, and device metadata
  • Pages visited, referral URLs, and time spent on pages (via cookies and analytics tools)
  • Error logs and performance diagnostics
2.3 Project and Engagement Data

In the course of delivering services, we may process personal data included in client systems, databases, or documents. This is handled under the terms of a Data Processing Agreement (DPA) where applicable, and such data is used exclusively to fulfil the contracted service.

3. Legal Basis for Processing

We process personal data on the following legal bases:

  • Contractual necessity — to deliver services you have engaged us to provide
  • Legitimate interests — to operate and improve our website, manage business relationships, and respond to enquiries
  • Consent — for marketing communications and cookies where required by law
  • Legal obligation — to comply with applicable tax, financial, and regulatory requirements

4. How We Use Your Data

We use collected personal data for the following purposes:

  • Responding to enquiries submitted via our contact form or email
  • Delivering, managing, and invoicing contracted services
  • Administering course enrolments and issuing completion certificates
  • Sending project-related communications and updates
  • Improving website usability and content relevance
  • Complying with legal and regulatory obligations
  • Fraud prevention and security monitoring

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance functionality and analyse usage. The categories of cookies used are:

  • Essential cookies — required for core website functionality and session management; cannot be disabled
  • Analytics cookies — used to measure traffic and usage patterns (e.g., Google Analytics); can be disabled
  • Preference cookies — stores user settings and interface preferences

On your first visit, you will be presented with a cookie consent banner. You may update your cookie preferences at any time. Note that disabling non-essential cookies may impact certain features of the website.

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal data. We may share data with:

  • Service providers — third-party vendors who assist in delivering our services (e.g., cloud infrastructure providers, payment processors, email platforms), bound by appropriate data processing agreements
  • Legal authorities — where required by court order, regulatory body, or applicable law
  • Professional advisers — such as legal counsel or auditors under strict confidentiality obligations
  • Business successors — in the event of a merger, acquisition, or sale of business assets, with advance notice provided to affected parties.

Any third-party service providers are selected carefully and are required to implement appropriate security measures consistent with this Policy.

7. International Data Transfers

As a Sri Lanka-based company, your data may be processed on servers located outside Sri Lanka (e.g., cloud services hosted in the US, EU, or Asia-Pacific regions). Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms recognised under the PDPA.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Contact and enquiry records — up to 2 years from last interaction
  • Client project and invoicing data — up to 7 years to comply with financial and tax obligations
  • Website analytics data — up to 26 months
  • Course enrolment records — up to 5 years

Upon expiry of the applicable retention period, data is securely deleted or anonymised.

9. Data Security

We implement technical and organisational security measures appropriate to the nature of the data processed, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest where applicable
  • Access controls and least-privilege principles for internal systems
  • Regular security assessments and vulnerability management
  • Incident response procedures for detecting and responding to data breaches

While we apply industry-standard security practices, no data transmission over the internet can be guaranteed to be 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected parties and relevant authorities in accordance with the PDPA.

10. Your Rights Under the PDPA

Under the Personal Data Protection Act No. 9 of 2022 of Sri Lanka and applicable law, you have the following rights:

  • Right of access — to obtain confirmation of whether we process your personal data and a copy of that data
  • Right to rectification — to request correction of inaccurate or incomplete data
  • Right to erasure — to request deletion of your personal data, subject to legal retention obligations
  • Right to restrict processing — to request that we limit how we use your data in certain circumstances
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing

To exercise any of these rights, contact us at hello@hashnate.com. We will respond within 30 calendar days. We may request verification of your identity before processing the request.

You also have the right to lodge a complaint with the Personal Data Protection Authority of Sri Lanka if you believe your data has been processed unlawfully.

11. Third-Party Links

Our website may contain links to third-party websites or integrated services. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Children's Privacy

Our website and services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will take steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. Material changes will be communicated on our website with an updated effective date. We encourage you to review this Policy periodically.

14. Contact

For privacy-related queries, access requests, or complaints:

Hashnate Software Engineering (Pvt) Ltd

Data Protection Contact: hello@hashnate.com

#44, 1/1, Main Street, Kinniya, Trincomalee, Sri Lanka

Phone: +94 777 140 803

Website: https://hashnate.com