This Privacy Policy describes how The Aisle Collectives (βweβ, βusβ, βourβ) collects, uses, and shares information about you when you use our website, mobile-optimised services, and related features (the βServiceβ). By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information You Provide
- Account details: name, email address, password (stored as a salted hash), phone number, and role (couple, vendor, or admin).
- Couple profile:wedding date, venue city, estimated guest count, budget, partner's name, optional demographic preferences (ethnicity, religion, age group, wedding type), and planning data you add (guest list, seating arrangements, budget entries, vendor enquiries).
- Vendor profile: business name, category, description, service areas, pricing, portfolio images, availability, and bundles.
- Communications: messages exchanged with other users through the in-app messaging feature, and any correspondence with our support team.
- Payment information: billing name and address, order references, and transaction amounts. For platform fees (Couple Premium upgrades and Vendor subscriptions), card numbers and CVV are handled directly by our payment processors β PayHere β and are never stored on our servers. All payments, including booking payments between Couples and Vendors, are processed through PayHere. Vendor bank account details are stored on our servers for payout processing; sensitive fields such as account numbers are encrypted at rest.
1.2 Information Collected Automatically
- Usage data: pages visited, actions taken, referring URLs, and timestamps.
- Device and technical data: IP address, browser type, operating system, and screen resolution.
- Cookies and similar technologies: used to keep you signed in, remember your preferences, and understand how the Service is used.
2. How We Use Your Information
- To create and operate your account and deliver the Service.
- To match couples with vendors, facilitate enquiries and bookings, and process payments.
- To send transactional emails (receipts, booking updates, password resets).
- To improve the Service, diagnose technical issues, and prevent fraud or abuse.
- To comply with legal obligations and enforce our Terms & Conditions.
- With your separate consent, to send marketing communications you can opt out of at any time.
3. How We Share Information
We share information only in the following circumstances:
- Between couples and vendors: when you send an enquiry, message, or booking, the relevant contact and wedding details are shared with the other party.
- Service providers: we use trusted third parties to help run the Service, including:
- PayHere β payment processing for Couple Premium one-time upgrades and Vendor monthly subscription fees. PayHere is a PCI-DSS Level 1 certified payment gateway authorised by the Central Bank of Sri Lanka. Card and account details are handled directly by PayHere and are never transmitted to or stored on our servers. PayHere processes payments under their Terms & Conditions. Information shared with PayHere includes your name, email address, order reference, and payment amount.
- Nations Trust Bank β vendor payout processing via bank transfer. Vendor bank account details (account number, branch, and account holder name) are stored on our servers for payout processing; sensitive fields such as account numbers are encrypted at rest.
- Supabase β database hosting (data stored on AWS infrastructure in the Asia-Pacific Southeast region).
- Email delivery providers for transactional and support emails.
- Legal and safety: where required by law, court order, or to protect the rights, property, or safety of users or the public.
- Business transfers: in the event of a merger, acquisition, or sale of assets, user information may be transferred, with notice to affected users.
We do not sell your personal information to third parties for advertising.
4. Data Retention
We retain your information for as long as your account is active. If you close your account, we delete or anonymise your personal information within 90 days, except where we're required to retain it for legal, tax, accounting, or fraud-prevention purposes.
5. Security
We use reasonable technical and organisational measures to protect your information, including HTTPS encryption in transit, hashed passwords, access controls, and regular security reviews. No online service can guarantee absolute security; you're responsible for keeping your account password confidential.
6. Your Rights
You can:
- Access or update your profile from the dashboard.
- Request a copy of the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your account and associated data.
- Withdraw consent to marketing communications at any time.
To exercise these rights, email privacy@theaislecollective.lk. We'll respond within 30 days.
7. Children
The Service is not intended for users under 18. We do not knowingly collect information from anyone under 18. If you believe a child has provided us with personal information, please contact us and we'll delete it.
8. International Transfers
Our hosting infrastructure is located in the Asia-Pacific region. By using the Service, you consent to your information being processed in jurisdictions outside your country of residence, which may have different data-protection laws.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified by email or by a prominent notice on the Service. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
10. Contact
Questions about this Privacy Policy or your data? Email privacy@theaislecollective.lk or visit our Contact page.
