Privacy Policy

Last Updated: January 29, 2025

At Amethyst, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

1. Information We Collect

1.1 Information You Provide

Account Information:

• Full name
• Email address
• Phone number
• Password (encrypted)
• Profile picture (optional)
• Location/address information

Provider Information (for service providers):

• Business name and description
• Professional certifications and licenses
• Identification documents (for verification)
• Bank account details (for payments)
• Service offerings and pricing
• Business addresses

Booking Information:

• Service requests and booking details
• Service location and address
• Scheduled date and time
• Special instructions
• Service PIN
• Payment information

Communication Data:

• Messages between customers and providers
• Customer support communications
• Feedback and reviews

1.2 Information Collected Automatically

Device and Usage Information:

• Device type and model
• Operating system version
• Mobile network information
• IP address
• App usage data and analytics
• Crash reports and error logs

Location Data:

• GPS coordinates (with your permission)
• Approximate location based on IP address
• Location data for service delivery and provider matching

Firebase Authentication Data:

• Firebase user ID
• Authentication tokens
• Login history and session information

1.3 Information from Third Parties

• Payment processing information from payment gateways
• Social media profile information (if you choose to link accounts)
• Background check results for providers (with consent)

2. How We Use Your Information

2.1 To Provide and Improve Our Services

• Create and manage your account
• Process bookings and facilitate service delivery
• Connect customers with appropriate service providers
• Process payments and manage transactions
• Generate and verify Service PINs
• Track punctuality scores for providers
• Send booking confirmations and notifications
• Provide customer support
• Improve and personalize your experience

2.2 For Safety and Security

• Verify provider identities and credentials
• Detect and prevent fraud and abuse
• Monitor platform security
• Enforce our Terms of Service
• Protect against legal liability
• Conduct background checks for providers

2.3 For Communication

• Send important service updates and notifications
• Respond to your inquiries and support requests
• Send promotional offers (with your consent)
• Request feedback and reviews
• Notify you of policy changes

2.4 For Analytics and Research

• Analyze platform usage and performance
• Understand user behavior and preferences
• Conduct research to improve our services
• Generate aggregated, anonymized statistics

3. How We Share Your Information

3.1 With Other Users

Customers can see:

• Provider names and business information
• Provider profile pictures
• Provider ratings and reviews
• Provider service locations
• Provider availability

Providers can see:

• Customer names
• Customer profile pictures
• Service location addresses
• Booking details and special instructions
• Customer phone numbers (for confirmed bookings only)

3.2 With Service Providers

We share information with third-party service providers who help us operate the platform:

• Firebase (Google): Authentication and user management
• Payment Processors: Payment processing and fraud detection
• Cloud Storage: Data storage and hosting
• Analytics Providers: Usage analytics and performance monitoring
• Communication Services: Email and SMS notifications

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.3 For Legal Compliance

We may disclose your information if required by law or in response to:

• Legal processes (subpoenas, court orders)
• Government or regulatory requests
• Protection of our rights and property
• Investigation of fraud or security issues
• Protection of user safety

3.4 Business Transfers

If Amethyst is involved in a merger, acquisition, or sale of assets, your information may be transferred to the new owner, subject to this Privacy Policy.

3.5 With Your Consent

We may share your information for other purposes with your explicit consent.

4. Data Security

We implement appropriate technical and organizational measures to protect your information:

4.1 Technical Safeguards

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Secure password hashing (Firebase Authentication)
• Regular security audits and vulnerability assessments
• Firewall protection and intrusion detection
• Secure API authentication and authorization

4.2 Organizational Safeguards

• Access controls and role-based permissions
• Employee training on data protection
• Confidentiality agreements with staff and contractors
• Incident response procedures
• Regular backups and disaster recovery plans

4.3 Payment Security

• PCI DSS compliance for card payments
• Tokenization of payment information
• Secure payment gateway integration
• We do not store full credit card numbers

5. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Active accounts: Data retained while your account is active
• Deleted accounts: Most data deleted within 30 days; some data retained for legal compliance
• Booking records: Retained for 7 years for financial and legal compliance
• Payment information: Retained as required by financial regulations
• Communications: Retained for customer support and dispute resolution
• Anonymized data: May be retained indefinitely for analytics

6. Your Privacy Rights

6.1 Access and Portability

You have the right to:

• Access your personal information
• Request a copy of your data in a portable format
• View your booking history and account details in the app

6.2 Correction and Updates

You can:

• Update your profile information in the app settings
• Correct inaccurate information
• Request correction of information you cannot edit yourself

6.3 Deletion

You can:

• Delete your account through the app settings
• Request deletion of specific information
• Note: Some information may be retained for legal compliance

6.4 Objection and Restriction

You can:

• Object to certain data processing activities
• Request restriction of processing in specific circumstances
• Opt out of marketing communications

6.5 Location Data

You can:

• Control location permissions through your device settings
• Disable location access at any time
• Note: Some features require location data to function properly

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Maintain your session and keep you logged in
• Remember your preferences
• Analyze app usage and performance
• Provide personalized experiences

Types of cookies we use:

• Essential cookies: Required for platform functionality
• Analytics cookies: Help us understand how you use the platform
• Preference cookies: Remember your settings and preferences

8. Children's Privacy

Amethyst is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover that we have collected information from a child under 18, we will delete it immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@amethyst.lk.

9. International Data Transfers

Your information may be transferred to and processed in countries other than Sri Lanka. When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

10. Third-Party Links and Services

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information to them.

11. Marketing Communications

We may send you promotional emails, push notifications, or SMS messages about:

• New services and features
• Special offers and discounts
• Service provider recommendations
• Platform updates and news

You can opt out of marketing communications by:

• Clicking "unsubscribe" in emails
• Adjusting notification settings in the app
• Contacting us at support@amethyst.lk

Note: You cannot opt out of essential service communications (booking confirmations, security alerts, etc.)

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Post the updated policy on this page
• Update the "Last Updated" date
• Notify you via email or app notification
• Request your consent if required by law

Your continued use of the Platform after changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

14. Right to Lodge a Complaint

If you believe we have not handled your personal information properly, you have the right to lodge a complaint with the relevant data protection authority in Sri Lanka.

15. Privacy Policy Summary

By using Amethyst, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.