Privacy Policy
Last updated: 27 April 2026
This Privacy Policy explains how DN Universal Holdings (Private) Limited ("we", "us") collects, uses, and protects your personal information when you use LifeDesk ("Service"). We are committed to protecting your privacy and complying with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and Sri Lanka's Personal Data Protection Act 2022.
1. Data We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email, password (hashed), timezone | Account creation, login |
| Subscription data | Plan tier, payment status, transaction IDs | Billing, support |
| User content | Notes, tasks, habits, expenses, documents you upload | Providing the Service |
| Usage data | Pages visited, features used, error logs | Improving the product |
| Device data | Browser type, OS, IP address (anonymised) | Security, troubleshooting |
| Email content (optional) | Email threads if you connect Gmail/Outlook | AI inbox features (only when you enable) |
2. How We Use Your Data
- To provide, maintain, and improve LifeDesk
- To process payments and send transactional emails (receipts, password resets)
- To respond to support requests
- To send product updates and important notices (you can opt out of marketing communications)
- To detect and prevent fraud or abuse
- To comply with legal obligations
3. Legal Bases for Processing (GDPR)
- Contract: To deliver the service you've subscribed to
- Legitimate interests: To improve the product and prevent abuse
- Consent: For optional features such as Gmail integration and marketing emails
- Legal obligation: To comply with tax, accounting, and other legal duties
4. AI Processing
When you use AI features (Morning Briefing, Email Drafts, Budget Analysis, Quick Capture), the relevant snippets of your data are sent to our AI provider, Anthropic (provider of Claude), strictly for the purpose of generating the requested output. Anthropic does not retain or use this data to train models. Read Anthropic's privacy policy at anthropic.com/legal/privacy.
5. Sub-processors
We use trusted third-party providers (sub-processors) to deliver LifeDesk:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, storage | EU / Singapore |
| Vercel | Web hosting, serverless functions | Global |
| Anthropic | AI processing | USA |
| PayPal | International payment processing | USA / Global |
| PayHere | Local and USD payment processing | Sri Lanka |
| Resend | Transactional email delivery | USA |
| Google (optional) | OAuth, Gmail integration (only if you connect) | Global |
6. Data Retention
We retain your data for as long as your account is active. If you delete your account, your personal data and content are permanently deleted within 30 days, except where we are required by law to retain it (e.g. invoices for tax purposes — typically 7 years).
7. Your Rights
You have the right to:
- Access: request a copy of the personal data we hold about you
- Rectify: correct inaccurate or incomplete data
- Erase: request deletion of your data ("right to be forgotten")
- Restrict / object: limit or object to certain processing
- Portability: receive your data in a structured, machine-readable format
- Withdraw consent: at any time, where processing is based on consent
- Lodge a complaint: with a data protection supervisory authority
To exercise any of these rights, email us at support@dilanniroshana.com.
8. Security
We use industry-standard security measures, including TLS encryption in transit, encryption at rest, role-level access controls, and regular security audits. While no system is 100% secure, we work to protect your data against unauthorised access, alteration, or disclosure.
9. International Transfers
Your data may be transferred to and processed in countries other than your own. Where we transfer data outside the EU/UK/EEA, we rely on Standard Contractual Clauses or other appropriate safeguards.
10. Children's Privacy
LifeDesk is not intended for children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with data, please contact us so we can delete it.
11. Cookies
We use only strictly necessary cookies (for authentication and session management). We do not use advertising or third-party tracking cookies on the LifeDesk web application.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The most current version will always be posted at this URL. We will notify users of material changes via email at least 30 days before they take effect.
13. Contact & Data Controller
The data controller for the purposes of GDPR is:
DN Universal Holdings (Private) Limited
Negombo, Sri Lanka
Email: support@dilanniroshana.com
Support: support@dilanniroshana.com