Privacy Policy
Last Updated: October 5, 2025
CSE Investing LK ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and financial information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our stock portfolio management platform.
By using our service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our service.
1. Information We Collect
1.1 Personal Information
Account Information:
- Username (chosen by you)
- Full name
- Password (encrypted and hashed)
- Contact number (optional)
- Email address
- Account creation date
1.2 Financial Information
We collect portfolio and transaction data to provide our services:
- Stock transaction records (buy/sell transactions)
- Stock holdings and quantities
- Transaction dates, prices, and amounts
- Dividend information
- Stock monitoring watchlists
- Realized profits and losses
- Cash balance records
- Payment slip uploads (for subscription payments)
Important: We do NOT collect or store your CDS (Central Depository System) account credentials, bank account passwords, or any external financial account login information.
1.3 Technical Information
- IP address
- Browser type and version
- Device information
- Session data and cookies
- Access logs and timestamps
- Error reports and diagnostic data
1.4 Uploaded Documents
- Payment slips (for subscription verification)
- Transaction statements (if you choose to upload for easier data entry)
2. How We Use Your Information
Service Delivery
- Create and manage your account
- Process and store your stock portfolio data
- Calculate portfolio performance, profits, and analytics
- Generate reports and visualizations
- Send notifications about dividends, subscriptions, and account status
Platform Improvement
- Monitor and analyze platform usage patterns
- Improve user experience and functionality
- Detect and fix bugs and errors
- Develop new features
Security and Compliance
- Authenticate users and prevent unauthorized access
- Detect and prevent fraud and security breaches
- Maintain audit logs for troubleshooting
- Comply with legal obligations
Communication
- Respond to your inquiries and support requests
- Send service-related announcements
- Notify you about subscription expiry and renewals
- Provide system updates and maintenance notifications
3. Data Storage and Security
Data Storage Location
Your data is stored on secure servers. We use industry-standard security measures to protect your information from unauthorized access, alteration, disclosure, or destruction.
Security Measures
- Password Protection: All passwords are encrypted using secure hashing algorithms (bcrypt)
- Secure Sessions: Session-based authentication with automatic timeout
- Database Security: Protected database access with restricted permissions
- Access Controls: Role-based access control to limit data exposure
- Regular Backups: Automated backups to prevent data loss
- File Upload Security: Validation and sanitization of all uploaded files
Important Security Disclosure: While we implement industry-standard security measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you use our service at your own risk. We continuously work to improve our security practices and promptly address any vulnerabilities that are discovered.
For more details on our security practices, please refer to our Data Security Policy.
4. Data Sharing and Disclosure
We Do NOT Sell Your Data
We do not sell, rent, or trade your personal or financial information to third parties for marketing purposes.
Limited Disclosure Scenarios:
- With Your Consent: We may share data when you explicitly authorize us to do so.
- Legal Requirements: We may disclose information if required by law, court order, or government regulation.
- Service Protection: To protect the rights, property, or safety of our service, users, or the public.
- Technical Service Providers: Carefully vetted hosting and infrastructure providers who are bound by confidentiality agreements.
5. Your Rights and Controls
You have full control over your personal data. Your rights include:
Right to Access
You can view all your stored data at any time through your account dashboard.
Right to Update
You can modify your account information and portfolio data at any time.
Right to Delete
You can delete specific transactions, holdings, or your entire account and all associated data.
Right to Export
You can request a copy of your data in a portable format.
Right to Cancel
You can cancel your subscription at any time without penalty.
Right to Withdraw Consent
You can withdraw your consent for data processing by closing your account.
To exercise your rights: Contact us at the email provided in the footer, or use the account management features in your dashboard.
6. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Session Management: Keep you logged in during your session
- Security: Protect against unauthorized access and CSRF attacks
- Preferences: Remember your settings and preferences
- Analytics: Understand how users interact with our platform
Types of Cookies We Use:
- Essential Cookies: Required for authentication and basic functionality
- Functional Cookies: Enhance user experience and remember preferences
- Session Cookies: Temporary cookies that expire when you close your browser
You can control cookies through your browser settings, but disabling essential cookies may affect platform functionality.
7. Data Retention
We retain your data for as long as your account is active or as needed to provide services.
Retention Periods:
- Active Accounts: Data retained indefinitely while account is active
- Inactive Accounts: After 12 months of inactivity, we may send reminders and eventually archive data
- Deleted Accounts: Upon account deletion, data is permanently removed within 30 days
- Backup Copies: May exist in backup systems for up to 90 days
- Legal Requirements: Some data may be retained longer if required by law
8. Third-Party Services
Our platform may use the following third-party services:
- CDN Services: For delivering CSS and JavaScript libraries (Tailwind CSS, Alpine.js, Font Awesome)
- Hosting Provider: For server infrastructure and data storage
These services may have their own privacy policies. We encourage you to review their policies when applicable.
9. Children's Privacy
Our service is intended for users who are 18 years of age or older. We do not knowingly collect personal information from individuals under 18. If you are under 18, please do not use our service or provide any personal information.
If we become aware that we have collected personal information from someone under 18, we will take steps to delete such information promptly.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
Notification of Changes: We will notify you of significant changes by posting a notice on our platform or sending you an email. Continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Contact Information
Service: CSE Investing LK
Email: niroshlk@gmail.com
Developer: Nirosh Ranathunga
We will respond to your inquiry within 5 business days.
Your Consent
By using CSE Investing LK, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.
If you do not agree with this policy, please discontinue use of our service and contact us to delete your account and data.