Privacy Policy
Last updated: 7 June 2026
Your privacy matters to us. This policy explains exactly what data we collect, why we collect it, and how we protect it when you use BestRate.lk.
1. Introduction
BestRate.lk ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use BestRate.lk and its tools — FundaBoard and Best Loan. By using our Service, you consent to the data practices described in this policy. If you do not agree, please do not use the Service.
2. Information We Collect
We collect the following categories of information: • Registration data — When you create an account, we collect your full name and email address. • Usage data — Pages visited, features used, search queries, filters applied, and interaction logs. This helps us improve the Service. • Device and technical data — Browser type, operating system, IP address (anonymised), and referring URLs, collected automatically through standard server logs. • AI conversation data — If you use Benjamin (our AI analyst), your queries are processed via Google AI's API. We do not permanently store conversation history beyond the active session.
3. How We Use Your Information
We use your information to: • Provide, operate, and maintain the Service. • Authenticate your identity and manage your account. • Personalise your experience (e.g., saved preferences). • Send service-related communications (e.g., account confirmation, security alerts). We do not send unsolicited marketing emails. • Analyse usage patterns to improve platform performance and add new features. • Comply with legal obligations. We do not sell, rent, or trade your personal data to third parties for marketing purposes.
4. Data Storage & Security
Your data is stored securely using Supabase infrastructure, hosted on AWS. We implement industry-standard security measures including: • Encryption at rest and in transit (TLS/HTTPS). • Row-level security policies on all database tables. • Access controls limiting data access to authorised personnel only. While we take all reasonable precautions, no method of internet transmission or electronic storage is 100% secure. We encourage you to use a strong, unique password for your account.
5. Cookies
We use a minimal set of essential cookies required for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics cookies. For full details of the cookies we use, please refer to our Cookie Policy.
6. Third-Party Services
BestRate.lk uses the following third-party services: • Supabase — Authentication and database services. Your account credentials and stored preferences are managed through Supabase. See supabase.com/privacy. • Google AI (Gemini) — Powers the Benjamin AI analyst. Queries you submit to Benjamin are processed by Google's API in accordance with Google's privacy practices. See ai.google.dev. • Vercel — Our hosting provider. Standard server logs may be processed by Vercel. See vercel.com/legal/privacy-policy. We have no control over, and assume no responsibility for, the privacy practices of these third-party services.
7. Your Rights
Subject to applicable law, you have the following rights regarding your personal data: • Access — Request a copy of the personal data we hold about you. • Rectification — Request correction of inaccurate or incomplete data. • Erasure — Request deletion of your personal data ("right to be forgotten"). • Restriction — Request that we restrict processing of your data in certain circumstances. • Portability — Request your data in a structured, machine-readable format. To exercise any of these rights, please contact us through the platform. We will respond within 30 days.
8. Data Retention
We retain your account data for as long as your account remains active. If you delete your account or request erasure, we will delete your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention records).
9. Children's Privacy
BestRate.lk is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us and we will promptly delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or a prominent notice on the platform. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the revised policy.
11. Contact Us
For privacy-related questions, requests, or concerns, please contact us through the support channel available on BestRate.lk. We take all privacy inquiries seriously and will respond promptly.