Privacy Policy

Last Updated: April 10, 2026

---

📋 Introduction

Esteem Consultants (Pvt) Ltd (“we,” “us,” “our,” or the “Company”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, request services, or interact with our AI assistant solutions for ERPNext.

Please read this Privacy Policy carefully. By using our website or services, you acknowledge that you have read, understood, and agree to be bound by the terms set forth in this policy.

---

🔒 Information We Collect

1. Information You Provide Directly

We collect personal information that you voluntarily provide to us when:

• Contacting Us: Name, email address, phone number, company name, and message content when you use our contact form or reach out via WhatsApp/email
• Scheduling Consultations: Contact details, availability, and business information for initial consultations
• Using Our Services: ERPNext instance details, business processes, data samples for AI training, and integration requirements
• Subscribing to Updates: Email address for newsletters or service updates (if applicable)

2. Information Collected Automatically

When you visit our website, we automatically collect certain information about your device and browsing activity:

• Device Information: IP address, browser type, operating system, device type
• Usage Data: Pages visited, time spent on pages, referring website, click patterns
• Cookies: Small data files stored on your device to enhance user experience (see Cookies section below)

3. Business Data for AI Services

If you engage our AI assistant services, we may access and process your business data:

• ERPNext database information (with your authorization)
• Business process documentation and workflows
• Historical transaction data for AI training
• Employee roles and permission structures
• Integration credentials for third-party systems

Important: Your business data is used solely to train and operate your custom AI assistant. It is never shared with other clients or used for purposes beyond your engagement.

---

🎯 How We Use Your Information

We use the information we collect for the following purposes:

Service-Related Purposes:

• Respond to Inquiries: Answer your questions, provide quotations, and schedule consultations
• Deliver Services: Develop, deploy, and maintain your custom AI assistant
• Customer Support: Provide technical assistance, troubleshooting, and ongoing support
• Billing: Process payments and send invoices for our services
• Service Improvements: Use feedback and usage data to improve our offerings

Communication Purposes:

• Transaction Communications: Send service updates, maintenance notifications, and important announcements
• Marketing (with consent): Share relevant content, case studies, and promotional offers (you can opt-out anytime)

Legal & Security Purposes:

• Compliance: Meet legal obligations under Sri Lankan law and international regulations
• Security: Protect our systems, detect fraud, and prevent unauthorized access
• Enforcement: Enforce our Terms of Service and protect our rights

---

🔐 How We Protect Your Information

Data Security Measures

We implement industry-standard technical and organizational measures to protect your information:

• Encryption: All data transmitted between you and our systems is encrypted using TLS 1.3 or higher
• Access Controls: Strict role-based access controls limit who can view or process your data
• Secure Infrastructure: We use secure, reputable cloud providers with enterprise-grade security
• Regular Audits: Periodic security assessments and penetration testing
• Data Backups: Regular encrypted backups to prevent data loss
• Employee Training: Staff trained on data protection best practices and confidentiality

Data Minimization

We only collect and retain information that is necessary for providing our services. We do not hoard unnecessary data.

Third-Party Security

When we engage third-party service providers (e.g., cloud hosting, payment processors), we ensure they meet rigorous security standards and sign data protection agreements.

---

👥 Disclosure of Your Information

We do not sell your personal information. We may share your information only in the following circumstances:

With Your Consent

We may share information when you explicitly consent to such sharing.

Service Providers

We engage trusted third-party vendors who process data on our behalf, including:

• Cloud hosting providers (for AI assistant deployment)
• Payment processors (for billing)
• Email service providers (for communications)

Legal Requirements

We may disclose information when required by law, court order, or governmental authority, or to protect our legal rights.

Business Transfers

If we undergo a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.

---

⏱️ Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Retention Periods:

• Contact Inquiries: 2 years from last interaction
• Active Customers: Duration of service + 6 months post-termination
• Billing Records: 7 years (as required by Sri Lankan tax law)
• AI Training Data: Only while service is active; deleted upon termination

You may request deletion of your data at any time, subject to legal retention requirements.

---

🍪 Cookies and Tracking Technologies

Our website uses cookies to enhance your experience:

Types of Cookies We Use:

• Essential Cookies: Required for website functionality (cannot be disabled)
• Analytics Cookies: Help us understand how visitors use our site (anonymous data only)
• Preference Cookies: Remember your settings and preferences

Your Choices:

You can control cookies through your browser settings. However, disabling certain cookies may impact website functionality.

---

🌐 International Data Transfers

Your information may be processed in countries outside your country of residence. We ensure that appropriate safeguards are in place to protect your data, including:

• Standard Contractual Clauses (SCCs)
• GDPR-compliant data transfer mechanisms
• Adequacy decisions by relevant authorities

---

👤 Your Data Protection Rights

Depending on your location, you may have the following rights:

Access:

You can request a copy of the personal information we hold about you.

Correction:

You can request correction of inaccurate or incomplete information.

Deletion:

You can request deletion of your personal information, subject to legal obligations.

Restriction:

You can request restriction of processing in certain circumstances.

Data Portability:

You can receive your data in a structured, machine-readable format.

Objection:

You can object to processing, particularly for marketing purposes.

To Exercise Your Rights:

Contact us at hello@erpnext.lk. We will respond within 30 days of your request.

---

👶 Children’s Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected data from a minor, we will delete it promptly.

---

🔄 Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements.

• We will notify you of material changes by posting the updated policy on our website with a revised “Last Updated” date
• For significant changes affecting existing customers, we may provide direct notice via email
• Continued use of our services after changes constitutes acceptance of the updated policy

---

📞 Contact Us About Privacy

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

---

🏛️ Governing Law

This Privacy Policy is governed by the laws of Sri Lanka. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts of Sri Lanka.