Privacy Policy

Iroshan De Zilva LLC ("Company," "we," "us," or "our") is a limited liability company registered in the State of Wyoming. We operate the website iroshandezilva.com (the "Website"), which serves as our portfolio and primary platform for offering UI/UX design, product design, and related digital design services to clients worldwide.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our Website, engage our services, or otherwise interact with us. By accessing or using our Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

We are committed to protecting the privacy and security of all personal data we handle, in compliance with applicable U.S. federal and state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), as well as international regulations such as the General Data Protection Regulation (GDPR) where applicable.

We may collect and process the following categories of personal information depending on how you interact with us:

2.1 Information You Provide Directly

• Contact information: name, email address, phone number, and business name
• Project details: information you share when requesting a quote, submitting a project brief, discussing design requirements, or engaging our UI/UX and product design services
• Communications: contents of emails, messages, and other correspondence you send to us
• Payment and billing information: invoicing details, business address, tax identification numbers (processed through third-party payment providers)
• Newsletter subscriptions: email address and communication preferences

2.2 Information Collected Automatically

• Device information: browser type, operating system, device type, and screen resolution
• Usage data: pages visited, time spent on pages, click patterns, and referral sources
• Network information: IP address, approximate geographic location, and internet service provider
• Cookies and similar technologies: as described in Section 6 of this Policy

2.3 Information from Third Parties

• Analytics providers: aggregated website usage statistics
• Payment processors: transaction confirmation and billing status
• Professional platforms: publicly available business information from LinkedIn or similar networks

2.4 Portfolio and Case Study Information

As a UI/UX and product design portfolio, our Website may feature case studies, project showcases, and testimonials. Any client information displayed publicly in our portfolio (such as company names, project descriptions, or testimonials) is used only with prior written consent or in accordance with the terms of our service agreements. If you are a client and wish to have your information removed from our portfolio, please contact us.

We use the personal information we collect for the following purposes:

• To provide, operate, and maintain our Website, portfolio, and design services
• To process and fulfill service requests, design project contracts, and client engagements
• To send invoices and process payments through our financial service providers
• To communicate with you about design projects, inquiries, proposals, and support requests
• To showcase relevant case studies or portfolio work (only with client consent and in accordance with any non-disclosure agreements)
• To send marketing communications and newsletters (with your consent, where required)
• To analyze Website usage and improve our services, content, and user experience
• To comply with legal obligations, including tax reporting, anti-money laundering, and financial regulations
• To detect, prevent, and address fraud, security issues, or technical problems
• To enforce our terms and conditions and protect our legal rights

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data based on one or more of the following legal grounds:

• Contractual necessity: to perform a contract with you or take pre-contractual steps at your request
• Legitimate interest: to operate and improve our business, provided this does not override your rights
• Consent: where you have given explicit consent for a specific purpose, such as receiving marketing emails
• Legal obligation: to comply with applicable laws and regulations

We may share your personal information with the following categories of third parties, solely for the purposes described in this Policy:

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. All third-party service providers are contractually obligated to handle your data securely and only for the purposes specified in our agreements with them.

Our Website uses cookies and similar tracking technologies to enhance your browsing experience and analyze site performance. The types of cookies we use include:

• Essential cookies: necessary for the Website to function properly, including session management and security features
• Analytics cookies: help us understand how visitors interact with our Website by collecting information about pages visited, time spent, and navigation patterns
• Preference cookies: remember your settings and preferences to provide a personalized experience

You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or alert you when a cookie is being set. Please note that disabling cookies may affect the functionality of certain parts of the Website.

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. Specifically:

• Client project data and contracts: retained for 7 years after the end of the business relationship, in accordance with tax and financial record-keeping obligations
• Payment and transaction records: retained as required by applicable financial regulations and our payment processors (Wise, Mercury)
• Website analytics data: retained in aggregated, anonymized form
• Marketing and communication preferences: retained until you withdraw your consent or unsubscribe
• Contact form submissions: retained for up to 2 years unless a business relationship is established

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Secure, encrypted connections (HTTPS/TLS) for all data transmitted through our Website
• Access controls and authentication for systems that store personal data
• Regular review of data collection, storage, and processing practices
• Use of reputable, security-compliant third-party service providers

While we take reasonable steps to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data.

9.1 Rights for All Users

Regardless of your location, you have the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate or incomplete personal information
• Opt out of marketing communications at any time
• Withdraw consent where processing is based on consent

9.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act), including:

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale or sharing of your personal information (note: we do not sell personal information)
• The right to non-discrimination for exercising your privacy rights
• The right to correct inaccurate personal information
• The right to limit use and disclosure of sensitive personal information

9.3 European Economic Area and UK Residents (GDPR)

If you are located in the EEA or UK, you have additional rights under the GDPR, including:

• The right to data portability
• The right to restrict processing
• The right to erasure ("right to be forgotten")
• The right to object to processing based on legitimate interest
• The right to lodge a complaint with a supervisory authority

To exercise any of these rights, please contact us at the information provided in Section 13 below. We will respond to your request within 30 days (or within the timeframe required by applicable law).

Your personal information may be transferred to and processed in countries other than your country of residence, including the United States and Sri Lanka, where our operations and service providers are based. When we transfer your data internationally, we take appropriate measures to ensure your information is protected in accordance with applicable data protection laws.

We use third-party financial service providers, including Wise (TransferWise Ltd) and Mercury Technologies, Inc., for payment processing, invoicing, and business banking. When processing payments or financial transactions:

• Your payment information is handled directly by these providers under their respective privacy policies
• We may share necessary business information (such as invoice details, business name, and contact information) with these providers to facilitate transactions
• These providers are subject to their own regulatory requirements, including anti-money laundering (AML) and Know Your Customer (KYC) obligations
• We do not store complete payment card numbers, bank account details, or sensitive financial credentials on our systems

For more information about how these providers handle your data, please refer to:

• Wise Privacy Policy: wise.com/legal/privacy-notice-business-en
• Mercury Privacy Policy: mercury.com/legal/privacy

Our Website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a minor, please contact us immediately, and we will take steps to delete such information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Iroshan De Zilva LLC
State of Incorporation: Wyoming, United States
Email: hello@iroshandezilva.com
Website: iroshandezilva.com

For data protection inquiries or to exercise your privacy rights, please email us with the subject line "Privacy Request" and include sufficient detail for us to identify and respond to your request.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When we make material changes, we will update the "Last Updated" date at the top of this Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Your continued use of our Website and services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.