Privacy Policy

1. Data Controller

Similarfy.com is the data controller responsible for your personal data. For any privacy-related enquiries, please contact us at privacy@similarfy.com.

2. Information We Collect

We collect the following categories of personal data:

  • Account Data: Name, email address, and hashed password when you register.
  • Document Data: Files you upload for plagiarism analysis. Document content is processed temporarily and is not retained after report generation is complete.
  • Transaction Data: Subscription history, pricing plan purchases, and payment slip uploads (stored securely in encrypted cloud storage).
  • Usage Data: Log data including IP addresses, browser type, pages visited, timestamps, and feature usage for security and performance monitoring.
  • Communication Data: Emails and messages you send to our support team.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To create and manage your account.
  • To process document submissions and generate plagiarism/AI-detection reports.
  • To process payment orders and send transaction confirmations.
  • To send transactional emails including report completion notifications and invoices.
  • To provide customer support and respond to your enquiries.
  • To detect, investigate, and prevent fraud, abuse, and security incidents.
  • To comply with our legal obligations.
  • To improve our platform through aggregated, anonymised analytics.

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract performance: Processing necessary to provide the services you requested.
  • Legitimate interests: Security monitoring, fraud prevention, and platform improvement.
  • Legal obligation: Compliance with applicable laws and regulations.
  • Consent: Marketing communications, where applicable (you may withdraw consent at any time).

5. Document Data and Retention

We understand that the documents you upload may be sensitive academic materials. We take the following measures to protect them:

  • Uploaded documents are encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Document content is processed in isolated environments and is not retained after report generation is complete.
  • Report PDFs are stored securely and are accessible only to you. Reports expire and are automatically deleted after 90 days.
  • We do not use your uploaded documents to train AI models or share them with third parties.

6. Data Retention

We retain personal data for as long as necessary for the purposes outlined in this policy:

  • Account data: Until account deletion or 3 years of inactivity, whichever is earlier.
  • Transaction records: 7 years to comply with financial regulatory requirements.
  • Report PDFs: 90 days from generation.
  • Document content: Deleted immediately after report generation.
  • Server logs: 90 days.

7. Sharing Your Data

We do not sell your personal data. We may share it with:

  • Cloud infrastructure providers (e.g., Cloudflare R2 for file storage) under data processing agreements.
  • Email service providers to deliver transactional emails on our behalf.
  • Law enforcement or regulators where required by applicable law in Sri Lanka.
  • All third-party processors are contractually bound to process data only on our instructions.

8. Cookies and Tracking

We use strictly necessary cookies to maintain your login session and ensure platform security. We do not use advertising or third-party tracking cookies. For full details, see our Cookie Policy.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Right to access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to restriction: Request that we limit processing of your data.
  • Right to portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw consent at any time where processing is consent-based.

To exercise any of these rights, email us at privacy@similarfy.com with your request. We will respond within 30 days.

10. Security

We implement industry-standard technical and organisational security measures including TLS 1.3 encryption, AES-256 data-at-rest encryption, bcrypt password hashing, JWT-based session management with short expiry times, and regular security reviews. We are SOC2 Type II certified and ISO 27001 aligned.

11. International Transfers

Our primary data processing occurs within Sri Lanka. Where data is transferred internationally (e.g., for cloud storage), we ensure adequate protections are in place including standard contractual clauses and data processing agreements.

12. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@similarfy.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or through a notice on our platform. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Similarfy.com — Data Privacy Team

Email: privacy@similarfy.com

Address: Colombo, Sri Lanka