Privacy Policy

Last updated: 12 May 2026

This Privacy Policy explains how Zorix (Pvt) Ltd ("Zorix", "we", "us", "our") collects, uses, stores and protects personal information when you visit zorix.lk, contact us, or use any product or service we operate — including the Foodiez platform (foodiez.lk).

Zorix (Pvt) Ltd is a private limited company registered in Sri Lanka. We are the data controller for personal information processed through this website and the products we operate directly.

1. What we collect

1.1 Information you give us

• Contact data — name, email address, phone number, company, and the content of any message — when you fill in a form, email us, or message us on WhatsApp.
• Account data — when you create an account on a product we operate (e.g. Foodiez), we collect your phone number, name, email (optional), and any profile fields you provide.
• Transaction data — for paid products, we collect order details, delivery / pickup addresses, payment method, and amount. We do not store full card numbers. Card payments are processed by our payment provider, PayHere, who is a PCI-DSS compliant processor.
• Vendor data (Foodiez) — for vendors using Foodiez, we collect business registration details, bank account information for payouts, and uploaded supporting documents (e.g. bank statements, registration certificates).

1.2 Information collected automatically

• Device and browser data — IP address, browser type, OS, and approximate location (city-level) for security and analytics.
• Usage data — pages viewed, clicks, session duration, referring URL.
• Cookies and similar technologies — see our Cookie Policy for details.

1.3 Information from third parties

• Google Sign-In — if you sign in to a Zorix product using Google, we receive your name, email, and profile photo from Google.
• WhatsApp — when you authenticate via WhatsApp OTP, we receive the phone number you've authorised us to message.
• Payment processor — PayHere provides us with transaction outcomes, payment method type, and partial card information (last four digits) for reconciliation.

2. How we use it

• To provide, operate and improve our website and products.
• To authenticate accounts (e.g. via one-time WhatsApp or email codes).
• To process orders, payments, refunds and vendor payouts.
• To send transactional messages — order confirmations, status updates, payout notifications — over WhatsApp, email, push notification or SMS, as you have configured.
• To respond to your enquiries and provide customer support.
• To comply with legal obligations under Sri Lankan law, including tax and anti-fraud requirements.
• To detect, investigate and prevent fraud, abuse, and security incidents.

3. Legal basis for processing

We process your personal information on one or more of the following bases:

• Performance of a contract — when processing is needed to provide a product or service you have requested.
• Legitimate interests — for security, fraud prevention, and improving our services, where this does not override your rights.
• Consent — for non-essential cookies, marketing communications, and similar uses; you may withdraw consent at any time.
• Legal obligation — where required by law, regulation, or court order.

4. Sharing your information

We do not sell your personal information. We share it only with:

• Service providers who help us operate our products — payment processors (PayHere), cloud infrastructure, email delivery, push notification services, and WhatsApp messaging providers. Each is bound by appropriate contractual confidentiality and security obligations.
• Vendors and partners on Foodiez and similar marketplaces — only the order data necessary to fulfil the transaction (your name, delivery / pickup details, and order items).
• Authorities when required by law, regulation, valid court order, or to protect the rights, safety and property of Zorix, our users, or the public.
• Successor entities in the event of a merger, acquisition, or sale of assets — with notice to you where required by law.

5. International transfers

Some of our service providers (e.g. Google Cloud, Firebase, Meta WhatsApp Cloud API) may store or process data outside Sri Lanka. Where this happens, we rely on industry-standard contractual safeguards and ensure the providers offer protections equivalent to those required in Sri Lanka.

6. How long we keep it

We retain personal information only as long as we need it for the purpose for which it was collected, or as required by law. Typical retention periods:

• Account data — for as long as your account is active, plus up to 12 months after closure.
• Transaction records — at least 7 years, to comply with Sri Lankan accounting and tax law.
• Support correspondence — up to 3 years after the last interaction.
• Marketing data — until you unsubscribe or withdraw consent.

7. Security

We use encryption in transit (HTTPS), encryption at rest for sensitive fields, role-based access control, and regular software updates. Despite our efforts, no method of transmission or storage is 100% secure. If we become aware of a personal data breach affecting you, we will notify you and the relevant authorities as required by law.

8. Your rights

You have the right to:

• Request access to the personal information we hold about you.
• Request correction of information that is inaccurate or incomplete.
• Request deletion of your information, subject to legal retention requirements.
• Object to or restrict certain processing, including direct marketing.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with the relevant data protection authority in Sri Lanka.

To exercise any of these rights, email admin@zorix.lk. We aim to respond within 30 days.

9. Children

Our products are not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have, please contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent change. Material changes will be communicated through our website or directly to registered users.

11. Contact

For any privacy-related question or request:

• Email: admin@zorix.lk
• Postal address: Zorix (Pvt) Ltd, Marawila, Sri Lanka