Modett

Legal

Privacy Policy

Last updated: March 2026

01

Introduction

Modett is a premium fashion brand owned and operated by [Company Name], incorporated in Sri Lanka. Registered address: [Address], Colombo, Sri Lanka. Contact email: privacy@modett.com

This Privacy Policy explains how we collect, use, store and protect your personal data when you use modett.com ("the Website"). It applies to all visitors, customers and account holders, including those in Sri Lanka and Singapore.

By using our Website, you agree to the practices described in this policy. If you do not agree, please do not use the Website.

We comply with:

  • Sri Lanka Personal Data Protection Act No. 9 of 2022 (PDPA LK)
  • Singapore Personal Data Protection Act 2012 (PDPA SG)
02

Information We Collect

We collect the following categories of personal information:

Account information (when you register)

  • Full name
  • Email address
  • Password (stored as a one-way encrypted hash — we cannot read it)
  • Newsletter subscription preference

Order information (when you place an order)

  • Billing and shipping address
  • Phone number
  • Order history and items purchased
  • Payment status (we do not store card numbers — see Section 5)

Automatically collected (when you use the Website)

  • Country and currency detected from your IP address (via Cloudflare geo-detection — we do not store raw IP addresses)
  • Session cookies to keep you logged in and maintain your cart
  • Cart contents (temporarily stored until checkout or expiry)
  • Browser type and device type (for technical optimisation only)

Optional (when you choose to provide)

  • Product reviews and ratings
  • Wishlist items
  • Gift messages on orders
03

How We Use Your Information

We use your personal data only for legitimate purposes:

  • Processing and fulfilling your orders
  • Sending order confirmation and shipping updates by email
  • Managing your loyalty points balance and tier status
  • Sending newsletters and promotions (only if you opted in, and you can unsubscribe at any time)
  • Improving our Website and product catalogue
  • Detecting and preventing fraud and unauthorised access
  • Complying with legal obligations in Sri Lanka and Singapore
  • Responding to customer service enquiries

We do not use your data for automated decision-making or profiling that produces legal effects.

04

Cookies and Tracking

We use the following cookies. We do not use advertising or third-party tracking cookies.

Essential cookies (cannot be disabled — required for the site to work)

  • sid: your login session (expires after 24 hours or 30 days if you selected "Remember me")
  • cid: your shopping cart session (expires after 21 days)
  • country: your detected country for currency selection (expires after 30 days)
  • currency: your preferred currency (expires after 30 days)

Analytics

  • We use Cloudflare Web Analytics which is privacy-first, cookie-free, and does not track individual users.
  • We use Vercel Analytics for technical performance monitoring.

We do not use Google Analytics, Meta Pixel, or any advertising network cookies.

05

Payment Processing

Your card details are never stored on Modett's servers. All payment processing is handled by PAYable, a licensed payment gateway regulated by the Central Bank of Sri Lanka.

When you pay by card, you are redirected to PAYable's secure payment page. Modett receives only:

  • Whether the payment succeeded or failed
  • The transaction reference number
  • The masked card number (e.g. **** **** **** 1234) for your receipt

PAYable's privacy policy applies to the data you enter on their payment page: https://payable.lk/privacy

We accept Visa and Mastercard credit and debit cards. Payments are processed in Sri Lankan Rupees (LKR).

06

Data Storage and Security

Your data is stored on secure servers provided by:

  • Railway (database and API servers — United States)
  • Cloudflare R2 (product images — global CDN)
  • Vercel (website hosting — global edge network)

We protect your data with:

  • HTTPS encryption on all connections
  • Passwords stored as bcrypt hashes (irreversible encryption)
  • Session tokens stored in Redis with automatic expiry
  • Database access restricted to authorised application only
  • Cloudflare Web Application Firewall (WAF) and DDoS protection

We retain your personal data for as long as your account is active. If you delete your account, your personal data is permanently deleted within 30 days, except for:

  • Order records (retained for 7 years for tax/legal compliance)
  • Anonymised analytics data
07

Sharing Your Information

We do not sell, rent or trade your personal data.

We share data only with the service providers necessary to operate our business:

  • PAYable (payment processing)
  • Railway (database hosting)
  • Vercel (website hosting)
  • Cloudflare (CDN, security, image storage)
  • Courier/delivery partners (your name, phone and address for order delivery — shared only when your order ships)

All service providers are bound by data processing agreements. We do not share data with advertisers or data brokers.

We may disclose your data if required by law, court order, or to protect the rights and safety of Modett and its customers.

08

Your Rights

Under the Sri Lanka PDPA (No. 9 of 2022)

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your personal data ("right to erasure")
  • Withdraw consent for marketing communications at any time
  • Lodge a complaint with the Data Protection Authority of Sri Lanka

Under the Singapore PDPA 2012

You have the right to:

  • Request access to your personal data
  • Request correction of your personal data
  • Withdraw consent for collection, use or disclosure of your personal data (note: withdrawal may affect our ability to provide services to you)
  • Lodge a complaint with the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg

To exercise any of these rights, contact us at privacy@modett.com. We will respond within 30 days.

09

Children's Privacy

Our Website is not intended for children under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us at privacy@modett.com and we will delete it immediately.

10

Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify registered customers by email and update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

Continued use of the Website after changes are posted constitutes acceptance of the updated policy.

11

Contact Us

If you have questions about this Privacy Policy or how we handle your personal data, please contact:

Modett Privacy TeamEmail: privacy@modett.comAddress: [Company Address], Colombo, Sri LankaResponse time: Within 30 days

For Singapore customers, you may also contact the Personal Data Protection Commission: www.pdpc.gov.sg | Tel: 1800-CALL-PDPC